Security & is a Softcat blog series highlighting how security and other areas of IT work together to maximise an organisation’s infrastructure investment. Stopping by all Softcat’s solutions teams, this series offers advice that will enable you to develop a more cohesive infrastructure leading to a more complete security strategy.
One of the most valuable, but also most mundane security operation tasks, is that of patching and updating – something Softcat highlight through our regular blog updates, such as the most recent patch Tuesday breakdown. While it’s very easy, it can often feel like a never-ending cycle, and if for some reason firmware management does fall by the wayside, we’ve seen how dangerous this can be. Back in April this year, as part of a joint exercise between the NCSC, FBI and Department of Homeland Security, it was found that Russian state Cyber Actors were maliciously leveraging routers and switches for reconnaissance and exploitation (report here). Whilst firmware updates were not the sole attack vector, it was by far the easiest one to mitigate.
One of the silver linings of events like these is that it shone a spotlight on the importance of firmware updates for network-based devices. Concerningly though, this can still be a victim of being missed off the update schedule, as the most recent software patch management takes prevalence. Typically, routers and switches are often not maintained to the same standard as other devices, for a multitude of different reasons.
The most quoted reason is often down to visibility. Be it requiring a support contract that was found to have expired in order to access the firmware update, or that the one switch involved in the breach was the only one that wasn’t included on the latest firmware update due to a poorly written/executed update strategy.
Now, it's all well and good me sitting here and identifying the importance of support contracts and firmware update schedules, but I think it's worth saying that top-notch support management is no small feat. It sometimes feels like you can't buy anything IT anymore without a support contract, and with a contract comes renewal dates, licence conditions, coverage issues etc. etc. Here at Softcat we sympathise with the size of this task, so we developed a way to add value. Softcat's Infrastructure Support Solutions team has been consistently one of the most successful parts of our business, and customers frequently reference not just the simplicity it brings to managing their estate, but also the cost-saving our support packages demonstrate against traditional vendor support for the same SLA. The team manage the consolidation and co-termination of support contracts, reducing complexity for customers across their support estate. Also delivering inventory management and end of support notification, you are best aware of your networking options via our service intelligence.
Previously, knowing which serials are in support, and what the support actually covers, was at times like snake charming, but you can now take advantage of Support services that make this a thing of the past. With a clear and easy to use portal you can see all your serials, and the service level attached to them. For anyone with Cisco networking, if critical security firmware updates is something you’d rather not deal with, you can go one step up with Cisco Managed Network Device Service. Essentially this removes the issue highlighted in this blog, as whenever a firmware update for a particular network device becomes available this is pushed out in a timely manner.
Sadly, simply having access to the latest firmware and updating regularly is not on its own best practice for securing network devices, and like anything in this industry, there isn’t one silver bullet. Things like account management and password rotation, multifactor authentication and examination of configuration to identify legacy or weak protocols serve as an example of more that can be done here.
So, if reading this has warmed you up to the topic of support and security, your specialists within your account management team are available as a free resource to help. For any existing customers, please get in contact with your Account Manager to arrange a call, and for anyone new to Softcat, please don’t hesitate to contact us using the button below.
About the author: Alexander Lewis is a leading Networking & Security Specialist at Softcat and has been working with Softcat’s customers for over two years. Alex’s previous work has seen him work in various IT-focused roles, but his passion for technology started young when he built his first PC at just 6 Years old. When not working with customers, Alex guides Softcat customers on security and networking strategy, regularly contributing to our blogs, webinars and training exercises.
We would love to hear any comments you have about this article!