1. Home
  2. Newsroom
  3. Press Releases
  4. Zyxel Networks leads global SMB networking sector in Secure by Design implementation

Zyxel Networks leads global SMB networking sector in Secure by Design implementation

Strengthening MFA, vulnerability management and transparency

HSINCHU, Taiwan, July 7, 2025—Zyxel Networks, a leader in delivering secure and AI-powered cloud networking solutions, today shared its progress in delivering on the Secure by Design Pledge. This Cybersecurity and Infrastructure Security Agency (CISA) initiative encourages manufacturers across the world to integrate security from the initial design phase, fostering transparency and building products that are secure by default.

Logo of Secure by Design against a dark backdrop, symbolizing commitment to safety and secure design principles.

As one of the industry’s early advocates of CISA’s Secure by Design pledge, Zyxel Group was not only the first company in Taiwan to participate, but also one of the first within the global SMB networking space to do so, underscoring its leadership in proactive cybersecurity measures. Since then, Zyxel Networks has worked methodically to implement CISA’s Secure by Design goals across its SMB product portfolio, including:

  • Multi-factor authentication (MFA): All Nebula cloud-managed devices, including firewalls, routers, switches and access points, are supported with MFA. Notably, Zyxel Networks became the first vendor globally to offer MFA for wireless access through its Secure WiFi feature, allowing admins to enforce secure access for remote AP users. For firewalls, MFA is also enabled for both administrative logins and remote VPN users, using email-based verification or integrations with Microsoft and Google accounts.
  • Elimination of default passwords: Devices shipped from the factory are preloaded with random, unique passwords that must be changed during setup, ensuring improved security right out of the box. For Nebula cloud-managed networks, users are required to create strong credentials upon initial login.
  • Reduction in entire classes of vulnerability: Adopted robust secure coding and development practices, including adherence to the OWASP Top 10, use of static code and firmware analysis tools like Checkmarx, and advanced techniques such as automated combinatorial testing (ACTS). Zyxel Networks also engages independent third-party penetration testing firms to help reduce blind spots in product development.
  • Ensuring timely security patches: Zyxel Group’s record on timely vulnerability patching is reinforced by its role as a CVE Numbering Authority (CNA) since 2021. Over the past five years, the company’s average Mean Time to Remediate (MTTR) has remained in line with industry standards, reflecting its ongoing investment in fast, coordinated response mechanisms.
  • Established a vulnerability disclosure policy (VDP), and transparency in vulnerability reporting: Zyxel Group has implemented a comprehensive VDP, with clear guidelines and reporting channels available to the public. Its transparency in reporting and disclosure have earned it the highest level of CNA acceptance, which is unmatched by any other SMB networking brands to date.
  • Enhance evidence of intrusions: All of Zyxel Networks’ Nebula cloud-managed products now include between seven and thirty days of detailed network logging. Security insights are delivered through SecuReporter, a cloud-based analytics platform that offers a centralized view of network activity and threats. For firewalls and security routers, access and operational logs are retained for up to 12 months—enabling comprehensive audits and incident response.

“We believe that security must be built in, not bolted on,” said Ken Tsai, President of Zyxel Networks. “Our commitment to Secure by Design helps us protect our customers and partners in a fast-evolving threat landscape. It contributes to a healthier IT ecosystem, and transparency in vulnerability reporting is a hallmark of responsible, modern security practice. Our approach is grounded in openness, honesty and long-term trust, which is fully aligned with CISA’s vision and, more importantly, our customers’ expectations.”

For more information about Zyxel Networks’ product portfolio that incorporates the Secure by Design principles, please visit www.zyxel.com


About Zyxel Networks

Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise-edge. We deliver seamless connectivity and flexible scalability through subscription services, all backed by robust security. With a reputation built on decades of unlocking potential and helping people adapt to the changing workplace, Zyxel Networks has earned the trust of over 1 million businesses across 150 markets.