cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Your security management software is spying on you?

Who watches the watchers, right?

 

A analytics firm, itself collecting information on its own customers' networks (but, presumably, with permission?) found that many "security" products are sending information outside the network, without informing anyone ...


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
Highlighted
Community Champion

Re: Your security management software is spying on you?


@rslade wrote:

Who watches the watchers, right?

 



Imagine what happens with those trusted partners in the cloud? Boo! Happy Halloween!

Highlighted
Community Champion

Re: Your security management software is spying on you?


@rslade wrote:

Who watches the watchers, right?

 

A analytics firm, itself collecting information on its own customers' networks (but, presumably, with permission?) found that many "security" products are sending information outside the network, without informing anyone ...


Well, there really isn't much to go on in the original article. Without explicitly stating which products are violating user's consent for information sharing, we are deprived from the possibility of independent analysis.

Consider prior cases where similar claims were made: one was regarding Kaspersky phoning home, which ended-up being legitimate malware analysis, admittedly, not the samples meant to be exposed, or the story about Carbon Black phoning home (see CB response here: https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-re...).

 

Not saying it is impossible, it's just I fail to derive value from incomplete alarmist statements. If there is a legitimate issue, I'd like to know if I or my clients have a problem and look for a solution.

 

Considering that most of the serious security solutions require cloud-scale analysis to be effective, we hardly can expect not to ship data offsite for running it in sandboxes, if existing hashes are not locally present.

Inevitably, some of that information, including documents, links, executables, scripts, etc.. will contain something that we rather not find in a poorly secured AWS S3 bucket.

 

So long as the information is properly secured in transit and analyzed by fully automated solutions, I suspect that most organizations with less than a square acre of computing power, will have to live with it.