Visibility of exploitable vulnerabilities is critical for ensuring operational resilience and maintaining trust in the security of the network. Yet Omdia’s recent proactive security survey shows there is a disparity between the confidence held in the security posture of network devices and the visibility that current assessment practices provide. This article explores what that means for current levels of exposure, and what Omdia recommends is needed to shut it down.

Levels of confidence in the current security posture of routers, switches and firewalls

Omdia surveyed more than 400 security decision makers to find out why organizations are changing their approach to network security. One notable finding that might be driving the shift was a high confidence in security controls despite current assessment practices that should undermine that confidence. Something that Omdia refers to as: The Confidence and Assessment Paradox 

The research found that organizations are confident in the security capabilities of their routers, switches and firewalls. Respondents were particularly confident in their firewalls, believing them to be reliable in protecting the perimeter and blocking the lateral movement of adversaries in the network.  

In a recent blog on the subject, Omdia determined that heavy investment in network hardware could be at the root of this confidence. Security teams place trust in the device’s inherent security features.  

Yet network breaches are on the rise, with more than 7.2 billion recorded globally in 2023. For instance, the recent Volt Typhoon attack compromised hundreds of critical infrastructure network routers and remained undetected for months using Living off the land (LOTL) tactics, techniques, and procedures (TTP). This alarming trend shows that current practices are not going far enough to protect networking devices.   

A lack of real-time visibility of network vulnerabilities means organisations are carrying unquantified levels of risk. Adversaries like Volt Typhoon can persist for many years, undetected by current assessment practices.  

Measure to manage - Why organizations are embracing proactive security solutions  

Without visibility of attack surface posture, security teams do not have the information needed to proactively secure the network. Omdia’s survey highlighted a distinct lack of visibility over routers, switches and firewalls.  

The findings show that roughly half of organizations only check their firewalls, switches and routers at most, monthly. They are also much more likely to only monitor all devices in critical segments. Or they will simply look at a sample, rather than monitor every device in their networks.   

Assessing devices proactively after every configuration change – especially for critical segments – is an essential practice. Yet according to the survey data, few organizations have put this into practice, with only 5% reporting proactively assessing their firewalls. For switches and routers results are only slightly better, at 8% and 11% respectively.  Perhaps as a result of the recent focus on router vulnerabilities, following the Volt Typhoon attack on US Government. 

Network device configurations are a fundamental component of security posture management. And understanding, in real-time, how devices are exposed to real-world threats, is a critical component of effective risk management.  

A broader range of cybersecurity tools is needed 

The rapid expansion of the modern attack surface coupled with attack innovation and threat proliferation means the shift to proactive security is gathering pace. 

Preventative and reactive tools are not providing vulnerability insights in the timeframe needed for a proactive approach. An approach vital for minimizing the attack surface and improving resilience and readiness. 

However, high-level security decision makers are looking to adopt a new breed of solution. In particular, solutions that identify exploit opportunities and mitigate likely threats before they pose a risk to network security. These solutions prevent breaches, protect devices against the latest threats and ensure compliance requirements are being met. 

Nipper Enterprise – Proactive Risk Management  

Networks can change on a daily basis (typically through planned activity) resulting in configuration drift between audits.   

Failure to remove obsolete commands can be an issue for network operations and administrators. Following modifications, no-longer-needed configurations can lay dormant. These are not always an immediate security threat but can create confusion for administrators managing the network.  

This in turn increases the likelihood of human errors, such as necessary configurations being removed. While activity is not usually malicious, human error occurs and is a component in 68% of network security breaches.  

Validating that firewalls, switches and routers are maintaining a secure configuration, and are not subject to configuration drift – either accidentally or nefariously –helps network security teams to determine an accurate security posture for the network.. Configuration drift monitoring is also a key foundational component of establishing a defendable network and Zero Trust Architecture baselines. 

Nipper Enterprise gives NOC teams the ability to automatically check the CMDB for configuration changes. Then automatically trigger an audit of those changed files and provides a proactive way to assess the impact of configuration drift, as it occurs.   

The solution also provides a view of Zero Trust macro segmentation violations. It automatically maps them to specific MITRE ATT&CK TTPs and KEVs. This can then inform business critical incident response and remediation strategies.  

Reponses to Omdia’s research illustrate a strong desire to improve security posture to improve operational readiness and resilience. Organizations recognize that having confidence in the security capabilities of network devices is not enough. They must proactively maintain visibility of their security posture and build resilience against threats.  

The integration of proactive security tools, including those like Nipper Enterprise that provide proactive configuration security and exposure management automation, will greatly improve visibility of the attack surface and optimize security controls.  

To access the full report, click here.