Vulnerabilities in Security Products increasing at 37% CAGR !

We use security products to secure our systems and our businesses. However, the very security products we use, can themselves have vulnerabilities which can leave us susceptible to attacks. We conducted a study recently to understand the vulnerability trends in security products.Read further to know more on what we discovered this time around.

How was the research conducted?

We started off with some survey on the internet to find something closely related to vulnerability trends in security products. As part of our survey, we came across many interesting articles but could not find exactly what we were looking for. Finally, we decided to pull out data from NVD vulnerability database and run some SQL queries to create some interesting statistics.

Click here to download the full report

Key findings of the Report:

  • Total vulnerabilities reported in Security Products in 2012 have increased sharply with a CAGR of 37.29% over the last 3 Years. Tweet this!
  • Anti-Virus alone accounts for 49% of the vulnerabilities reported in Security Products followed by Firewall with 24%. Tweet this!
  • Top 3 Security vendors with maximum vulnerabilities published in 2012 are McAfee, Cisco followed by Symantec. Tweet this!
  • Top 3 Security products with maximum vulnerabilities published in 2012 are Rising-Global’s Antivirus , Cisco’s Adaptive Security Appliance and Ikarus Virus Utilities.Tweet this!
  • Access Control is the most prominent weakness in Security Products followed by Input Validation. Tweet this!
  • SQL Injection is the least found vulnerability among Security products in 2012. Tweet this!

Click here to download the full report

 

(Read more: How would you describe the CISO role on Twitter?)

 

Conclusion:

Security products have been targeted by the hackers from the time they were introduced in the market.It should be noted that vulnerability findings in security products and software follow similar trend as any other general purpose commercial or open source product. It is also quite evident from our study that security products are vulnerable to same type of vulnerabilities such as Buffer Overflow, MITM, Information leakage etc. as any other products used in the organizations.

Some of our major predictions:

  • There will be an increase in attacks on security products, companies or solutions.
  • The majority of vulnerabilities discovered will not become public and shall remain in the hands of APT (Advanced Persistent Threat) actors.

How to combat vulnerabilities in Security Products?

  • Ask for security certifications of the products and independent third party penetration testing reports as part of    procurement process.
  • Conduct independent penetration testing of security infrastructure/solutions.
  • Create an efficient detection and response mechanism.

Click here to download the full report

Disclaimer:

We have used well known vulnerability standards and database like Common Vulnerability Enumeration (CVE), Common Product Enumeration (CPE) and Nation Vulnerability Database (NVD). One of the major challenges we faced was in classifying the products into security and non-security products, as the current product standard (CPE) does not support it. We solved this challenge by considering that security products have certain keywords like, ‘ ID‘virus’, ‘firewall‘, ‘IPS‘, ‘scan’ etc. Hence there are chances of some date being missed and the report should be considered as indicative. iViZ disclaims all warranties, expressed or implied, with respect to this research for any particular purpose.

Original Blog: http://www.ivizsecurity.com/blog/penetration-testing/vulnerabilitie...

 

 

 

Views: 269

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */