US and UK agencies warned that discontinued edge devices — including firewalls, routers, switches, load balancers, IoT devices, and wireless access points — pose significant security risks because they no longer receive security updates. CISA’s Binding Operational Directive 26-02 requires federal agencies to inventory, update, and decommission end-of-support (EOS) edge devices on accelerated timelines to reduce exploitation by nation-state threat actors. #CISA #BOD26-02
Keypoints
- US and UK government agencies issued alerts urging immediate replacement of end-of-support edge devices.
- Edge devices include firewalls, routers, switches, load balancers, IoT devices, and wireless access points that route network traffic.
- EOS edge devices no longer receive patches and are being targeted by state-sponsored actors for access, persistence, and data theft.
- CISA’s BOD 26-02 mandates inventorying EOS devices, updating supported software, and decommissioning vulnerable devices within set deadlines.
- Organizations are advised to continuously discover and replace discontinued edge devices to mitigate exploitation and compatibility issues.
Read More: https://www.securityweek.com/organizations-urged-to-replace-discontinued-edge-devices/