@rslade wrote:
Who watches the watchers, right?
A analytics firm, itself collecting information on its own customers' networks (but, presumably, with permission?) found that many "security" products are sending information outside the network, without informing anyone ...
Well, there really isn't much to go on in the original article. Without explicitly stating which products are violating user's consent for information sharing, we are deprived from the possibility of independent analysis.
Consider prior cases where similar claims were made: one was regarding Kaspersky phoning home, which ended-up being legitimate malware analysis, admittedly, not the samples meant to be exposed, or the story about Carbon Black phoning home (see CB response here: https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-re...).
Not saying it is impossible, it's just I fail to derive value from incomplete alarmist statements. If there is a legitimate issue, I'd like to know if I or my clients have a problem and look for a solution.
Considering that most of the serious security solutions require cloud-scale analysis to be effective, we hardly can expect not to ship data offsite for running it in sandboxes, if existing hashes are not locally present.
Inevitably, some of that information, including documents, links, executables, scripts, etc.. will contain something that we rather not find in a poorly secured AWS S3 bucket.
So long as the information is properly secured in transit and analyzed by fully automated solutions, I suspect that most organizations with less than a square acre of computing power, will have to live with it.
