January 5, 2018
Decade-old network devices lack security-centric capabilities such as image signing, secure boot and hardware trust anchors, which are must-haves to protect against today’s sophisticated security threats.
When it comes to IT buying decisions, the old adage ‘If it’s not broken, don’t fix it,’ is a good rule to follow most of the time—except when it comes to network security decisions. Keeping your network infrastructure updates on the back burner too long could ultimately lead to your business’s demise.
If you fall into the category of saving these important updates for last, you aren’t alone. Cisco Security Research conducted a study of 115,000 Cisco devices on the internet and across customer environments and found that approximately 106,000 devices (92%) had an average of 26 known vulnerabilities in the software they were running.
Device users in finance, healthcare and retail verticals, for example, were using networking software that was more than six years old. Even worse, most of the infrastructures in the study had reached their final day of support, no longer able to be updated.
If you haven’t experienced any major issues with your decade-old networking devices, you probably think that they’re doing their job and working successfully. With constant evolvement in technology, however, aging network devices rarely have the protections necessary to withstand current cyberattacks. Two examples of newer security-centric capabilities include:
- Image signing. Cryptographically signed images help ensure that BIOS, firmware and other software updates are authentic. As the system boots, this signature is checked by an anchor of trust, ensuring the integrity of the system’s software. From the aspects of preventing man-in-the-middle replacements of software and firmware and providing layered protections against the persistence of illicitly modified firmware, this is an exceptionally important tool.
- Secure boot and hardware trust anchors. Secure boot advances image signing by providing increased assurance about the integrity of the hardware and software that are performing image checks and other critical system functions through a combination of immutable, hardware-based anchors of trust. It also ensures that a system’s foundational state and software can’t be modified, regardless of a user’s privilege level.
To protect your business from the latest cyberthreats, it’s important to incorporate modern security defenses as a top priority. For additional security tips and best practices, check out “Cisco’s Guide to Hardening Cisco IOS Devices.” The document, created by Cisco engineers, covers topics such as software patching, credential management, physical security for all network devices, and robust architectural defenses, such as telemetry-based infrastructure device integrity monitoring.
Adam Davis, CEO, Next Dimension Inc