Security and edge networks – what are you looking for?

The average cost of security breaches is on the rise. According to IBM’s Cost of a Data Breach Report for 2024, the average cost reached $4.88 million, which marks a 10 percent increase compared to the previous year. With edge environments under so much threat, ensuring that these environments are secure is essential.

Understanding your edge environment

To deliver this secure edge environment, you must first understand what is in place across the network – what authorised endpoints are present and how they are connected. While this sounds straightforward, implementing it in practice can be quite challenging. Once you have developed this overview, it is essential to maintain its accuracy.

The edge environment is hard to track because of the sheer number of assets that can be attached to the edge network. While network teams may be able to track branch office networks and endpoints, many more types of edge devices have to be considered. From the routers and security devices that protect those networks, there will also be a mix of edge-connected assets such as headless Internet of Things (IoT) devices, operational technology (OT) and industrial control systems (ICS) that also have to be accounted for and kept secure.

These devices are connected so that they can operate effectively and provide data back on their activities. This connectivity is what threat actors are looking to exploit either through a vulnerable edge device or directly where those assets are connected to the Internet. Even if those assets are not vulnerable themselves, they can act as jumping-off points for further exploration of the edge network and potential exploitation opportunities.

Even with a comprehensive view of the entire edge network, you may still be at risk. This is because that network evolves constantly over time in response to business needs. Potential vulnerabilities can creep in through human error and misconfiguration.  Additionally, as the network architecture becomes more complex, managing it can become increasingly difficult. This complexity makes it more likely for human errors to occur at some point.

Seeing your edge network clearly

To keep up with your edge network, you have to know what is currently installed across each environment. After getting that clear picture, you then have to keep it up-to-date and accurate over time. To do this, networking professionals typically rely on multiple techniques to get that data and then piece it together.

Traditional vulnerability management (VM) tools are used to understand the IT assets that are installed, as well as the software that these machines run. However, these VM tools don’t always provide that level of insight into operational technology assets or IoT devices. Sheer distance from central monitoring systems can also make it harder to get an accurate picture as the discovery process can easily break down.

When devices are at the edge, they are easier to overlook, with individual assets through to whole network segments getting missed. Network designs like asymmetric routing and hub-and-spoke topologies can support specific needs, but do regularly lead to those missed assets. Similarly, putting switches into the wrong VLANs can lead to devices not having an IP address in the right segment. This means that those assets don’t respond to a broadcast request due to the mismatch involved.

To complement that data from VM tools, network professionals normally collect data from all the devices on the network. This can be through packet sniffing, looking at flow data, syslog data, or integrating with APIs and agents that are specifically deployed. These approaches work across more than IT assets alone, but this data is also potentially incomplete and can miss edge devices.

While you may have a certain level of visibility of those networks from this data, there is no substitute for periodically going out to the edge and testing in situ, seeing the edge from the edge. This makes it easier to spot rogue endpoints, misconfigured or vulnerable APs, or edge devices that are not accounted for in documentation. At the same time, it also lets you see how the network currently supports those edge devices and inform potential plans for the future. When you find that you actually have 10 or 20 percent more edge devices deployed than you originally thought, it can affect both your security and your future network investment decisions.

With networks seeing more attacks and threat actors always looking for new ways to get inside, edge devices and security should be under constant review. New regulations like the EU’s NIS2 Directive, brought into force in October 2024, put the emphasis on continuous vigilance for potential risks, as well as encouraging more resilient network and security design so that if a breach occurs, it does not lead to a major incident.

For companies that have expansive edge networks and collections of edge devices to consider, keeping these environments secure is a significant undertaking. To make this easier, it is important to understand where you collect your data and how you bring it together for that continuous insight into what is in place. And don’t forget the value of getting close to the edge for testing too; it can validate your efforts and reveal new challenges before they escalate into serious problems.

About the Author

Nathan Collins is Regional Vice President EMEA at NetAlly, a network test and security company. Nathan works with customers and partners to deliver secure networks across wired, wireless and edge environments. Prior to NetAlly, Nathan led sales, customer and channel programmes at a range of technology companies including Commvault, Druva and AvePoint.

Article Topics

cybersecurity  |  edge devices  |  edge network  |  edge security  |  IoT  |  NetAlly  |  network security