Security appliances have been traditionally considered one of the most effective forms of perimeter security.
Today, security appliances feature amongst the most riskiest enterprise devices and are a preferred method for threat actors to infiltrate a business.
In researching the Common Vulnerabilities and Exposures database or CISA's Known Exploited Vulnerabilities catalog, one immediately discovers a deeply concerning picture, particularly for security appliance manufacturers.
Given how many organizations are understaffed and under-resourced, it's a Herculean task to stay abreast of these vulnerabilities, forget about continuously patching them.
Due to the volume of these potential exploits, security teams have to consciously leave their organizations unduly exposed.
Traditional security architecture is based on a castle and moat concept where security hardware such as firewalls, VPNs, intrusion prevention systems etc.
While operating systems like Windows and macOS have come a long way in making their software updates easy to deploy, the same can't be said for patching or updating hardware appliances.
Security appliances usually serve as critical infrastructure - organizations can scarcely afford to take security offline and security teams must always avoid causing any business disruption.
This is why security hardware such as routers, firewalls, secure web gateways, and IPS appliances are typically updated on weekends or holidays.
Patching security hardware is never seamless; it can lead to unexpected behavior of appliances, lengthy and frustrating troubleshooting, loss of productivity and increased risk of an incident.
Organizations don't just need awareness of these faults, they need to update and patch appliances before hackers can take advantage.
With the computing environment becoming more decentralized and remote working taking center stage, organizations seek security that allows centralized control and visibility over users, applications, devices, data and resources; one that can also support multiple locations.
This is where single-vendor SASE may offer advantages over traditional security hardware.
Convergence: Instead of having multiple security appliances that are siloed and disconnected from each other, single-vendor SASE converges multiple security functions such as a firewall, secure web gateway, IPS, zero-trust network access and data loss prevention, into a single whole.
Patching: In a traditional environment, security teams have to manually identify, physically connect and test multiple security appliances at diverse locations.
In a cloud environment, patching is centrally managed, eliminating the need to patch box-by-box.
SASE can provide CVE mitigation for zero-day vulnerabilities via virtual patching.
Cloud: Most security appliances are designed for on-prem, perimeter security.
This Band-Aid approach offers limited flexibility and makes security more complex than it needs to be.
Many organizations will transition from legacy and disjointed security hardware to cloud-native security technologies, taking note of government directives that have imposed mandates on appliance-based security due to their misconfigurations and rising risk of unpatched vulnerabilities.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 02 Jan 2024 19:43:05 +0000