The sooner we move away from firewalls being the primary stopgap between threat actors and our environments, the better.

Ethical Threat Insight: Firewalls are Obsolete

I’m an on-prem Active Directory guy but the rate at which edge devices are under attack is impossible to ignore.

Moving to an identify-first zero trust model (for many/most?) organizations makes sense.

Why?

  1. edge devices are under heavy attack - it seems like you can’t go a week without hearing about a new zero day in a firewall product. Large, old code bases riddled with vulnerabilities. This is not ideal

  2. IFZT (identity first zero trust) reduces reachability - access is only allowed after identify-based policies are satisfied. There’s no port/service scanning, no forgotten about NAT rules, no open admin interfaces.

And yes, identities are also heavily attacked via password sprays, credential stuffing, and phishing. But that’s a much more controllable factor.

And no, this doesn’t mean we can completely eliminate firewalls altogether. This is about what we expose to the internet and how.

I know it’s not easy, to shift strategies and move to a completely new model. But if that’s what it takes…

How many times do we have to repeat the cycle and do the zero day emergency patch song and dance before we make a change?

Attackers are exploiting edge devices and firewalls more than ever before. I talk about this and more on a recent podcast.

Check it out below!

https://offsec.blog/episode-170-the-evasive-adversary/

Also this made me laugh. Enjoy this funny but very relatable meme about fortinet, Citrix and exchange.

Keep Reading

© 2026 Ethical Threat Insights.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv