Security appliances have been traditionally considered one of the most effective forms of perimeter security. That said, this is no longer the case. Today, security appliances feature amongst the most riskiest enterprise devices and are a preferred method for threat actors to infiltrate a business. Let’s investigate why this is the case.
1. Security Appliances Are Infested With High-risk Vulnerabilities
In researching the Common Vulnerabilities and Exposures (CVE) database or CISA’s Known Exploited Vulnerabilities (KEV) catalog, one immediately discovers a deeply concerning picture, particularly for security appliance manufacturers. For instance, as of December 2023 on the CVE database, over 140 vulnerabilities are associated with FortiOS and more than 20 were reported in 2023. Similarly, PAN-OS has over 150 vulnerabilities while Cisco ASA has over 350 reported vulnerabilities. Given how many organizations are understaffed and under-resourced, it’s a Herculean task to stay abreast of these vulnerabilities, forget about continuously patching them. Due to the volume of these potential exploits, security teams have to consciously leave their organizations unduly exposed.
2. Security Appliances Were Never Built For Mobility and The Cloud
Traditional security architecture is based on a castle and moat concept where security hardware such as firewalls, VPNs, intrusion prevention systems etc., are considered “moat” and are deployed around the “castle” (users, applications and data) to protect against external threats. This approach served well while data, users, and applications resided inside the perimeter. With the rising popularity of cloud applications and remote working becoming the norm, the castle and moat approach seems anachronistic.
3. Security Appliances Are Not Always Easy To Patch
While operating systems like Windows and macOS have come a long way in making their software updates easy to deploy, the same can’t be said for patching or updating hardware appliances. Security appliances usually serve as critical infrastructure — organizations can scarcely afford to take security offline and security teams must always avoid causing any business disruption. This is why security hardware such as routers, firewalls, secure web gateways (SWGs), and IPS appliances are typically updated on weekends or holidays. Moreover, patching security hardware is never seamless; it can lead to unexpected behavior of appliances, lengthy and frustrating troubleshooting, loss of productivity and increased risk of an incident.
Vulnerabilities disclosed from vendors and directives released from government agencies like CISA and NIST happen almost daily. Organizations don’t just need awareness of these faults, they need to update and patch appliances before hackers can take advantage. With the computing environment becoming more decentralized and remote working taking center stage, organizations seek security that allows centralized control and visibility over users, applications, devices, data and resources; one that can also support multiple locations. This is where single-vendor SASE may offer advantages over traditional security hardware.
1. Convergence: Instead of having multiple security appliances that are siloed and disconnected from each other, single-vendor SASE converges multiple security functions such as a firewall, secure web gateway, IPS, zero-trust network access (ZTNA) and data loss prevention, into a single whole. This approach enables control over users and applications, regardless of location, device or technology.
2. Patching: In a traditional environment, security teams have to manually identify, physically connect and test multiple security appliances at diverse locations. In a cloud environment, patching is centrally managed, eliminating the need to patch box-by-box. SASE can provide CVE mitigation for zero-day vulnerabilities via virtual patching. Some platforms offer patch deployment in “simulate mode” so that users can deploy untested patches without disrupting the network.
3. Cloud: Most security appliances are designed for on-prem, perimeter security. Many legacy vendors have begun spinning up cloud instances to repurpose their hardware in response to evolving trends. This Band-Aid approach offers limited flexibility and makes security more complex than it needs to be. SASE is inherently cloud-native, which means born in the cloud and built around cloud environments.
The market for single-vendor SASE is expected to grow at a 30% CAGR (compound annual growth rate) between 2022 through 2027, making it a $34 billion market. Many organizations will transition from legacy and disjointed security hardware to cloud-native security technologies, taking note of government directives that have imposed mandates on appliance-based security due to their misconfigurations and rising risk of unpatched vulnerabilities.