Firewalls, Routers, Endpoint/Device Security, Zero trust

Thwarting today’s threats with next-generation security technology

For your organization to stay ahead of current and future threats, it can't rely on yesterday's cybersecurity technology. Unfortunately, even as attackers continue to refine their skills and use new techniques, many companies continue to deploy outdated firewalls and legacy endpoint protections.

To keep your organization and its data secure, you need to implement next-generation protections, up-to-date policies and tools, and modern systems architecture that is designed with security in mind.

"As vendors, we can do the best job in the world at building secure systems," says Barbara Hudson, Global Product Marketing Director at Sophos, in a recent company webinar. "But if you're not applying patches or you continue to use devices that are either end-of-life or unsupported, our efforts will be in vain."

How old technology fails against current threats

Hudson and, in a different recent webinar, Sophos Sales Engineers Angel Ramos and Ryan Lockerbie detail how outmoded technology fails to protect against the latest threats.

The latter pair's example is remote ransomware, the attack technique that infects an embedded or IoT device on the office network, such as a smart TV or a smart speaker, rather than a proper endpoint.

"[Attackers] realized really quickly that trying to attack an endpoint directly gets picked up by the anti-ransomware engines pretty well, so they've shifted to mounting the drive to a rogue device on the network," Lockerbie explains.

"That is what remote ransomware means: where the encryption process happens on a secondary device so that the endpoint protection can't see it."

For her part, Hudson focuses on the firewall, the granddaddy of network-security devices. Firewalls have been standard enterprise devices for at least 30 years, but how often do they get updated or replaced? How many firewalls are kept running after vendor support ends?

"Vendors will contact customers and partners and inform them about the end-of-life date," Hudson says. "Unfortunately, many customers ignore those communications, particularly the ones that come years in advance. So when date X, the end of life, arrives, there's a little bit of a problem."

For those reasons, she reminds us, outdated or improperly configured firewalls are one of the top reasons for data breaches and other successful network incursions.

"Network edge devices," Hudson says, quoting Sophos' 2025 Threat Report, "are the single largest source of initial compromise of networks in intrusion incidents and in ransomware and data-exfiltration events."

How next-gen tech rises to the challenge

The paramount defense against current and future attacker techniques is to build your software — any kind of software — using Secure by Design principles as laid out by the U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) and other organizations.

"Secure by Design is a pledge to support a set of design goals to strengthen product security," Hudson explains, adding that the approach includes factors such as "integrating MFA into all systems, eliminating default passwords and credentials, implementing automated security patches and offering rapid and transparent vulnerability disclosure."

Another key part of Secure by Design is zero-trust network access, which Hudson notes is essential to stopping attacks that might otherwise exploit outdated VPN technology to move laterally within a network.

"The problem with VPN is that once you're on the network, you're generally trusted, and frequently have access to everything," she explains.

"The zero-trust network access approach is probably a better choice, as it provides you with the ability to give granular control to resources and apps that can be revoked. If the device health changes, the perimeter moves to where you need it to be."

Sophos itself has been tracking a multi-year campaign, which it calls "Pacific Rim," that originates in China and targets firewalls protecting government agencies, healthcare providers, critical infrastructure and defense contractors across the world.

Hudson credits Sophos' embrace of Secure by Design as a key reason that Sophos' firewalls have largely withstood the attacks.

"We need secure products as much as we need security products," she says, "But when our adversaries are targeting the tools built to defend us more than anything else, we need secure security products."

Likewise, say Ramos and Lockerbie, Sophos' next-gen endpoint protections are designed to repel new threat such as remote ransomware. Ramos explains how a feature called CryptoGuard will automatically revert files to their previous state upon the first hint of ransomware activity.

"If we see files showing the signs of malicious rapid encryption, we can identify those and roll them back without the use of a volume shadow copy," he says. "This is done in an in-house, proprietary method that is unique to CryptoGuard and unique to Sophos."

A team effort

One of the best and simplest ways to stay ahead of attackers is to just keep your security tools updated, especially when an update patches a known exploited flaw. Many organizations may be reluctant to apply updates immediately, especially with network protections like firewalls, but as Sophos CISO Ross McKerchar says in a recent blog post, it's time to get over that.

"Over time, as the internet evolves, even the most diligently updated hardware will reach the end of its ability to cost-effectively support necessary updates and features," McKerchar says. "At some point, these older devices become not just dead, but actively undead and dangerous."

As Hudson says, cybersecurity is a team sport. That team can include not only your colleagues, but your competitors and your cybersecurity provider's competitors as well.

"We all share the responsibility," Hudson reminds us. "Vendors need to build secure products and customers must apply patches and stop using unsupported and end-of-life systems, as that adds risk for all of us."

Paul Wagenseil

Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds