{"id":5760,"date":"2025-11-12T07:00:00","date_gmt":"2025-11-12T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5760"},"modified":"2025-11-12T07:00:00","modified_gmt":"2025-11-12T07:00:00","slug":"enterprise-network-security-blighted-by-legacy-and-unpatched-systems","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5760","title":{"rendered":"Enterprise network security blighted by legacy and unpatched systems"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The extent to which enterprise networks are sprawling, half-visible, and full of PC and servers running obsolete versions of operating systems and vulnerable IoT devices has been laid bare by new research.<\/p>\n

Twenty-six percent of Linux systems and 8% of Windows systems are running on end-of-life (EOL) versions of operating systems, according to research from Palo Alto Networks<\/a>.<\/p>\n

Palo Alto\u2019s Device Security Threat Report<\/a>, based on telemetry data from 27 million devices on the networks of 1,800 enterprises, also found that 39% of IT devices registered in network directories lack active endpoint security protections. A third (32.5%) of all devices in corporate networks operate outside IT control.<\/p>\n

The absence of security controls enables attackers to hack into unprotected devices without risking detection. Almost four of five (77%) corporate networks were poorly segmented<\/a>, setups where low-security devices such as smart coffee makers or printers and high-value targets like financial servers sit on the same network segment.<\/p>\n

\u201cWhat stood out in our findings is how often everyday devices \u2014 like office cameras, smart sensors, or personal laptops \u2014 are directly linked to sensitive systems, and how often even IT managed devices have security gaps,\u201d Qiang Huang<\/a>, VP of product management for cloud delivered security services at Palo Alto Networks, tells CSO. \u201cNearly half of those connections come from high-risk devices that were never built with security in mind.\u201d<\/p>\n

Visibility gaps<\/h2>\n

Visibility and segmentation remain the weakest points of many enterprise networks. Around a third of enterprise devices are still unmanaged, and most networks are effectively flat, enabling attackers to move freely once they get in.<\/p>\n

Worse yet network edge devices are increasingly afflicted<\/a> with zero-day vulnerabilities experts blame on basic security bugs.<\/p>\n

\u201cMisconfigurations in firewalls, routers, and switches have repeatedly led to major breaches, as these devices often have privileged access and broad network visibility,\u201d says Bharat Mistry<\/a>, field CTO at Trend Micro. \u201cTheir presence at the top of the vulnerability list highlights the need for rigorous patching and configuration management.\u201d<\/p>\n

Routers, video conferencing systems, and IoT gear sit on the edge of networks, often unmanaged, poorly patched and running with default credentials.<\/p>\n

\u201cIf you reduce internet exposure, kill default credentials, and prioritize fixes for devices that are both exposed and exploitable, you take away a huge amount of low-effort attacker opportunity,\u201d says Rik Ferguson<\/a>, VP of security intelligence at Forescout.<\/p>\n

Ferguson adds: \u201cYou can\u2019t rely on agent coverage, so you need continuous, agentless visibility, software\/firmware inventory, including EOL and risk-based controls at segmentation and patching levels.\u201d<\/p>\n

Risky business<\/h2>\n

Forescout\u2019s Ferguson tells CSO that Palo Alto\u2019s numbers align with Forescout\u2019s telemetry across global enterprise networks.<\/p>\n

\u201cTheir [Palo Alto\u2019s] finding that 26% of Linux systems and 8% of Windows systems are end-of-life is directionally consistent with what we observe in the field, especially for embedded Linux in routers and appliances, where kernel versions lag for years,\u201d Ferguson says. \u201cThe result is a large attack surface of internet-reachable devices with unpatched flaws and weak defaults.\u201d<\/p>\n

According to Forescout\u2019s latest annual Riskiest Devices report<\/a>, routers and other network gear account for more than half of devices with the most dangerous vulnerabilities, with other categories such as video\/voice systems also prominent.<\/p>\n

Forescout\u2019s study \u2014 which is based on telemetry from enterprise devices using Forescout\u2019s Device Cloud and a multi-factor risk scoring methodology \u2014 also highlights that the risk posed by operational technology (OT) is growing fast<\/a>.<\/p>\n

The riskiest device types by domain, according to ForeScout, include application delivery controllers and firewalls, on the IT side; NVRs, NAS, VoIP, and IP cameras in IoT; and universal gateways and building management systems in OT.<\/p>\n

Remediation challenges<\/h2>\n

Matt Middleton-Leal<\/a>, managing director for EMEA at Qualys, says that visibility, vulnerability remediation, and network segmentation need to be treated as more important internally if CISOs want to get support for security remediation projects.<\/p>\n

\u201cThere are two issues here: how to get complete visibility of all your IT assets, and why end-of-life software or hardware still exists within the business,\u201d Middleton-Leal says. \u201cFor CISOs, dealing with these issues involves working with the business around risk.\u201d<\/p>\n

The challenge for security leaders is that insecure equipment replacement projects are viewed as lower priorities and lack the business case as, for example, AI-related projects that are viewed as the \u201ccutting edge\u201d of innovation.<\/p>\n

\u201cReplacing end-of-life assets can require time and change management resources that cost money, but they don\u2019t deliver enough of a return to the business,\u201d Middleton-Leal says.<\/p>\n

Adam Seamons<\/a>, head of information security at GRC International Group, agreed that replacing legacy systems is rarely an enterprise IT project priority.<\/p>\n

\u201cThe persistence of end-of-life Windows and Linux systems isn\u2019t laziness; it\u2019s reality,\u201d Seamons says. \u201cReplacing legacy systems is expensive, risky, and rarely top of the priority list until something breaks.\u201d<\/p>\n

Seamons adds: \u201cThe problem is that every unpatched device is basically a welcome mat for attackers.\u201d<\/p>\n

Remediation work may extend beyond straight hardware replacement or migration because upgrades may involve additional work around refactoring software to work with newer, more secure components.<\/p>\n

\u201cThat is often why those older software assets don\u2019t get updated, because the rework and change control is a substantial investment for relatively little return,\u201d Qualys\u2019 Middleton-Leal notes.<\/p>\n

\u201cCISOs and security leaders have to guide their teams through these costs, and where end-of-life software can\u2019t be replaced, design the compensating controls and risk mitigation approach that keeps software or assets secure,\u201d Middleton-Leal says.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The extent to which enterprise networks are sprawling, half-visible, and full of PC and servers running obsolete versions of operating systems and vulnerable IoT devices has been laid bare by new research. Twenty-six percent of Linux systems and 8% of Windows systems are running on end-of-life (EOL) versions of operating systems, according to research from […]<\/p>\n","protected":false},"author":0,"featured_media":5761,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5760"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5760"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5760\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5761"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}