SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Gartner asks: Do you have a ticking time-bomb in your network?
Thu, 25th May 2017
FYI, this story is more than a year old

Since February 2017, a growing number of network and security vendors have published field notices or confirmed that some product lines have an increasing likelihood of total system failure. Due to vendor NDAs, the defective component has not been officially named but the problems are widely believed to be due to a documented issue in the Intel Atom C2000 chip family.

Gartner believes that the original component manufacturer of the defective component has notified all impacted vendors. However, the actions taken by those vendors have varied, and the impact is huge: we estimate that 150,000 to 500,000 impacted units are deployed globally, including branch office routers (and SD-WAN appliances), WLAN controllers, branch office security and switching appliances, data center leaf and spine switches, and core routers.

Products that fail cannot be rebooted or recovered and replacement is the only remedy. Most impacted vendors are offering replacement programs for products under service contracts to avoid future failures, however we believe some vendors are not owning up to a potential problem within their offerings.

The big issue is that few vendors have proactively notified impacted customers, so many enterprises are unaware of this issue that can have a significant impact on network uptime (which is hard to maintain as-is).  With the potential for network failures impacting business critical processes, it's time to take notice of this industry wide problem. We provide specific recommendations and a list of impacted/not-impacted products in this just-published research:

Potential network and security equipment failures demand immediate attention

Summary: At least eight network and network security vendors have public notifications about a specific defective component that could cause equipment failure. Months after the initial notification, many I-O leaders are unaware of the need to assess their risk and plan to replace impacted devices.