Here, we have a guest post from Ramece Cave, Threat Research Analyst at NTT Security.

The Cyber Threat Alliance (CTA) for the uninitiated is a consortium of information security companies that have joined forces to share cyber threat information and knowledge. Periodically, CTA will release joint analysis reports from its members. This time around, CTA has gathered a panel of information security dynamos to collaboratively analyze and dissect a real and growing threat. This threat uniquely stands on its own, but can and will without warning include others in its wake of destruction. It is a portion of your infrastructure that is vital for operability and success but has very little or no oversight. Sometimes its presence is forgotten in a sea of ones and zeros.

The latest Joint Task Force analysis report covers edge or perimeter devices. These are the bigger beefier older siblings to IoT devices. The devices in this category can include but are not limited to, Routers, WAN devices, VPN Concentrators, firewalls, NIDS and integrated access devices. Arguably some can and will argue that IoT both fits and does not fit into this label; neither is wrong, its a complicated dichotomy. Though correct, perimeter devices by design often have more hardware resources and are usually reserved for enterprise use albeit SOHO or multi-state or global network. The analysts review various case studies that have impacted the industry over the past few years. Providing insight and recommendations for consumers and manufacturers to limit risk and unearth common pitfalls.

The problem and challenges

Edge devices are often overlooked, forgotten, and in some cases taken for granted. They are truly an appliance put in place to do a job no more, no less. But just like any appliance that helps our lives function, that one thing we don’t realize is essential to for sustaining our livelihood as humans, decides to one day stop working. Or even worse the outage is security related.  If your network router stopped working. Anyone local in the office will be unable to connect to the Internet. If the VPN stopped working, no remote access is allowed. In an instance, the importance of the device is catapulted to the front of the line. Countless meetings and conference calls will be held questioning how did this happen, why did the security team and or admins not know of this possibility? The truth is, these devices often fall out of the scope of the security landscape because by nature and design they are independent. This could cause a ripple effect, cascading through the environment and business partners, especially if that connection was needed to share valuable information. The report specifically calls out these problems and challenges.

  • Default configuration settings
  • Outdated firmware
  • Challenges with scaled deployments
  • Non-intuitive user interface
  • Backdoors

Edge devices make high targets because they have unique access and perspective into your network. Compromising and controlling the right appliance can provide an actor with unfettered access to data, or because of their design monitoring traffic. Since these are typically ingress or egress points firewall monitoring is limited if at all existent. 

Threat actor leverage

The report details how and why threat actors target edge devices. This is not something that occurs by happenstance. The case studies describe how specific devices were targeted and the lengths actors undertook to complete their objectives as outlined below.


  • Infrastructure development
  • Cryptocurrency mining
  • Traffic monitoring
  • Persistence
  • Data theft  
  • Offensive efforts

Threat actors can and will leverage the edge devices access to enhance or expand their nefarious activities. If there is one aspect or detail that is covered I want the readers to remember most, is that these devices can provide limitless coverage and access to an enterprise. Actors can simply hide in plain sight, patiently waiting under the cloak of our own ignorance of the real power and capability that is available to specific components in your infrastructure devices. Whether you are a consumer or manufacturer and want to learn more about the problems that exist, read the report and be enlightened; move forward and identify the forgotten threats on your network.  Read and learn more about the Cyber Threat Alliance (CTA). Access the full Securing Edge Devices report.