Zyxel Networks shared its progress in delivering on the Secure by Design Pledge; a Cybersecurity and Infrastructure Security Agency (CISA) initiative that encourages manufacturers across the world to integrate security from the initial design phase, fostering transparency and building products that are secure by default.
As one of the industry’s early advocates of CISA’s Secure by Design pledge, Zyxel Group was not only the first company in Taiwan to participate, but also one of the first within the global SMB networking space to do so, underscoring its leadership in proactive cybersecurity measures. Since then, Zyxel Networks has worked methodically to implement CISA’s Secure by Design goals across its SMB product portfolio, including:
- Multi-factor authentication (MFA): All Nebula Cloud-managed devices, including firewalls, routers, switches and access points, are supported with MFA. Zyxel Networks became the first vendor globally to offer MFA for wireless access through its Secure WiFi feature, enabling admins to enforce secure access for remote AP users. For firewalls, MFA is also enabled for both administrative logins and remote VPN users, using email-based verification or integrations with Microsoft and Google accounts
- Elimination of default passwords: devices shipped from the factory are preloaded with random, unique passwords that must be changed during setup, ensuring improved security right out of the box. For Nebula Cloud-managed networks, users are required to create strong credentials upon initial login
- Reduction in entire classes of vulnerability: adopted robust secure coding and development practices, including adherence to the Open Worldwide Application Security Project (OWASP) Top 10, use of static code and firmware analysis tools like Checkmarx, and advanced techniques such as automated combinatorial testing (ACTS). Zyxel Networks also engages independent third-party penetration testing firms to help reduce blind spots in product development
- Ensuring timely security patches: Zyxel Group’s record on timely vulnerability patching is reinforced by its role as a CVE Numbering Authority (CNA) since 2021. Over the past five years, the company’s average Mean Time to Remediate (MTTR) has remained in line with industry standards, reflecting its ongoing investment in fast, coordinated response mechanisms
- Established a vulnerability disclosure policy (VDP), and transparency in vulnerability reporting: Zyxel Group has implemented a comprehensive VDP, with clear guidelines and reporting channels available to the public. Its transparency in reporting and disclosure have earned it the highest level of CNA acceptance, which is unmatched by any other SMB networking brand to date.
- Enhanced evidence of intrusions: All of Zyxel Networks’ Nebula Cloud-managed products now include between seven and thirty days of detailed network logging. Security insights are delivered through SecuReporter, a cloud-based analytics platform that offers a centralized view of network activity and threats. For firewalls and security routers, access and operational logs are retained for up to 12 months – enabling comprehensive audits and incident response
“We believe that security must be built in, not bolted on,” said Ken Tsai, President of Zyxel Networks. “Our commitment to Secure by Design helps us protect our customers and partners in a fast-evolving threat landscape. It contributes to a healthier IT ecosystem, and transparency in vulnerability reporting is a hallmark of responsible, modern security practice. Our approach is grounded in openness, honesty and long-term trust, which is fully aligned with CISA’s vision and, more importantly, our customers’ expectations.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.