Connect with us

Hi, what are you looking for?


Cloud Security

Are Security Appliances fit for Purpose in a Decentralized Workplace?

Security appliances are amongst the most riskiest enterprise devices and are a often method for threat actors to infiltrate a business.

Security appliances have been traditionally considered one of the most effective forms of perimeter security. That said, this is no longer the case. Today, security appliances feature amongst the most riskiest enterprise devices and are a preferred method for threat actors to infiltrate a business. Let’s investigate why this is the case.

1. Security Appliances Are Infested With High-risk Vulnerabilities

In researching the Common Vulnerabilities and Exposures (CVE) database or CISA’s Known Exploited Vulnerabilities (KEV) catalog, one immediately discovers a deeply concerning picture, particularly for security appliance manufacturers. For instance, as of December 2023 on the CVE database, over 140 vulnerabilities are associated with FortiOS and more than 20 were reported in 2023. Similarly, PAN-OS has over 150 vulnerabilities while Cisco ASA has over 350 reported vulnerabilities. Given how many organizations are understaffed and under-resourced, it’s a Herculean task to stay abreast of these vulnerabilities, forget about continuously patching them. Due to the volume of these potential exploits, security teams have to consciously leave their organizations unduly exposed.

2. Security Appliances Were Never Built For Mobility and The Cloud

Traditional security architecture is based on a castle and moat concept where security hardware such as firewalls, VPNs, intrusion prevention systems etc., are considered “moat” and are deployed around the “castle” (users, applications and data) to protect against external threats. This approach served well while data, users, and applications resided inside the perimeter. With the rising popularity of cloud applications and remote working becoming the norm, the castle and moat approach seems anachronistic. 

3. Security Appliances Are Not Always Easy To Patch

While operating systems like Windows and macOS have come a long way in making their software updates easy to deploy, the same can’t be said for patching or updating hardware appliances. Security appliances usually serve as critical infrastructure — organizations can scarcely afford to take security offline and security teams must always avoid causing any business disruption. This is why security hardware such as routers, firewalls, secure web gateways (SWGs), and IPS appliances are typically updated on weekends or holidays. Moreover, patching security hardware is never seamless; it can lead to unexpected behavior of appliances, lengthy and frustrating troubleshooting, loss of productivity and increased risk of an incident. 

Cloud-Native Security

Advertisement. Scroll to continue reading.

Vulnerabilities disclosed from vendors and directives released from government agencies like CISA and NIST happen almost daily. Organizations don’t just need awareness of these faults, they need to update and patch appliances before hackers can take advantage. With the computing environment becoming more decentralized and remote working taking center stage, organizations seek security that allows centralized control and visibility over users, applications, devices, data and resources; one that can also support multiple locations. This is where single-vendor SASE may offer advantages over traditional security hardware.

1. Convergence: Instead of having multiple security appliances that are siloed and disconnected from each other, single-vendor SASE converges multiple security functions such as a firewall, secure web gateway, IPS, zero-trust network access (ZTNA) and data loss prevention, into a single whole. This approach enables control over users and applications, regardless of location, device or technology. 

2. Patching: In a traditional environment, security teams have to manually identify, physically connect and test multiple security appliances at diverse locations. In a cloud environment, patching is centrally managed, eliminating the need to patch box-by-box. SASE can provide CVE mitigation for zero-day vulnerabilities via virtual patching. Some platforms offer patch deployment in “simulate mode” so that users can deploy untested patches without disrupting the network.  

3. Cloud: Most security appliances are designed for on-prem, perimeter security. Many legacy vendors have begun spinning up cloud instances to repurpose their hardware in response to evolving trends. This Band-Aid approach offers limited flexibility and makes security more complex than it needs to be. SASE is inherently cloud-native, which means born in the cloud and built around cloud environments.

The market for single-vendor SASE is expected to grow at a 30% CAGR (compound annual growth rate) between 2022 through 2027, making it a $34 billion market. Many organizations will transition from legacy and disjointed security hardware to cloud-native security technologies, taking note of government directives that have imposed mandates on appliance-based security due to their misconfigurations and rising risk of unpatched vulnerabilities.

Written By

Etay Maor is Senior Director of Security Strategy for Cato Networks. Previously, he was Chief Security Officer for IntSights and held senior security positions at IBM and RSA Security's Cyber Threats Research Labs. An adjunct professor at Boston College, he holds a BA in computer science and a MA in counter-terrorism and cyber terrorism from Reichman University (IDC Herzliya), Tel Aviv.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...