Social Network For Security Executives: Network, Learn & Collaborate
We use security products to secure our systems and our businesses. However, the very security products we use, can themselves have vulnerabilities which can leave us susceptible to attacks. We conducted a study recently to understand the vulnerability trends in security products.Read further to know more on what we discovered this time around.
How was the research conducted?
We started off with some survey on the internet to find something closely related to vulnerability trends in security products. As part of our survey, we came across many interesting articles but could not find exactly what we were looking for. Finally, we decided to pull out data from NVD vulnerability database and run some SQL queries to create some interesting statistics.
Key findings of the Report:
(Read more: How would you describe the CISO role on Twitter?)
Security products have been targeted by the hackers from the time they were introduced in the market.It should be noted that vulnerability findings in security products and software follow similar trend as any other general purpose commercial or open source product. It is also quite evident from our study that security products are vulnerable to same type of vulnerabilities such as Buffer Overflow, MITM, Information leakage etc. as any other products used in the organizations.
Some of our major predictions:
How to combat vulnerabilities in Security Products?
We have used well known vulnerability standards and database like Common Vulnerability Enumeration (CVE), Common Product Enumeration (CPE) and Nation Vulnerability Database (NVD). One of the major challenges we faced was in classifying the products into security and non-security products, as the current product standard (CPE) does not support it. We solved this challenge by considering that security products have certain keywords like, ‘ ID‘virus’, ‘firewall‘, ‘IPS‘, ‘scan’ etc. Hence there are chances of some date being missed and the report should be considered as indicative. iViZ disclaims all warranties, expressed or implied, with respect to this research for any particular purpose.