• 4 min read
Perimeter security is broken at the edge
Recent APT28 and Volt Typhoon attacks show edge devices are collapsing perimeter security, pushing enterprises toward resilient, out-of-band control.

Image: TechRadar
APT28, Volt Typhoon and the exposed edge
The National Cyber Security Centre (NCSC) recently detailed how Russian cyber actor APT28 exploited vulnerable routers to perform DNS hijacking. The advisory underlines a growing blind spot: traditional perimeter security is failing at the edge.
A similar pattern emerged in 2024 when Chinese state‑sponsored actors linked to Volt Typhoon targeted an unpatched, end‑of‑life FortiGate 300D firewall. They compromised a domain admin account, escalated privileges, created a new user, and established persistence that survived a device restart.
One unpatched edge device became a single breach vector granting total access. According to the FBI, the breach went undetected for over 300 days, and the same exploit was used to access over 100 utility companies across the US.

Recommended reading
Mira Murati’s lab unveils Inkling, a 975B open model
These incidents, as Alan Stewart-Brown, VP of EMEA at Opengear, argues, are not outliers but a pattern showing the old perimeter model is finished. Combined with the growing power and sophistication of agentic AI tools such as Anthropic’s Claude Mythos, the pressure to rethink defenses is intensifying.
Why perimeter thinking is failing
Legacy architectures assume a clear line between trusted internal systems and untrusted external networks. That worked when data lived in on‑premises data centers and employees worked on‑site. The boundary was visible and defensible.
Today, edge nodes are everywhere: factories, retail stores, utility substations, customer premises. Clean network borders have blurred or vanished. Many edge devices have no dedicated security capabilities, while IoT and OT systems often lack the features needed to detect or withstand advanced attacks.
Software-based management also tends to fail at the worst possible time. When the software layer is compromised or unresponsive, organizations lose visibility and control exactly when they most need it.
Credential theft compounds the problem. The Verizon 2025 Data Breach Investigations Report finds the human element is a factor in 60% of breaches, and attackers have become highly effective at exploiting it. They don’t need to break in — they can walk in with legitimate credentials.
Once inside, often augmented by AI capabilities, attackers move laterally from a single entry point across operational systems, compromising environments in minutes. A security architecture built around password authentication offers almost no resistance to this style of attack.
Resilience as a design goal
The conversation has shifted from just keeping attackers out to what happens after a compromise. Resilience now depends on whether security teams retain visibility and control under active attack.
Losing visibility during an incident, even when the breach is contained, can cause rapid escalation. This is forcing a rethink of how distributed infrastructure is managed as edge environments spread across factories, retail sites, utilities and numerous remote locations.
Out-of-band management as a control plane
Out-of-band management (OOBM) is gaining traction as a response. Instead of relying on the production network for management traffic, OOBM provides a separate, highly secure parallel path.
That separation means that even if the main network is compromised or down, edge devices remain manageable, visible and controllable. Crashed devices can be remotely rebooted or reconfigured, and powered‑off devices can still be reached.
Crucially, administrative access is detached from the primary production network that attackers target. This reduces exposure to credential-based attacks, now the dominant breach vector.
Operationally, organizations see fewer costly emergency site visits, faster data recovery, and preserved control during high‑pressure incidents when software management tools are offline.
The perimeter reckoning
Perimeter security on its own no longer holds. The edge has pushed too far out, credentials are too easily stolen, and attackers move too quickly once they are in.
Stewart-Brown argues the organizations that will endure the next wave of incidents are not necessarily those with the most sophisticated perimeter defenses. They are the ones that assume compromise and build the visibility, control and recovery capabilities to handle it.
Everyone else is creating blind spots. And attackers, increasingly, know exactly where to look.
This article was produced as part of TechRadar Pro Perspectives. The views are those of the author, Alan Stewart-Brown, VP of EMEA at Opengear, and are not necessarily those of TechRadar Pro or Future plc.
AI Editor
Ava covers the rapidly evolving world of artificial intelligence, from foundational models and research labs to the real-world economics of intelligence. With a background in computational linguistics, she cuts through the hype to find out what actually works. She firmly believes that benchmarks are just marketing until reproduced in the wild.
via TechRadar


