Too insecure: IT services firm NTT Data expected to drop Ivanti products
Not only the internal network, but also the resale to customers is affected. The security of the products is an unacceptable risk.
(Image: Alessandro Pintus/Shutterstock.com)
The IT service provider NTT Data no longer wants to work with the security appliance manufacturer Ivanti in the future. The company writes this in an internal email, excerpts of which have been made available to heise security. The service provider takes a hard line with its supplier and describes its devices as an "unacceptable risk" due to various security vulnerabilities.
The message, which was apparently sent internally by NTT Data, reads as follows: "Despite continuous monitoring and contact, we have not seen any significant improvement in the security situation. Therefore, continued use poses an unacceptable risk to our operations, data integrity and the trust of our customers".
Videos by heise
Insecurity known for years
Ivanti has repeatedly attracted attention due to sometimes serious security vulnerabilities in its security appliances, most recently a fortnight ago. Last year, the US cyber security authority CISA even ordered its subordinate authorities to switch off certain Ivanti devices. The company's CEO then promised improvement in an open letter. However, this has apparently only partially materialized: It is true that Ivanti published around two thirds fewer CVE numbers for security vulnerabilities compared to the previous year. This may be due to fewer bugs, but also less troubleshooting. However, even in 2025, CISA had to issue a warning about malware that directly infiltrated the manufacturer's devices; its own security team overlooked a critical vulnerability and categorized it as a normal program error.
The security problems at Ivanti have been known for years, but the alleged delisting by NTT Data is an unusual step. According to the internal announcement, the company intends to discontinue all Ivanti products in future. This applies not only to the company's own systems, but also, in particular, to resale to third parties. Renewals for existing contracts will also be cancelled, and internal security specialists will provide support during the changeover, according to the memo. The Japanese NTT Data is active at several locations with its subsidiary in Germany and offers security services such as "Managed SOC".
An official confirmation from the company is still pending. Asked about the email, a spokeswoman for the company promised internal clarification yesterday, Wednesday – as soon as this has been done, we will update this report. Ivanti could not be reached for comment at short notice.
(cku)
