A new report from the U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation FBI, along with multiple international partners outlines 22 known exploited vulnerability (KEVs) in legacy VPN systems. These vulnerabilities can be exploited both by cyber criminals and state actors.
The report, co-authored by CISA and FBI, New Zealand’s Government Communications Security Bureau and Computer Emergency Response Team, ( CERT NZ), and the Canadian Centre for Cyber Security, ( CCCS), explains how modern network access solutions such as Zero Trust (SSE), Secure Service Edge, and Secure Access Service Edge, (SASE), can help reduce risk.
The report explains how these solutions can enhance security and highlights the fact that many organizations are replacing legacy VPN solutions with network access solutions as more service shifts to the cloud.
The guide offers best practices to help organizations transition from traditional remote access architectures into the cloud.
-
Implementing network segmentation, Security Orchestration Automation and Response (SOAR) and a centralized management system.
-
Developing and maintaining IT and OT (operational Technology) cybersecurity and automating vulnerability scanning on public-facing enterprise asset.
-
Use high-performance cybersecurity solutions to automate detection of failed login attempts, and regularly backup all systems required for daily operations.
-
Annual mandatory training on basic security concepts such as phishing, password security and other security issues.
Modern Approaches to Network Access Security is the full report that contains the complete list of best practices.
The report states that each organization has unique planning, architecture or adaptation needs. It advises organizations to make an informed decision based on a comprehensive analysis of their needs before selecting a specific solution, taking into consideration how the increased use cloud services have impacted security.