Not Zero-Days. Not Nation-States. A Firewall Rule.

A firewall's entire job is to control what gets in. In Reach's research, it was the most common source of a configuration-related near miss or exposure, ahead of EDR and identity controls.

It does not take much. One rule broadened for a project, one exception that outlived its reason, one change that shipped without anyone checking it against intent. A single overly permissive rule, sitting live between quarterly reviews, is enough.

Full breakdown here: https://bit.ly/4xOc2R0

More to come on this soon.

#cybersecurity #configurationdrift