(SASE), which according to Gartner surveys has been adopted already by 39 percent of enterprises with 60 percent having a clear-cut strategy to adopt SASE in 2025. A top driver for SASE adoption, after all, is its ability to deliver “secure remote access,” show recent surveys by security provider Xalient and HP Enterprise. All the while, the most widely used component being actively used by SASE customers is SSE, or secure services edge, shows the Xalient survey. Edgy Trends Within the rising tide of attacks targeting edge systems, the ConnectWise research unit observed and recorded some common trends in the tactics used. For example, many highprofile breaches have been traced back to edge devices running obsolete or outdated software, such as the Moveit vulnerability, which allowed attackers to exploit unpatched file transfer systems, leading to significant data breaches and financial losses. Meanwhile, exposed remote access, such as through RDP gateways, VPNs, SSH and other remote capable services, are frequent targets for brute-force attacks, said ConnectWise. “Many attacks that targeted these services were perpetrated with compromised or default credentials. A notable example involved ransomware groups exploiting exposed RDP services to infiltrate a network and encrypt files,” said the report. Misconfigured services likewise are a trending issue. That includes misconfigured firewalls, open ports and poorly secured cloud gateways that create opportunities for unauthorized access, said ConnectWise researchers. In one instance, a misconfigured Citrix appliance was exploited, enabling attackers to bypass authentication and gain administrative control over a network. And this year, many of the widely exploited vulnerabilities involved zero-day attacks targeting network edge technologies, showed the report. Of course, it’s not just edge devices that are of concern; ConnectWise reported a mass exploitation of edge software. “Threat actors have increasingly targeted vulnerabilities in edge software such as Moveit, CitrixBleed, Cisco XE, Fortiguard’s FortiOS and Ivanti ConnectSecure,” said the MSP Threat Report. “These services, which are often exposed to the internet, are attractive entry points for attackers seeking initial network access.” And not so surprisingly, threat actors have intensified attacks on edge platforms that lack traditional endpoint detection solutions. Attacks on IoT devices and OT devices surged due to their limited monitoring capabilities, showed the findings. On the flip side of things, MSP face several challenges in the implementation of strong and secure edges for their customers. Arguably the fault of no one is the complexity of today’s environments. “The convergence of on-premises, cloud and IoT systems creates a complex environment that can be difficult to monitor and secure,” ConnectWise researcher pointed out. This can lead to a lack of awareness in which many organizations simply are unaware of the extent of their exposed services or the potential risks associated with misconfigurations, they continued. 31% 30% 28% 28% 27% 23% 23% Secure Service Edge (SSE) Secure Web Gateway (SWG) Cloud Access Security Broker (CASB) Software Defined Wide Area Network (SD-WAN) Firewall as a Service (FWaaS) Domain Name System (DNS) layer security Zero Trust Network Access (ZTNA) Respondents were actively using the following components of their SASE solution: Source: Xalient tacks against edge device vulnerabilities over time rce: ConnectWise 1/15/24 2/15/24 3/15/24 4/15/24 5/15/24 6/15/24 7/15/24 8/15/24 9/15/24 10/15/24 11/15/24 12/15/24 8000 7000 6000 5000 4000 3000 2000 1000 0 Timestamp Per Week Recommendations to Mitigate EDR Evasion ▪ Enable tamper protection: Many EDR vendors allow for the activation of tamper protection features that can prevent attackers from disabling or changing configurations. ▪ Block vulnerable drivers: Consider blocking drivers that are vulnerable or unnecessary for business operations or create a specific allowlist only for the drivers you require. ▪ Regularly audit and patch systems: Ensure all systems, including EDR tools, are up-to-date and secure against known vulnerabilities. ▪ Segment networks: Ensure networks are segmented to prevent lateral movement in case of a breach. ▪ Enhance logging and monitoring: Maintain robust logs and use SIEM solutions to identify anomalies across environments. ▪ Consider red team exercises and vulnerability assessments: Simulate attacks and conduct automated scans or manual vulnerability assessments to identify weaknesses in your network’s defenses. Source: ConnectWise 28 CHANNELVISION | MARCH - APRIL 2025
RkJQdWJsaXNoZXIy NTg4Njc=