Top External Network Risks And How to Fix Them

CIS CTI reports widespread TLS/SSL weaknesses observed in MS-ISAC member external networks, highlighting outdated protocol versions (TLS 1.0/1.1), weak ciphers, insufficient key exchange strength, misconfigured certificates, and legacy vulnerabilities (Sweet32, BEAST, POODLE). The briefing explains risks such as decryption and adversary-in-the-middle attacks, and provides concrete remediation steps: enforce TLS 1.2+, disable legacy ciphers and SSL 3.0, ensure strong key exchanges, maintain valid CA-signed certificates, and conduct ongoing vulnerability management and testing.