Can you still defend your enterprise network with 90’s technology?

CSOonline.com reported that “Enterprises have long relied on firewalls, routers, VPN servers, and email gateways to protect their networks from attacks. Increasingly, however, these network edge devices are becoming security liabilities themselves.” The October 20, 2025 entitled “Network security devices endanger orgs with ’90s era flaws” (https://www.csoonline.com/article/4074945/network-security-devices-endanger-orgs-with-90s-era-flaws.html) included these comments:

Every few weeks, another crisis plays out: Security teams scramble to patch and scan their network appliances for malware implants after another zero-day attack is newly reported. Vendors emphasize that sophisticated nation-state actors carry out these attacks, but critics question why the basic flaws being exploited — buffer overflows, command injections, SQL injections — remain prevalent in mission-critical codebases maintained by companies whose core business is cybersecurity.

Attackers constantly evolve their techniques. Security engineering, inherently challenging, can’t fix everything. All software products have vulnerabilities, even security tools. These would be valid responses if we were dealing with complex flaws, says Benjamin Harris, CEO of cybersecurity and penetration testing firm watchTowr. “But these are vulnerability classes from the 1990s, and security controls to prevent or identify them have existed for a long time. There is really no excuse.”

What do you think?