720-891-1663

Alerts, Best Practices, Compliance, Legal, Security Practices

If Firewall Companies Can’t Secure Themselves ….. What Do We Do?

Leave a comment

This is a tale of three firewall vendors: Cisco, Checkpoint and Fortinet and their security challenges.

First, even though we likely think of a firewall as a piece of hardware, in reality, it is just a specialized computer – think of it as the original Internet of Things device – that runs a lot of software and software, as you well know, has bugs.

Let’s start with Checkpoint. No particular reason. Here are some of Checkpoint’s security products:

In a stunning display of irony, Check Point Software—the cybersecurity vendor that publishes the industry’s most comprehensive threat intelligence reports—suffered a critical zero-day vulnerability (CVE-2024-24919) in May 2024 that exposed 14,000 internet-facing Quantum Security Gateways to information disclosure attacks.

Checkpoint produces an annual threat intelligence report. This year’s report says:

  • 47% increase in weekly cyberattacks per organization (Q1-25 vs Q1- 24)
  • 126% surge in ransomware attacks globally
  • 2,289 ransomware incidents in Q1 2025 alone
  • 1,925 average attacks per organization per week
  • November 2025: 727 ransomware attacks (22% year-over-year increase)

Three days after a recent bug was added to the fed’s known exploited vulnerabilities list it was already being exploited. Since firewalls almost always face the Internet, 14,000 were detected to be vulnerable. Credit: Breached Company

Next let’s talk about Cisco. They have been challenged for a long time. Here are some of their products:

Cisco networking gear is deployed in virtually every major enterprise, government agency and critical infrastructure organization because, the thinking goes, if you spend a fortune on Cisco gear (and you will) and you get hacked anyway, your defense is “I bought the best (or most expensive) gear that money could buy”.

Here is where Cisco stands at the moment:

  • Approximately 48,000 unpatched Cisco ASA/FTD appliances remain internet-facing as of November 2025
  • Akira ransomware has specifically weaponized multiple Cisco CVEs for initial access
  • Chinese APT groups (UAT4356/Storm-1849) have been exploiting Cisco zero-days since 2024
  • Federal agencies themselves struggle to patch vulnerable Cisco devices, prompting emergency CISA directives
  • 60% of all cyber incidents in 2024 involved identity-based attacks exploiting VPN weaknesses—primarily Cisco products

Since there are so many Cisco devices out there, hackers target them specifically. Credit: Breached Company

Finally, let’s look at Fortinet. Here are some of their products:

While the cybersecurity world focused on SonicWall’s troubles, Fortinet products have quietly become one of the most frequently exploited attack vectors in modern ransomware campaigns—with healthcare bearing the brunt of the damage. With 20 CVEs on CISA’s Known Exploited Vulnerabilities catalog and active exploitation by groups like Qilin, Akira, and Mora_001, Fortinet devices have become a favorite entry point for ransomware operators targeting hospitals, clinics, and healthcare providers.

Fortinet has had multiple problems recently, including zero-days and some would say the way they have handled them (secretly patching holes for example) doesn’t build trust.

In Fortinet’s case, a lot of the victims are healthcare organizations and they have special challenges including obsolete hardware (no money to replace it), regulatory requirements and valuable data (while you can change your credit card number, you cannot change your blood type or DNA – at least not easily). Credit: Breached Company

This represents just three of hundreds of firewall vendors and actually, compared to some, they are doing well. For the most part, they patch bugs as soon as they are made aware of them.

So what should you be doing to protect yourself? Here are a few recommendations and if you need help, please contact us:

  1. PATCH, PATCH AND PATCH. Instantly. Yes, I know you have a lot on your plate and yes, I know if causes momentary downtime, but being ransomed will take a lot more time and a lot more downtime.
  2. MONITOR AND ALERT. Again, this takes time and money, but think about the consequences if you get this one wrong.
  3. LAYERED DEFENSE. The popular buzz word these days is zero trust. DO NOT think that your firewall will protect you. Just because you change the oil in your care periodically does not mean you should drive with bald tires.
  4. SEGMENT YOUR NETWORK. One thing we see time and time again is the bad guys get in and they have free range inside your network. A decade ago hackers broke into Target through stolen credentials to an air conditioning vendor maintenance portal and from there they had direct access to the credit card processing system. Make it hard for hackers to move sideways inside your network. The good news it that this won’t cost you a lot of money, but it will take time to engineer.
  5. MONITOR YOUR ENDPOINTS – EVERY ONE OF THEM. Hackers don’t break into your firewall to look at your firewall; they break in to steal your data or worse. Managed endpoint detection and response is mandatory. Some insurance companies won’t write a policy if you don’t have this and if you lie, they won’t pay if you have a claim.
  6. BACKUPS. This is the last one. Make backups. Make sure the hackers cannot destroy them. Test them. Then, rinse and repeat.

While this is no guarantee, it definitely improves the odds.

If you need assistance with any of this, please contact us.

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 CyberCecurity, All rights reserved. Privacy Policy