What on earth is going on in device security?

Just in the last few weeks, there have been an avalanche of disclosed, show-stopper (or even deadly!) vulnerabilities:

• Hackers could create traffic jams thanks to flaw in traffic light controllers
• GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vulnerability
• Port Shadow Attack Allows VPN Traffic Interception, Redirection
• “Nearly all” AT&T customers’ data breached
• ‘Deeply concerning’: AGs in Mass., NH warn residents of unprecedented healthcare data breach
• Vulnerability in Cisco Smart Software Manager lets attackers change any user password
• New OpenSSH Vulnerability Exposes Systems to RCE Attack

Some of the vulnerabilities listed above have more “simple” — though no less damaging — sources, like the traffic light controller with “no authentication on the internet-exposed web interface of the device.”

Others, like the VPN Port Shadow attack, are much more pernicious, in which an attacker connected to a VPN can “…intercept and redirect encrypted traffic, deanonymize a VPN peer, and conduct port scans” with seemingly no possible code fix. In the Cisco vulnerability, unauthenticated remote threat actors can “…change the password of any user, including those of administrators with accounts.”

Even the most optimistic of us in cybersecurity know this trend will accelerate, not slow down.

What CISOs see when they look at their networks

It’s clear that simply reacting to threats is insufficient. No “efficient patching” or endpoint malware detection strategy can fully secure networks when vulnerabilities may have already been exploited for months or years before they become known.

After all, patching and antivirus only treat the symptom — not the root cause.

Imagine a person who never washes their hands complaining to their doctor that they frequently become ill, and the doctor replying that they should just keep antibiotics on hand (endpoint detection) and take them more frequently (patches after the fact).

Of course, we all know the actual root cause and attack surface — dirty hands! And the solution? Tell the patient to take their (literal) attack surface away by washing them!

If this is so obvious in a human context, why, then, does cybersecurity focus so much on reacting to threats rather than removing the attack surface entirely?

All of the vulnerabilities above, exploitable by remote threat actors, are possible because of the attack surface available — open inbound ports for remote connections. No matter how “great” your firewall rules are, software will always have flaws, and new vulnerabilities will inevitably be located and exploited.

It’s time to move beyond this antiquated model.

Xiid’s groundbreaking SealedTunnel™ makes quantum-secure, triple-encrypted remote access possible without ever requiring open inbound ports, taking attack surface away and stopping the root cause of these and future vulnerabilities.

To learn more about SealedTunnel, visit https://www.xiid.com/.