Five Eyes shares fresh guidance for network edge device security

News
By published

Edge devices are attractive targets - here’s how to stay safe

A Wi-Fi router placed on a desk with cables going in. A hand is holding a padlock on top of the router.
(Image credit: Shutterstock / Gleb Usovich)
  • New guidance from the Five Eyes Alliance outlines edge device expectations
  • Cybersecurity agencies from the UK, Canada, and Australia and more publish recommendations
  • The guidance is primarily for edge device manufacturers

The Five Eyes Alliance, a group of cybersecurity agencies from the UK, Australia, Canada, New Zealand, and the US, have come together to issue cybersecurity guidance for device manufacturers.

With critical infrastructure sustaining 13 cyberattacks per second in recent years, mitigating the effects of compromises is a priority at every stage.

The new recommendations are for manufacturers of network edge devices and appliances such as routers, firewalls, virtual private network (VPN) gateways, Internet of Things (IoT) devices and more.

Manufactured vulnerabilities

The aim of the advice is to help network defenders ‘secure organisational networks both before and after a compromise’ and to set expectations for the minimum requirements for forensic visibility. This will enable network defenders to more easily detect and investigate malicious activity.

The four sets of published requirements include the UK NCSC’s digital forensics guidance, Canada’s CCCS edge device security considerations, and from the Australian ACSC, both mitigation strategies and practitioner guidance.

Threat actors have been known to exploit flaws in edge devices to gain access to networks - so securing these devices will be crucial in the fight against cybercrime.

Edge devices usually have public IP addresses that can be reached from anywhere, and are particularly vulnerable to hackers because they handle important information and connect to external networks directly.

Included in the guidance are logging requirements, setting out the minimum expectations for threat detection and detailed event recording, and forensic data acquisition requirements, like volatile data collection to help facilitate automatic analysis and helping human investigators detect anomalous events.

“Device manufacturers are encouraged to include and enable standard logging and forensic features that are robust and secure by default, so that network defenders can more easily detect malicious activity and investigate following an intrusion,” said the UK’s National Cyber Security Centre.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
5G
Securing 5G edge network – what companies should know before stepping on the edge of tech
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Hardware supply chain threats can undermine your endpoint infrastructure
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
IoT’s botnet problem is up 500% – three things admins must do now
Abstract image of cyber security in action.
Four key questions to strengthen your cyber threat detection strategy
Abstract image of cyber security in action.
It’s time to catch up with cyber attackers
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
More about security
Email

Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
A hand holding an iPhone with the iCloud logo on screen.

"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
See more latest
Most Popular
Half man, half AI.
Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
diamond gemstone
Diamond set to become mainstream coolant for AI GPU servers as world’s best thermal conductor promises 25% better overclocking, and 'double performance per watt'
Zuckerberg Meta AI
Meta powers ahead with conscious chip uncoupling with Nvidia as it tests its first in-house training AI-PU
Email
Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Gachapon Capsure Station
Somewhere in Japan is a dispenser where you can buy toy rack servers complete with cute Dell PowerEdge 2U servers
An angry Mark Grayson flying towards the camera in Invincible season 3 episode 7
Invincible season 4: everything we know so far about the hit Prime Video show's next chapter