43.2 F
Washington D.C.
Saturday, January 18, 2025

Modern Security Solutions for 22 Known VPN Vulnerabilities

Modern Approaches To Network Access Security: A new report from CISA, FBI and international partners.

A new collaborative report by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), alongside multiple international partners, details 22 known exploited vulnerabilities (KEVs) with legacy VPN systems that can be exploited by cyber criminals and nation-state actors.

Co-authored by CISA, FBI, New Zealand’s Government Communications Security Bureau (GCSB) and Computer Emergency Response Team (CERT NZ) and the Canadian Centre for Cyber Security (CCCS), the report explains how moving to modern, network access solutions, such as Zero Trust, Secure Service Edge (SSE), and Secure Access Service Edge (SASE), will help reduce risk.

The report details how these solutions enhance an organization’s security, and highlights that many organizations are considering replacing legacy VPN solutions with modern network access solutions, as more services shift to the cloud.

The guide also offers best practices for organizations transitioning from traditional remote access architectures to the cloud, including:

  • Implementing a centralized management solution, network segmentation and Security Orchestration, Automation, and Response (SOAR).
  • Developing, maintaining and regularly updating IT and OT (operational technology) cybersecurity, and automating vulnerability scans on public-facing enterprise assets.
  • Using high-performing cybersecurity solutions to automate the detection of unsuccessful login attempts and regularly backing up all systems necessary for daily operations.
  • Mandatory yearly training on basic security concepts, such as phishing and password security.

You can read the entire list of best practices by viewing the full report, entitled Modern Approaches To Network Access Security. 

The report notes that each organization is different, with unique planning, architecture, or adaptation needs, and advises organizations to make informed decisions based on comprehensive analysis of their own needs before selecting a solution, taking into account how the increased use of cloud services has impacted security. 

Read the full report here.

Rob Phillimore
Rob Phillimore
An ambitious and enthusiastic weaver of words with a curious mind and passion for continued learning and development, Rob has written content for a diverse range of clients, working in STEM sectors such as space, aerospace, aviation, finance and software development; covering a variety of topics, from AI and cybersecurity to digital transformation to sustainability.

Related Articles

HTA Month Jan 2025

Latest Articles