SlideShare a Scribd company logo

Security Products Vulnerabilities Report

Download as PPTX, PDF
D
DaveEdwards12
Technology
1 of 13
(In)Security in Security Products Who do you turn to when your security product becomes a gateway for attackers? 1
About the report • Security Products are present in most of the systems and theoretically can become a “high pay-off” target for hackers after the OS, Browsers etc. • At iViZ we wanted to study how secure are the security products • iViZ used databases such as the Common Vulnerability Enumeration (CVE), Common Product Enumeration (CPE) and Nation Vulnerability Database (NVD) for the Analysis www.ivizsecurity.com 2
How are security vendors doing in terms of protecting their own products? According to our “(In)Security in Security Products” report, • More recently, hackers have claimed to be in possession of the source code for Symantec's PC anywhere tool and Norton antivirus. www.ivizsecurity.com 3
Vulnerabilities in Security Products • Man in the Middle (MITM) vulnerability in Symantec Backup Exec 12.1 • Remote Code Execution via buffer overflows vulnerability in Symantec Veritas Enterprise Administrator products • Encryption bypass of major disk encryption software’s including Microsoft Bit locker, True Crypt and MacAfee Safe Boot Device • Remote code execution vulnerabilities in various anti-virus products including AVG, F-Secure, Sophos and ClaimAV etc For Details: http://www.ivizsecurity.com/security-advisory1.html www.ivizsecurity.com 4
6
7
8
Vulnerabilities by Security Companies Vulnerabilities by Vendors ClamAV Kaspersky Lab Cisco Trend Micro Symantec McAfee ISS Checkpoint CA 0 200 400 600 800 1000 1200 www.ivizsecurity.com 9
Vulnerabilities in Security Products Vulnerabilities in Security Products F-Secure Anti-virus Cisco PIX Firewall Figure 6: Shows number of Sophos Anti-virus vulnerabilities found in Cisco Adaptivesecurity Appliance some of the major security products existing today. X Kaspersky Anti-virus axis display number of vulnerabilities and Y axis ClamAV Anti-virus display some of the major security products. Total Trend Micro Officescan vulnerabilities against each AVG AntiVirus security product are calculated by considering Norton Personal Firewall all the versions of the products and their Norton AntriVirus individual vulnerabilities Checkpoint Firewall-1 discovered over the past years. Symentec Norton Internet Security McAfee Anti Virus 0 10 20 30 40 50 60 70 80 www.ivizsecurity.com 10
11
Conclusion The two largest threats to security product vendors/developers are :- • The Black 0-Day Market • Cyber Warfare Vulnerabilities are as common in security products as they are in non – security products. As per the Global Risk 2012 report, the cost of each cyber crime is 5.9 million USD and likely to grow. There is no foolproof solution to mitigate Cyber Warfare Attacks, but we can take suitable measures to ensure security is itself more secure in the future. www.ivizsecurity.com 12
Some thoughts.. • Security companies do not necessarily produce secure software • Security products can itself serve as a door for a hacker • Security Products are “High Pay-off” targets since they are present in most systems • APT and Cyber-warfare makes “Security Products” as the next choice www.ivizsecurity.com 13
• Are you sure if your web-application is Secure? • Check out our Cloud based Penetration Testing solution with “Zero False Positive Guarantee” : www.ivizsecurity.com Bikash Barai CEO, Co – founder of iViZ Blog: http://bikashbarai.blogspot.in Linkedin: http://www.linkedin.com/pub/bikash-barai/0/7a4/669 Twitter: https://twitter.com/bikashbarai1 Thank you 14

Recommended

iViZ Profile
iViZ ProfileiViZ Profile
iViZ ProfileiViZ Security
 
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentationKaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentationShapeBlue
 
Introducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentIntroducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentKaspersky
 
Vulnerability in Security Products
Vulnerability in Security ProductsVulnerability in Security Products
Vulnerability in Security ProductsDaveEdwards12
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationAriel Martin Beliera
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions failDaveEdwards12
 

Recommended

iViZ Profile
iViZ ProfileiViZ Profile
iViZ ProfileiViZ Security
 
Kaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentationKaspersky security for virtualization light agent launch presentation
Kaspersky security for virtualization light agent launch presentationShapeBlue
 
Introducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentIntroducing Kaspersky Security for Virtualization - Light Agent
Introducing Kaspersky Security for Virtualization - Light AgentKaspersky
 
Vulnerability in Security Products
Vulnerability in Security ProductsVulnerability in Security Products
Vulnerability in Security ProductsDaveEdwards12
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationAriel Martin Beliera
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions failDaveEdwards12
 
Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012dvanwyk30
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuVirtSGR
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHKirill Kertsenbaum
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec UbiquitySymantec
 
I Vi Z Profile
I Vi Z ProfileI Vi Z Profile
I Vi Z Profilekhushboo
 
Security Matters : The Evolution of Samsung KNOX™
Security Matters : The Evolution of Samsung KNOX™Security Matters : The Evolution of Samsung KNOX™
Security Matters : The Evolution of Samsung KNOX™Samsung at Work
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudTrend Micro (EMEA) Limited
 
Sandbox
SandboxSandbox
Sandboxayush_nitt
 
Kaspersky Security For Virtualization - ENGLISH
Kaspersky Security For Virtualization - ENGLISHKaspersky Security For Virtualization - ENGLISH
Kaspersky Security For Virtualization - ENGLISHKirill Kertsenbaum
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKirill Kertsenbaum
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
 
Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Filip Maertens
 
Samsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung at Work
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
Symantec Web Security Solutions
Symantec Web Security SolutionsSymantec Web Security Solutions
Symantec Web Security SolutionsSymantec
 
Avast product brochure
Avast product brochureAvast product brochure
Avast product brochureptoone
 
Can consumer av products protect
Can consumer av products protectCan consumer av products protect
Can consumer av products protectAnatoliy Tkachev
 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...Kaspersky
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 

More Related Content

What's hot

Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep securityTrend Micro
 
Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012dvanwyk30
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuVirtSGR
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012Symantec
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2JD Sherry
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHKirill Kertsenbaum
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec UbiquitySymantec
 
I Vi Z Profile
I Vi Z ProfileI Vi Z Profile
I Vi Z Profilekhushboo
 
Security Matters : The Evolution of Samsung KNOX™
Security Matters : The Evolution of Samsung KNOX™Security Matters : The Evolution of Samsung KNOX™
Security Matters : The Evolution of Samsung KNOX™Samsung at Work
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudTrend Micro (EMEA) Limited
 
Kaspersky Security For Virtualization - ENGLISH
Kaspersky Security For Virtualization - ENGLISHKaspersky Security For Virtualization - ENGLISH
Kaspersky Security For Virtualization - ENGLISHKirill Kertsenbaum
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKirill Kertsenbaum
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
 
Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Filip Maertens
 
Samsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung at Work
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012Jimmy Saigon
 
Symantec Web Security Solutions
Symantec Web Security SolutionsSymantec Web Security Solutions
Symantec Web Security SolutionsSymantec
 
Avast product brochure
Avast product brochureAvast product brochure
Avast product brochureptoone
 

What's hot (19)

Trend micro deep security
Trend micro deep securityTrend micro deep security
Trend micro deep security
 
Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012Sophos utm-roadshow-south africa-2012
Sophos utm-roadshow-south africa-2012
 
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.RuCisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
Cisco VSG_Конкурс продуктов портала VirtualizationSecurityGroup.Ru
 
RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012RSA 2012 Virtualization Security February 2012
RSA 2012 Virtualization Security February 2012
 
Trend micro v2
Trend micro v2Trend micro v2
Trend micro v2
 
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISHIntroducing New Kaspersky Endpoint Security for Business - ENGLISH
Introducing New Kaspersky Endpoint Security for Business - ENGLISH
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec Ubiquity
 
I Vi Z Profile
I Vi Z ProfileI Vi Z Profile
I Vi Z Profile
 
Security Matters : The Evolution of Samsung KNOX™
Security Matters : The Evolution of Samsung KNOX™Security Matters : The Evolution of Samsung KNOX™
Security Matters : The Evolution of Samsung KNOX™
 
Data Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the CloudData Centre Evolution: Securing Your Journey to the Cloud
Data Centre Evolution: Securing Your Journey to the Cloud
 
Sandbox
SandboxSandbox
Sandbox
 
Kaspersky Security For Virtualization - ENGLISH
Kaspersky Security For Virtualization - ENGLISHKaspersky Security For Virtualization - ENGLISH
Kaspersky Security For Virtualization - ENGLISH
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISH
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
 
Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011Mobile Banking Channel Security - Cyber Security Conference 2011
Mobile Banking Channel Security - Cyber Security Conference 2011
 
Samsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise Mobility
 
Watchguard security proposal 2012
Watchguard security proposal 2012Watchguard security proposal 2012
Watchguard security proposal 2012
 
Symantec Web Security Solutions
Symantec Web Security SolutionsSymantec Web Security Solutions
Symantec Web Security Solutions
 
Avast product brochure
Avast product brochureAvast product brochure
Avast product brochure
 

