Zyxel Claims Cybersecurity Sainthood, Brags About Doing What Every Tech Firm Should’ve Been Doing All Along

In a world where tech companies often treat cybersecurity like a bad New Year’s resolution, Zyxel Networks is out here practically canonizing itself for finally doing the bare minimum: designing products that aren’t digital ticking time bombs.

On July 10, Zyxel puffed its chest and reminded everyone that it was among the first in the global small and medium business (SMB) networking sector to sign the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge—because, apparently, securing devices before hackers turn them into Swiss cheese is now considered revolutionary.

Zyxel, a Taiwanese networking company best known for quietly dominating the SMB router and firewall market, has been breathlessly implementing security features like multi-factor authentication (MFA), vulnerability patching, and the radical idea of not shipping devices with “admin/admin” as default credentials.

Yes, you read that right—Zyxel is applauding itself for not making the first step into your network as easy as guessing your birthday.

The company now boasts that every Nebula cloud-managed device—from firewalls to access points—comes with MFA support. It even claims to be the first vendor globally to enforce MFA for wireless access via its Secure WiFi feature.

Admins can now sleep a little easier knowing their remote access points won’t be hijacked by some teenager in a basement armed with a password list from 2012.

To ensure their products aren’t riddled with bugs fresh out of the box, Zyxel has embraced robust secure coding practices, leveraging OWASP Top 10 guidelines, and advanced scanning tools like Checkmarx.

Oh, and let’s not forget the ACTS (automated combinatorial testing) acronym they threw in there—because nothing says “we care” like a three-letter testing methodology.

Zyxel also partners with independent penetration testers, because why trust your own developers to catch the holes they dug in the first place?

On the issue of security patching—which, let’s face it, is often treated as an optional side quest by most tech firms—Zyxel touts its status as a CVE Numbering Authority (CNA) since 2021.

Translation: they don’t just patch their flaws, they catalog them too, like rare stamps.

The company insists its average Mean Time to Remediate (MTTR) remains “within industry standards,” which is just a polite way of saying “we’re not as slow as the other guys.”

Zyxel even implemented a vulnerability disclosure policy (VDP) with public-facing reporting channels.

In techland, this qualifies as a transparency milestone, though for customers, it’s more like asking your plumber to admit the pipe’s leaking before the basement floods.

To round out its security makeover, Zyxel has extended network logging on Nebula-managed devices, offering detailed logs for up to 30 days and, in the case of firewalls, even 12-month log retention for those really committed to post-mortem analysis.

These logs are fed into SecuReporter, the company’s cloud-based analytics platform that essentially tells you when your digital house is burning down—just a bit more elegantly.

Gary Chen, regional head of Southeast Asia at Zyxel Networks, offered up the usual gospel: “Security must be built in, not bolted on,” which sounds noble until you realize it’s 2025 and most vendors still treat security like a late-stage patch job.

Chen said the company’s approach aligns with CISA’s vision of transparency, openness, and “long-term trust”—an ethos we all hope extends beyond the press release.

To Zyxel’s credit, being one of the first in Taiwan and in the global SMB market to embrace Secure by Design is a step forward in an industry that often prefers duct tape over diligence.

But let’s not throw them a parade just yet.

After all, building secure products should be the floor, not the ceiling—and Zyxel’s chest-thumping announcement is more of a reminder of how low the bar has been for far too long.