Introduction to the problem
The challenges of protecting organizations from cyber threats are numerous, with new breaches reported almost daily. Less talked about, however, is the cost of these breaches, which averages a whopping $4.88 million per breach —a figure that increased by 10% in 2024 alone.¹ Attacks on edge infrastructure are also increasingly reported, with multiple vulnerabilities being discovered—and in devices that are often tasked with protecting the network.² The number of threats is so large that even Ethan Hunt might be discouraged!
The main obstacles to gaining full visibility in this dynamic landscape are multi-faceted, but can be reduced to three key issues:
Increased attack surface due to the huge number of endpoints, including IoT devices, OT devices, and other unmanaged assets
Unsecured Connections and Universal Connectivity
Complex network architecture and errors in the configuration of devices and network segments
As a result, many current cybersecurity solutions are unable to effectively eliminate threats, especially at the network edge. The approach to managing cybersecurity risk must be flexible and tailored to the specifics of a given company, which allows for better adaptation to changing threats and situations in the cyberspace. Below, we discuss three key groups of tools that, while necessary, often leave gaps in the security of the edge network.
Scope of the NIS2 Directive
The NIS2 Directive covers businesses operating in critical sectors, including large and medium-sized enterprises, as well as microenterprises that provide digital services. The Directive also applies to public and private entities that provide services that are essential for the functioning of the state and the economy. The scope of the Directive is broad and covers many sectors, including postal services, transport, energy and health care. The Ministry of Digital Affairs is responsible for implementing the Directive and ensuring its compliance by businesses.
Obligations of companies covered by the NIS2 Directive
Companies covered by the NIS2 Directive are required to implement appropriate cyber risk management measures, including technical, operational and organisational measures. They must also notify the relevant national authorities in the event of computer security incidents. Businesses must also ensure that their IT systems comply with the requirements of the Directive and that they are able to detect and respond to computer security incidents. These obligations also apply to software testers, who must ensure that the software is secure and error-free.
Tools for managing and testing the vulnerability of IT systems
These tools are designed to identify, assess, prioritize, and mitigate vulnerabilities in an organization’s IT infrastructure. They include vulnerability scanning, network security assessment, configuration management, and more.
Programming skills are essential in the work of an automation tester, as it requires knowledge of various programming languages to write test scripts. Languages such as Java, Python, and SQL are essential for effective testing of computer systems.
Although they are key to any security strategy, they often fail to fully fulfill their role due to incomplete inventory of endpoints, devices, and infrastructure. And it is precisely the full identification of assets that is the foundation for effective vulnerability management.
Inventory deficiencies result from, among others:
- Complex network architecture (asymmetric routing, NAT, firewalls, hub-and-spoke topologies),
- Applications of media converters that create "invisible paths",
- Misconfigurations (e.g. switch ports assigned to incorrect VLANs).
Network Management and Security Tools
They are used to manage network infrastructure (switches, routers, firewalls, Wi-Fi access points). They collect data using protocols such as SNMP, syslog, API or packet analyzers.
In the cyberspace world, protecting data and information is key, so it is important that these tools are effective in monitoring and securing all endpoints.
While they support infrastructure configuration and monitoring, they do not always discover all endpoints, for reasons similar to those above.
The disadvantages of these tools are also:
- Complexity of implementation and configuration – requires specialized knowledge.
- Large number of false positives.
- Costs – licenses, fees for monitored items, subscriptions can put a significant strain on your budget.
Endpoint Monitoring Tools
They include solutions such as EDR (Endpoint Detection and Response), NAC (Network Access Control) or endpoint profiling. They monitor devices such as computers, servers, IoT, industrial systems.
Three main limitations:
- Agent installation limitations – Many lightweight devices (IoT, OT, ICS) do not support agents, making them “invisible” to security tools. This is a serious gap.
- Complexity of maintenance – implementing and managing agents and analyzing collected data are often time-consuming.
- Cost and burden – licensing tools based on the number of devices can be expensive, and systems analyzing network traffic require additional resources (SPAN/TAP), which complicates implementation.
Benefits of implementing the NIS2 Directive
The implementation of the NIS2 Directive brings many benefits, including increased security of networks and information systems, protection against computer security incidents and cyber threats, and improved cooperation between businesses and national authorities. The NIS2 Directive is also an important element of the national cybersecurity system and is crucial to ensuring the security of cyberspace. Implementing the Directive can also bring financial benefits, such as reducing losses resulting from computer security incidents. A software tester can play an important role in the implementation of the Directive by ensuring that software is secure and error-free.
Summary
Every security professional knows that protecting critical IT assets and organizational and customer data is a constant challenge—especially at the network perimeter.
In the context of protecting IT assets, cybersecurity plays a key role, especially in the protection of personal data and classified information, which is important for businesses, government institutions and supervisory authorities.