Similar to Security Products Vulnerabilities Report

Can consumer av products protect
Can consumer av products protectCan consumer av products protect
Can consumer av products protectAnatoliy Tkachev
 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...Kaspersky
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesIşınsu Akçetin
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013DaveEdwards12
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughGFI Software
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationGraeme Wood
 
DefCamp 2013 - Are we there yet?
DefCamp 2013 - Are we there yet?DefCamp 2013 - Are we there yet?
DefCamp 2013 - Are we there yet?DefCamp
 
инструкции и утилиты для удаления остатков антивирусных программ
инструкции и утилиты для удаления остатков антивирусных программинструкции и утилиты для удаления остатков антивирусных программ
инструкции и утилиты для удаления остатков антивирусных программbelhonka
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityAndrew Wong
 
Cyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz AcademyCyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz Academyananthakrishnansblit
 
Cyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiCyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiamallblitz0
 
How to Audit
How to AuditHow to Audit
How to Auditayousif
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingInvincea, Inc.
 
Total Defense Product Information
Total Defense Product InformationTotal Defense Product Information
Total Defense Product InformationZeeshan Humayun
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Scott Brown
 
Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)John Joseph San Juan
 

Similar to Security Products Vulnerabilities Report (20)

Can consumer av products protect
Can consumer av products protectCan consumer av products protect
Can consumer av products protect
 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
 
McAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded DevicesMcAffee_Security and System Integrity in Embedded Devices
McAffee_Security and System Integrity in Embedded Devices
 
IBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - EcuadorIBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - Ecuador
 
Insecurity in security products 2013
Insecurity in security products 2013Insecurity in security products 2013
Insecurity in security products 2013
 
Why One Virus Engine is Not Enough
Why One Virus Engine is Not EnoughWhy One Virus Engine is Not Enough
Why One Virus Engine is Not Enough
 
Trend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning PresentationTrend Micro VForum Agentless Scanning Presentation
Trend Micro VForum Agentless Scanning Presentation
 
DefCamp 2013 - Are we there yet?
DefCamp 2013 - Are we there yet?DefCamp 2013 - Are we there yet?
DefCamp 2013 - Are we there yet?
 
инструкции и утилиты для удаления остатков антивирусных программ
инструкции и утилиты для удаления остатков антивирусных программинструкции и утилиты для удаления остатков антивирусных программ
инструкции и утилиты для удаления остатков антивирусных программ
 
Introduction - Trend Micro Deep Security
Introduction - Trend Micro Deep SecurityIntroduction - Trend Micro Deep Security
Introduction - Trend Micro Deep Security
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 
Cyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz AcademyCyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz Academy
 
Cyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiCyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochi
 
How to Audit
How to AuditHow to Audit
How to Audit
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
 
The Various Classes of Antivirus!
The Various Classes of Antivirus!The Various Classes of Antivirus!
The Various Classes of Antivirus!
 
Total Defense Product Information
Total Defense Product InformationTotal Defense Product Information
Total Defense Product Information
 
Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2Colby_Sawyer_white_paper final 2
Colby_Sawyer_white_paper final 2
 
Cybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking AboutCybersecurity Concerns You Should be Thinking About
Cybersecurity Concerns You Should be Thinking About
 
Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)Software Vendor (Norton Anti-Virus)
Software Vendor (Norton Anti-Virus)
 

More from DaveEdwards12

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDaveEdwards12
 
A Journey to Protect Points of Sale (POS)
A Journey to Protect Points of Sale (POS)A Journey to Protect Points of Sale (POS)
A Journey to Protect Points of Sale (POS)DaveEdwards12
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsDaveEdwards12
 
New realities in aviation security remotely gaining control of aircraft systems
New realities in aviation security remotely gaining control of aircraft systemsNew realities in aviation security remotely gaining control of aircraft systems
New realities in aviation security remotely gaining control of aircraft systemsDaveEdwards12
 
New realities in aviation security remotely gaining control of aircraft systems
New realities in aviation security remotely gaining control of aircraft systemsNew realities in aviation security remotely gaining control of aircraft systems
New realities in aviation security remotely gaining control of aircraft systemsDaveEdwards12
 
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesAnatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesDaveEdwards12
 
Using 80 20 rule in application security management
Using 80 20 rule in application security managementUsing 80 20 rule in application security management
Using 80 20 rule in application security managementDaveEdwards12
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 

More from DaveEdwards12 (8)

Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
A Journey to Protect Points of Sale (POS)
A Journey to Protect Points of Sale (POS)A Journey to Protect Points of Sale (POS)
A Journey to Protect Points of Sale (POS)
 
