{"id":278,"date":"2021-11-23T23:40:00","date_gmt":"2021-11-23T23:40:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=278"},"modified":"2024-08-02T13:43:21","modified_gmt":"2024-08-02T20:43:21","slug":"when-your-security-tools-introduce-security-weaknesses","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/","title":{"rendered":"When your Security Tools Introduce Security Weaknesses"},"content":{"rendered":"\n

On the heels of\u00a0another zero-day vulnerability found in a security tool, we\u2019ve been working with our customers to show them whether or not they have internet-exposed assets which are affected by that vulnerability.<\/p>\n\n\n\n

Attack surface management is more than you think.<\/h2>\n\n\n\n

There is often the misconception that attack surface management<\/a> is focused only on website and web-app infrastructure. And for some tools, that is the focus.<\/p>\n\n\n\n

Our worldview (and our solution to the hair-on-fire tasks around zero-day vulnerabilities) maintains the belief that everything that is exposed to the internet, including your security tools and appliances<\/em><\/strong>, must be cataloged and tested for security gaps and weaknesses.<\/p>\n\n\n\n

It\u2019s becoming more prevalent that security tools are used as initial access into organizations, even though it flies in the face of conventional wisdom. But more vulnerabilities in security tools and breaches associated with issues in the software supply chain show that it\u2019s absolutely critical for everything in your attacker-exposed attack surface to be continuously monitored \u2013 including your cloud infrastructure, third-party partners, and, yes, your security vendors.<\/p>\n\n\n\n

Visibility and testing of everything is key.<\/h2>\n\n\n\n

In this instance, our platform<\/a> made it easy to understand if an organization was affected. When it was discovered that particular firewall and VPN appliances from Palo Alto Networks \u2013 which have to be internet-facing to allow users to connect \u2013 were vulnerable to remote code execution, security operations teams could quickly search their entire external attack surface to uncover whether or not they\u2019re impacted by the new zero-day.<\/p>\n\n\n\n

This is just one example. Of course, tomorrow is another day and there will be new vulnerabilities in different software, devices, and infrastructure.<\/p>\n\n\n\n

If you\u2019d like this kind of visibility into your external attack surface and the assets that it consists of, reach out<\/a> and we\u2019ll gladly have a conversation around your attack surface management goals.<\/p>\n","protected":false},"excerpt":{"rendered":"

Everything that is exposed to the internet, including your security tools and appliances, must be cataloged and tested for security gaps and weaknesses.<\/p>\n","protected":false},"author":21,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[6,9,49],"class_list":["post-278","post","type-post","status-publish","format-standard","hentry","category-perspectives","tag-attack-surface-management","tag-cybersecurity","tag-vulnerability-management"],"yoast_head":"\nWhen your Security Tools Introduce Security Weaknesses | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"When your Security Tools Introduce Security Weaknesses | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"Everything that is exposed to the internet, including your security tools and appliances, must be cataloged and tested for security gaps and weaknesses.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-23T23:40:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-02T20:43:21+00:00\" \/>\n<meta name=\"author\" content=\"Sam Curcuruto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sam Curcuruto\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/\"},\"author\":{\"name\":\"Sam Curcuruto\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/bcbbd5a2bd8804807d732d4f0bb9348f\"},\"headline\":\"When your Security Tools Introduce Security Weaknesses\",\"datePublished\":\"2021-11-23T23:40:00+00:00\",\"dateModified\":\"2024-08-02T20:43:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/\"},\"wordCount\":325,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"Attack Surface Management\",\"Cybersecurity\",\"Vulnerability Management\"],\"articleSection\":[\"Perspectives\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/\",\"name\":\"When your Security Tools Introduce Security Weaknesses | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2021-11-23T23:40:00+00:00\",\"dateModified\":\"2024-08-02T20:43:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"When your Security Tools Introduce Security Weaknesses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/bcbbd5a2bd8804807d732d4f0bb9348f\",\"name\":\"Sam Curcuruto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e2829009d340f21cf83edb29498819bc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e2829009d340f21cf83edb29498819bc?s=96&d=mm&r=g\",\"caption\":\"Sam Curcuruto\"},\"description\":\"Was Sr. Director, Product Marketing at CyCognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/sam-curcuruto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"When your Security Tools Introduce Security Weaknesses | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/","og_locale":"en_US","og_type":"article","og_title":"When your Security Tools Introduce Security Weaknesses | CyCognito Blog","og_description":"Everything that is exposed to the internet, including your security tools and appliances, must be cataloged and tested for security gaps and weaknesses.","og_url":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/","og_site_name":"CyCognito Blog","article_published_time":"2021-11-23T23:40:00+00:00","article_modified_time":"2024-08-02T20:43:21+00:00","author":"Sam Curcuruto","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sam Curcuruto","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/"},"author":{"name":"Sam Curcuruto","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/bcbbd5a2bd8804807d732d4f0bb9348f"},"headline":"When your Security Tools Introduce Security Weaknesses","datePublished":"2021-11-23T23:40:00+00:00","dateModified":"2024-08-02T20:43:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/"},"wordCount":325,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["Attack Surface Management","Cybersecurity","Vulnerability Management"],"articleSection":["Perspectives"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/","url":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/","name":"When your Security Tools Introduce Security Weaknesses | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2021-11-23T23:40:00+00:00","dateModified":"2024-08-02T20:43:21+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/when-your-security-tools-introduce-security-weaknesses\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"When your Security Tools Introduce Security Weaknesses"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/bcbbd5a2bd8804807d732d4f0bb9348f","name":"Sam Curcuruto","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e2829009d340f21cf83edb29498819bc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e2829009d340f21cf83edb29498819bc?s=96&d=mm&r=g","caption":"Sam Curcuruto"},"description":"Was Sr. Director, Product Marketing at CyCognito","url":"https:\/\/www.cycognito.com\/blog\/author\/sam-curcuruto\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=278"}],"version-history":[{"count":5,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/278\/revisions"}],"predecessor-version":[{"id":968,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/278\/revisions\/968"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}