At Todyl, we are always looking for ways to help our partners elevate their own security posture and the security posture of their customers. Vulnerabilities are being exploited on a daily basis and remediation seems to take longer than expected. Attackers are getting faster by the day. There are more vulnerabilities disclosed each year. We are caught between a rock and a hard place. Security is HARD.
When we look at a cross section of threats across the data, we see something like this as one data point.
For a moment, I freeze and think it is all a dream. What year are we in? My eyes wander to the bottom right of the screen and I check the date.
GreyNoise recently released a report highlighting that older vulnerabilities in VPNs, firewalls and routers are a focus for threat actors. About 40% of vulnerabilities exploited in 2024 were from before 2020. This is by design as edge devices provide a way for attackers to achieve economies of scale and scope. These are harder to remediate as downtime is less tolerable, they are often forgotten and generally not updated regularly enough even when they are not forgotten. Once exploited, attackers can use these as launch points in the network to keep re-infecting, stay persistent, etc. Attackers have a lot to gain by exploiting these and we have a lot to lose by ignoring them.
There is a lot going on in the threat landscape on a day-to-day basis that going back and remediating older vulnerabilities seems like a lower priority. One needs to be discerning, however: patching older vulnerabilities that are exploited or on sensitive devices like edge devices should always be a high priority. Unfortunately, it is not uncommon for attackers to exploit vulnerabilities from 2017 or 2018 in 2025.
There is always hope for security professionals to get ahead of new threats while taking care of older ones.
Maintain balance between old/new vulnerabilities and zero days based on potential exposures in your environment. Keep an eye out on all corners of the threat landscape as we cannot be asleep at the wheel. There is a lot going on, so one must be discerning about which ones need to be patched immediately, and which can wait.
Defense-in-depth: Besides remediation, make sure to have a solid security platform that can detect exploitation via multiple stages of the kill chain, including network (SASE), SIEM, NGAV, EDR, etc.
Become unattractive to attackers as they are always going to go after the lowest hanging fruit. Why bother with a complex and expensive attack when the keys of the kingdom are right there within reach? The objective is to decrease the ROI for attackers, so we are not attractive targets, making it expensive for them to try to go after us. Elevate your security posture by locking down your attack surface area.
Don’t forget the older exposures in your environment. Attackers are looking for the gold.