Man in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactionsMan in the Browser attacks on online banking transactions
Man in the Browser attacks on online banking transactions
 
New realities in aviation security remotely gaining control of aircraft systems
New realities in aviation security remotely gaining control of aircraft systemsNew realities in aviation security remotely gaining control of aircraft systems
New realities in aviation security remotely gaining control of aircraft systems
 
New realities in aviation security remotely gaining control of aircraft systems
New realities in aviation security remotely gaining control of aircraft systemsNew realities in aviation security remotely gaining control of aircraft systems
New realities in aviation security remotely gaining control of aircraft systems
 
Anatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilitiesAnatomy of business logic vulnerabilities
Anatomy of business logic vulnerabilities
 
Using 80 20 rule in application security management
Using 80 20 rule in application security managementUsing 80 20 rule in application security management
Using 80 20 rule in application security management
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Security Products Vulnerabilities Report

  • 1. (In)Security in Security Products Who do you turn to when your security product becomes a gateway for attackers? 1
  • 2. About the report • Security Products are present in most of the systems and theoretically can become a “high pay-off” target for hackers after the OS, Browsers etc. • At iViZ we wanted to study how secure are the security products • iViZ used databases such as the Common Vulnerability Enumeration (CVE), Common Product Enumeration (CPE) and Nation Vulnerability Database (NVD) for the Analysis www.ivizsecurity.com 2
  • 3. How are security vendors doing in terms of protecting their own products? According to our “(In)Security in Security Products” report, • More recently, hackers have claimed to be in possession of the source code for Symantec's PC anywhere tool and Norton antivirus. www.ivizsecurity.com 3
  • 4. Vulnerabilities in Security Products • Man in the Middle (MITM) vulnerability in Symantec Backup Exec 12.1 • Remote Code Execution via buffer overflows vulnerability in Symantec Veritas Enterprise Administrator products • Encryption bypass of major disk encryption software’s including Microsoft Bit locker, True Crypt and MacAfee Safe Boot Device • Remote code execution vulnerabilities in various anti-virus products including AVG, F-Secure, Sophos and ClaimAV etc For Details: http://www.ivizsecurity.com/security-advisory1.html www.ivizsecurity.com 4
  • 5. 6
  • 6. 7
  • 7. 8
  • 8. Vulnerabilities by Security Companies Vulnerabilities by Vendors ClamAV Kaspersky Lab Cisco Trend Micro Symantec McAfee ISS Checkpoint CA 0 200 400 600 800 1000 1200 www.ivizsecurity.com 9
  • 9. Vulnerabilities in Security Products Vulnerabilities in Security Products F-Secure Anti-virus Cisco PIX Firewall Figure 6: Shows number of Sophos Anti-virus vulnerabilities found in Cisco Adaptivesecurity Appliance some of the major security products existing today. X Kaspersky Anti-virus axis display number of vulnerabilities and Y axis ClamAV Anti-virus display some of the major security products. Total Trend Micro Officescan vulnerabilities against each AVG AntiVirus security product are calculated by considering Norton Personal Firewall all the versions of the products and their Norton AntriVirus individual vulnerabilities Checkpoint Firewall-1 discovered over the past years. Symentec Norton Internet Security McAfee Anti Virus 0 10 20 30 40 50 60 70 80 www.ivizsecurity.com 10
  • 10. 11
  • 11. Conclusion The two largest threats to security product vendors/developers are :- • The Black 0-Day Market • Cyber Warfare Vulnerabilities are as common in security products as they are in non – security products. As per the Global Risk 2012 report, the cost of each cyber crime is 5.9 million USD and likely to grow. There is no foolproof solution to mitigate Cyber Warfare Attacks, but we can take suitable measures to ensure security is itself more secure in the future. www.ivizsecurity.com 12
  • 12. Some thoughts.. • Security companies do not necessarily produce secure software • Security products can itself serve as a door for a hacker • Security Products are “High Pay-off” targets since they are present in most systems • APT and Cyber-warfare makes “Security Products” as the next choice www.ivizsecurity.com 13
  • 13. • Are you sure if your web-application is Secure? • Check out our Cloud based Penetration Testing solution with “Zero False Positive Guarantee” : www.ivizsecurity.com Bikash Barai CEO, Co – founder of iViZ Blog: http://bikashbarai.blogspot.in Linkedin: http://www.linkedin.com/pub/bikash-barai/0/7a4/669 Twitter: https://twitter.com/bikashbarai1 Thank you 14

Editor's Notes

  1. Should be “Cloud-based”, not “On Demand”