Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • I Have Antivirus; I’m Protected, Right? Mis-steps Customers Make with their Security and Vulnerability Tools
  • Cyber Attacks
  • Vulnerabilities

I Have Antivirus; I’m Protected, Right? Mis-steps Customers Make with their Security and Vulnerability Tools

6 years ago Christopher Minori
I Have Antivirus; I’m Protected, Right? Mis-steps Customers Make with their Security and Vulnerability Tools

I’ve worked in the IT field for over 30 years. 20 of those years have been spent in the network security field, employed by some of the largest names in the industry. But to my family, I’m still just the guy who “works with computers”.

Many of my family are not computer savvy, which is a nice way of saying I had to teach them where the power button is. However, “Power Button Locator” is just one of my jobs. Windows won’t boot up? Call Chris (“You’re running on a dead battery, Gran”). Browser running slow? Call Chris (“You have 513 tabs open, Uncle Bob”).  Windows 10 doesn’t look right? Call Chris (“I keep telling you, Dad, you have an iPad”).

I have an antivirus; I’m protected, right?

By far, the biggest question I get is, “I have an antivirus; I’m protected, right?”.

Of course, the answer to that is always the same – “Maybe”. They do have an antivirus installed, usually the one that came pre-installed. But they never update the signatures. Or they neglected to register. Or they didn’t realize they had to set up scheduled scanning.

In other words, they had the tool, but they didn’t know how to use it.

The same can be said of a lot of companies. They have the tool, but they failed to put a process in place to use them efficiently.

They have a vulnerability scanner, but they don’t have compliance software. Or they have compliance software but didn’t install a vulnerability scanner. The two are not the same. Each are used for different purposes, and while they may occasionally cross-over into each other’s territory, you’re only getting half the picture of your security if you don’t have both in your environment.

Sometimes they have both tools, but they don’t have a proper process for updating. A scanner is only as good as its latest update, particularly when we’re talking about updates to what it’s looking for. You’re not going to detect vulnerabilities discovered this month if you’re using a database of vulnerabilities that was last updated in January.

Using your security and vulnerability tools correctly

Are you meeting your tools requirements? Credentialled access usually comes into play here. Many tools require you enter a credential for the machine you want to scan. If you don’t, you’ll get nothing but low-level vulnerabilities. You may think to yourself that this machine is clean because it returned no vulns. It’s not. The tool just couldn’t get access to scan. The biggest reason I hear from customers when they do this is, “I want to know what a hacker can see”, to which I always respond, “Your tool isn’t a hacker.” Not being able to see the vulnerabilities from the other side of the internet does not mean they aren’t there. And simply because Hacker Joe couldn’t hack into your system to exploit them, doesn’t mean that Hacker Frank won’t.

I’d say the biggest mis-step customers make with their vulnerability tools isn’t configuring the software but coming up with a proper plan for scanning their numerous networks.  Are you creating scan policies per network, or are you creating one giant policy that scans everything? Don’t. When it comes to vulnerability scanning, one size does not fit all. Which vulnerabilities are you scanning for? Using that Windows scan policy against your Linux servers will miss a lot of vulnerabilities and cause false positives. Does your network password policy only allow for three wrong logins, but you’re running 25 password checks with your scanner? Get ready for a lot of account lockouts.

When deploying your scanner, don’t just look at how you configure the machinations of the scanning software, but also look at each network to be scanned and figure out what scan policy would work best.

A policy that’s too big will slow down your scanning. A policy that’s too small will miss a lot of vulnerabilities. So take it from the guy who “works with computers”– as network security experts, it’s our responsibility to ensure we have setup the software correctly, we’re looking for the correct vulnerabilities, and we’ve configured our scan policies to scan the way we need it to on a per-network basis. Otherwise, we’ll have the tool installed, but we won’t know how to use it.

The post ” I Have Antivirus; I’m Protected, Right? Mis-steps Customers Make with their Security and Vulnerability Tools” appeared first on TripWire

Source:TripWire – Christopher Minori

Tags: Exploit, Hacker, Linux, Low Severity, TripWire

Continue Reading

Previous Advertising Plugin for WordPress Threatens Full Site Takeovers
Next Joker Malware Apps Once Again Bypass Google’s Security to Spread via Play Store

More Stories

  • Cyber Attacks
  • Malware

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Malware

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Vulnerabilities

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Vulnerabilities

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

1 day ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
  • Block the Prompt, Not the Work: The End of "Doctor No"
  • Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
  • 3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
  • Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT