The vital aspect of updating the firmware of your internet-facing appliances and tools

August 1, 2023

Too many organizations have no idea which of their appliances and tools are internet-facing. As a result, they lack oversight in their security status and roll out the red carpet for hackers. We provide an insight into the importance of timely updates and how to safely close open ports (again). 

“Have you executed your updates yet?” may sound like the beginning of one of your IT Manager’s jokes, but it’s very serious. Keeping tools and appliances up to date ensures smooth operations and improves the security status of devices, networks, and organizations as a whole. Holes are plugged, bugs are squashed, and vulnerabilities are eliminated.  

I know, but…

…updates have a bad reputation. Running them is not a fun way to pass the time: people have to interrupt their workflow, close their internet tabs and reopen all the various programs they were using. 

Particularly among less IT-savvy employees, there is the idea that updates serve merely to make a device work better or to change the layout of their familiar program yet again. The result: updates are postponed.  

Yet they are vital: in a reasonably well-secured organization, a hacker has to work his way up. He starts with a phishing attack on an employee to get login credentials. With that, tool by tool, he can gain access to more and more parts of the company network. Or he gets in with a piece of malware and then he has to start exploring the network, mapping data and devices… 

That’s a lot of work for an attacker. In comparison, it’s a lot easier to take advantage of an outdated firewall using an exploit that was disclosed. He then immediately gains access to all devices that are “protected” by the appliance. In other words, whether the firewall is there or not doesn’t matter much anymore. 

The first step: knowing which internet-facing tools and appliances are present

A cyber security manager can never implement an effective security policy if he does not have an overview of all internet-facing assets present. It is amazing how many organizations have no clue about this. Moreover, it is insufficient to create an inventory if it is not regularly updated.  

After all, a corporate network is constantly expanding: new devices are installed, new cloud services are incorporated… Even something as small as a new laptop connecting to a VPN server can carry a critical vulnerability, leading to a large-scale hack. The business area that the internet can touch is always growing.  

Some examples to look for:  

• Firewalls  
• VPN servers
• Apps that enable work from home  
• Apps that enable collaboration with customers or partners  
• Web applications, APIs, SSH servers  
• Cloud services  
• Services that use internet-facing servers 

The second step: update immediately, always

Companies regularly issue vulnerability notices for the appliances they offer. However, firmware updates to fix these vulnerabilities are available before the notice is issued. Vendors wait a while before issuing the notice so that all users have time to run patches, before announcing the news to the world – because then the hacker community wakes up as well. After all, with each vulnerability, they have a chance to take over thousands of devices.  

Waiting to update until these notices are issued may be better than not updating at all, but updating before the news hits the stands is the gold standard for which you should aim. 

How Secutec helps you do this

Secutec closely monitors thousands of cyber security feeds every day—these range from vendor-specific notifications to risk feeds from all the leading cyber security vendors. On a regular basis, we update our customers about the new firmware of appliances we distribute. For critical cases, Secutec even sends out a notification immediately.  

In addition to notifying, Secutec actively works with customers to optimize and update necessary tools and appliances. 

Automated, customized exposure detection

In addition, Secutec also offers an in-depth analysis of your network. SecureSIGHT enables regular mapping of your network’s vulnerabilities. Users receive notifications of issues they need to address, along with a risk score indicating how urgent the problem is.  

In addition to periodic scans, and fingerprinting of open ports and vulnerabilities, SecureSIGHT also provides the ability to monitor leaked data on the Darknet. This way, organizations are always aware of all possible entry routes for hackers.  

Interested in how Secutec automates your exposure detection for you? Contact our cyber security experts for a demo.