When your Security Tools Introduce Security Weaknesses

On the heels of another zero-day vulnerability found in a security tool, we’ve been working with our customers to show them whether or not they have internet-exposed assets which are affected by that vulnerability.

There is often the misconception that attack surface management is focused only on website and web-app infrastructure. And for some tools, that is the focus.

Our worldview (and our solution to the hair-on-fire tasks around zero-day vulnerabilities) maintains the belief that everything that is exposed to the internet, including your security tools and appliances, must be cataloged and tested for security gaps and weaknesses.

It’s becoming more prevalent that security tools are used as initial access into organizations, even though it flies in the face of conventional wisdom. But more vulnerabilities in security tools and breaches associated with issues in the software supply chain show that it’s absolutely critical for everything in your attacker-exposed attack surface to be continuously monitored – including your cloud infrastructure, third-party partners, and, yes, your security vendors.

Visibility and testing of everything is key.

In this instance, our platform made it easy to understand if an organization was affected. When it was discovered that particular firewall and VPN appliances from Palo Alto Networks – which have to be internet-facing to allow users to connect – were vulnerable to remote code execution, security operations teams could quickly search their entire external attack surface to uncover whether or not they’re impacted by the new zero-day.

This is just one example. Of course, tomorrow is another day and there will be new vulnerabilities in different software, devices, and infrastructure.

If you’d like this kind of visibility into your external attack surface and the assets that it consists of, reach out and we’ll gladly have a conversation around your attack surface management goals.