Some recent security scares show that many of the products companies use to patch security vulnerabilities could use some patching of their own.
Recent attacks have been discovered targeting firewall, antivirus and other security products from HBGary, RSA and Comodo, according to DarkReading.com.
The vulnerabilities include buffer overflows and directory traversal attacks.
The lesson: Security products are no different than other technologies. Any piece of software or hardware on a company’s network creates another potential entry point for hackers.
That’s especially the case with newer products which often include a web-based management console. Often, that’s where cybercriminals find vulnerabilities.
What should companies do about it? To prevent security products from creating their own security problems, IT can:
- Keep the product’s own security in mind while evaluating new security tools. Ask vendors how they protect their products and run penetration tests before decisions are made.
- Include security products in regular security auditing and testing and pay attention to security advisories and patch notices, as you would with any other software.
- Monitor device behavior and reduce the chances of attack by disabling unnecessary features.