Although the tools for Vulnerability Management, network management i endpoint monitoring are essential, they can leave gaps – especially in edge environments where full visibility is lacking.
Therefore, when assessing the level of resilience of your organization to cyber threats, it is worth taking a closer look at these weak points. This blog is a good starting point. And if you are doing this analysis in the context of NIS2 compliance, be sure to check out our guide: CyberScope Solves Three Key NIS2 Challenges at the Challenging Network Edge – even if your organisation is not located in the European Union.
Ultimately, any tool you deploy must effectively address the unique challenges of a dynamic edge network — also the less obvious ones.
Secure your edge for NIS2 compliance: mission possible!
Full Asset Inventory – The Missing Link to Effective Edge Network Security
Introduction to the challenge
As discussed above, the network edge can pose significant challenges to centralized or agent-based cybersecurity solutions, particularly in terms of:
• Incomplete identification of devices, endpoints or infrastructure,
• Restrictions on installation on devices without an interface (headless),
• Limited visibility, which increases the risk of vulnerable assets going undetected and being exploited by cybercriminals.
Security professionals need much more than just “blind navigation” to effectively counter threats.
Four Steps to Overcoming Obstacles
Step 1 – Complete Asset Inventory
An effective, ongoing, and comprehensive inventory process can eliminate unseen gaps in your cyber defenses. This task often falls to the network team, which can use a variety of techniques—alone or in combination—such as:
| Technique | Description |
| ARP Sweep | Used in local area networks to map IP addresses to MAC addresses. Sends ARP requests to all possible IP addresses in a subnet. |
| Ping Sweep | Sends ICMP Echo requests to a range of IP addresses to identify active devices. |
| SNMP | Reads data from network devices using SNMP agents (e.g. hostnames, IP addresses, hardware information). |
| DNS Query | Queries DNS servers to resolve hostnames to IP addresses; reverse DNS queries also useful. |
| mDNS Query | Name resolution in local networks without central DNS; discovery of devices and services (printers, smart devices). |
It is worth emphasizing the advantages of a direct connection to the edge network – as opposed to a centralized (often remote) approach. A local perspective allows for better situational awareness and faster response. These tools are usually portable and can operate both wired and wirelessly.
Step 2 – Cyber Vulnerability Assessment
Once all assets have been identified, the next step is to thoroughly test them. This includes:
• Checking switch ports for correct configuration,
• VLAN segmentation verification,
• Authorization control in wireless networks,
• Scanning for known vulnerabilities and more.
It is worth working closely with the security team (SecOps) to develop an effective risk assessment process. This article may be helpful: How to perform a cybersecurity assessment.
Step 3 – Integration with security initiatives
The tools used in steps 1 and 2 should be integrated with other security processes. Examples include:
• Vulnerability management,
• Endpoint monitoring,
• Network management.
If your organization is implementing NIS2 or CIS Critical Controls, the results of the inventory and assessments should absolutely be included in these initiatives.
Step 4 – Network and Security Teams Collaborate
To achieve the highest level of edge network security, close collaboration between the teams responsible for network management (NetOps) and security (SecOps) is necessary.
The network team has a deep understanding of the perimeter architecture and operational state of resources, which allows them to “see the edge from the edge.” In turn, the security team has a better understanding of defense and response techniques.
| Challenge | The Role of NetOps | The Role of SecOps | The Effect of Cooperation |
| Visibility and monitoring | Ensuring network operation | Threat Detection and Mitigation | Full control and supervision in the edge network |
| Threat Mitigation | Secure Edge Configuration | Countermeasure tools | Reduced risk of edge attacks |
| Incident response | Network level information | Investigation and neutralization | Faster and more effective response |
| Zero Trust | Implementation of segmentation policies | Least privilege policies | Smooth implementation of Zero Trust at the edge |
| Compliance | Technical inspections | Regulatory requirements | Reduced risk of fines and non-compliance |
Summary
Even the most advanced security systems can have vulnerabilities if not all assets – especially at the network edge – have been identified and accounted for.
Therefore, a complete inventory of assets in the edge network is a key step in protecting IT assets from cyber threats.
If NIS2 compliance is your goal, you may want to check out our guide: CyberScope addresses three key NIS2 challenges at the edge – with valuable insights, even for organizations outside the European Union.
Regardless of the tools chosen, they must effectively address the unique challenges that a dynamic edge network brings, including the less obvious ones.
Text prepared based on articles:
Brad Reinboldt https://cyberscope.netally.com/blog/elimination-of-edge-network-vulnerabilities-mission-impossible
https://cyberscope.netally.com/blog/secure-your-edge-for-nis2-directive-compliance-mission-possible
Zapytaj naszego specjalistę o rozwiązania NetAlly:
Marek Chojnowski
Product Manager
tel. +48 885 805 516
m.chojnowski@stovaris.pl