This is a guest blog from Mark Fabbi
Since February 2017, a growing number of network and security vendors have published field notices or confirmed that some product lines have an increasing likelihood of total system failure. Due to vendor NDAs, the defective component has not been officially named but the problems are widely believed to be due to a documented issue in the Intel Atom C2000 chip family.
Gartner believes that the original component manufacturer of the defective component has notified all impacted vendors. However, the actions taken by those vendors have varied, and the impact is huge: we estimate that 150,000 to 500,000 impacted units are deployed globally, including Branch office routers (and SD-WAN appliances), WLAN controllers, Branch office security and switching appliances, Data center leaf and spine switches, and Core routers.
Products that fail cannot be rebooted or recovered and replacement is the only remedy. Most impacted vendors are offering replacement programs for products under service contracts to avoid future failures, however we believe some vendors are not owning up to a potential problem within their offerings. The big issue is that few vendors have proactively notified impacted customers, so many enterprises are unaware of this issue that can have a significant impact on network uptime (which is hard to maintain as-is). With the potential for network failures impacting business critical processes, it’s time to take notice of this industry wide problem. We provide specific recommendations and a list of impacted/not-impacted products in this just-published research:
Summary: At least eight network and network security vendors have public notifications about a specific defective component that could cause equipment failure. Months after the initial notification, many I&O leaders are unaware of the need to assess their risk and plan to replace impacted devices.
note: image courtesy openclipart.org
Read Complimentary Relevant Research
Five Golden Rules for Creating Effective Security Policy
Policy writing is a risk communication exercise that is frequently performed by people who lack the skills needed to create good security...
View Relevant Webinars
Move Beyond 'Awareness' to Security Culture Management
On its own, security awareness can be ineffective in helping organizations instill the desired/needed values and behaviors. Employees...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.