SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
To upgrade or not to upgrade – that is the security question
Wed, 25th Oct 2017
FYI, this story is more than a year old

When we think of security, we probably think ‘software' first. But software runs on hardware, and if network security and access appliances are aging, a security profile may be crumbling – without an organisation being aware of it.

Network security and access appliances sit at the edge of the network, determining who can be let into the network and how much access they should be given. Since security threats are evolving by the day, these appliances need up-to-date software to protect both company and users from harm.

But let us consider the vulnerabilities of outdated hardware appliances. If appliances are three or four generations old, the latest software versions are likely not compatible with existing hardware, so the business is left running out-of-date software.

This leaves two choices: upgrade hardware to be sure of getting the latest software to maintain robust protection, or keep current hardware and entrust network security to out-of-date software.

Frequently companies choose the latter option. After all, their hardware appears to be working, so why upgrade it? An admin might think, “As long as my end users aren't calling me to complain, everything must be working fine.” Unfortunately, ‘working' does not equal secure.

For example, suppose the net admin uses OpenSSL for backend services. Over the past few years, OpenSSL has identified several vulnerabilities. Hackers know this, so they look for devices running older versions of OpenSSL to exploit. Advanced security applications are able to monitor such events and quickly provide patches in software updates. But if an appliance can't run the latest security software and the business is using an older version of OpenSSL, it is wide open to an attack.

That is just one example among the hundreds and thousands of enhancements and updates constantly being created to address new risks, threats and vulnerabilities.

Aging hardware is also a risk because it will ultimately fail at some point. That is a generally accepted principle when deploying hardware: there is a mean time between failures. It is why equipment is guaranteed only for a certain number of years. After that, the likelihood of failure becomes statistically high.

So aging hardware presents a double risk: an organisation might suffer a breach because of out-of-date security software, and might completely lose functionality because of equipment failure. Both eventualities will leave IT staff scrambling to repair the damage. The good news is they can prevent a catastrophic situation by being proactive in upgrading their network security and access appliances.

Upgrading hardware prevents security breaches, but also brings quantifiable value to daily business operations. For example, advanced security software updates include new features to make deployment easier through wizards – so what took 30 steps before may take just five now. By minimising the clicks, it streamlines administrative tasks, saving both time and money.

Plus, with every new generation of hardware comes leading-edge components: memory, processors, hard disks, network interface cards, etc. New hardware can handle more users and manage traffic faster and more reliably than ever so you can do more with less.

Take a hard line when it comes to upgrading hardware. A business will gain increased security to meet today's sophisticated threats, reduce network complexity, improve productivity, enhance the user experience and lower bottom line costs. The only thing to lose is the experience of getting hacked … and we can all do without that.