A rising concern amongst IT professionals is the degree to which security vendors and products are themselves susceptible to compromises. This past weekend critical flaws were discovered in the products of not one, but two leading security vendors: FireEye and Kaspersky Labs. Because all systems are exploitable—even security products—a layered approach to security is crucial for maintaining a strong security posture in today’s cyber landscape. Enterprises heavily reliant on a single monolithic solution are best advised to diversify their security strategies to combat ongoing threats.
In Kaspersky Labs’ case, a buffer overflow vulnerability was discovered by security researcher Tavis Ormandy, which led to a global fix rollout less than 24 hours later. Of course, Kaspersky Labs has been having a bit of a rough year with its corporate networks falling victim to attack back in June. In addition to the buffer overflow zero-day, Ormandy discovered a slew of other vulnerabilities in Kaspersky Labs’ products—so the security giant may not be in the clear just yet.
FireEye’s zero-day vulnerability is likely to draw more public ire than Kaspersky Labs’, as the company was reportedly aware of its existence for over 18 months. The flaw— known as a file disclosure vulnerability— gives hackers unauthorized remote root file system access via a PHP script flaw on the FireEye appliance itself. And like Kaspersky’s case, Kristian Erik Hermansen—the security researcher who discovered the FireEye vulnerability—announced the discovery of three other critical vulnerabilities with FireEye’s products, the details of which have yet to be disclosed.
Vulnerabilities Per CVE
These latest sobering zero-day vulnerabilities from FireEye and Kaspersky Labs certainly won’t be the last. In fact, both vendors have their fair share of documented vulnerabilities in MITRE’s CVE database:
Again—for the record—all software and systems are flawed, even security products. For example, popular security vendor Tripwire has its share of documented vulnerabilities per the CVE database. We compared FireEye with leading security solution Tripwire in our FireEye vs. Tripwire article.
The inherent vulnerability of software makes it critical for organizations to adopt a layered approach to security, one that includes continuous monitoring and validation of all infrastructure security devices: firewalls, security appliances, IDPS, and others. And as the application stack is increasingly being targeted for attack, software and underlying components must also be regularly monitored for vulnerabilities. For example, FireEye’s latest appliance vulnerability involves exploiting Apache and PHP running as the root user. A simple UpGuard policy can detect this configuration issue easily and automatically.
In short, leading security solutions can offer competent enterprise protection—but are no less vulnerable than the IT assets they are protecting. UpGuard validates that security mechanisms are working/configured as expected and are free from critical vulnerabilities and flaws. Our platform’s OVAL-backed vulnerability detection and monitoring suite enables organizations to easily discover the latest vulnerabilities, security gaps and exposures in their infrastructures before hackers do.
All the information needed to perform a CSR assessment is bundled into the UpGuard platform. Learn more about CSR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >