There are many cybersecurity tools available, but some aren't doing the job that they should be doing.
What are some of the threats that may be associated with using 'fake' cybersecurity tools?
What can people do to ensure that they're using a tool that actually does what it says it does?
Dan Doggendorf gave sound advice.
Whilst some of the free or cheap platforms will provide valuable information and protection, your security strategy has to be layered. Understand what you want to protect and from whom. At some point you will need to spend money but how do you know where to spend it? There are over 5,000 security vendors to choose from.
There is no silver bullet and throwing money at it won’t necessarily fix what you are at risk from but at the same time free products are free for a reason.
If your organisation doesn’t have a large team of security experts to research the market and build labs then you need to get outside advice. Good Cyber-advisors will understand your business and network architecture therefore will ask the right questions to help you to navigate the plethora of vendors and find the ones that are right for where your business is now and where you intend it to be in the future.
Large IT resellers will sell you what they have in their catalogues based on what you ask for and give a healthy discount too but that may not fix the specific risks your business is vulnerable to. A consultative approach is required for such critical decisions.
By the way, there are free security products and services that I recommend.
The biggest threat is risks you think you have managed are not managed at all so you and your executive team have a completely false sense of security. This is even worse than not having any tool in place. With no tool in place, you at least know you have a vulnerability.
There several ways to ensure a tool is doing what it is supposed to do.
1. Product Selection - when selecting a tool, do not focus on what a tool can do. Focus on what you want the tool to do. You drive the direction of the sales demo, not the sales team.
2. Product Implementation - use professional services to implement and configure the solution. Your team should be right there with them as a knowledge transfer session but the professional who installs and configures the product every day should drive the install, not someone who wants to learn.
3. Trusted Partners - find yourself a trusted partner(s) who can help guide you. This should consist of product testing labs partners, advisors who live and breathe the space daily, and resellers with a strong engineering team.
Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved.
Refrain from free products
Delete products and traces of product after evaluation
Always know what you want from the cybersecurity solution. Can identify illegal operations of the products if different from its stipulated functions.
Work with recognised partners and solution providers
Download opensource from reputable sites
Open Source or Free products need proper management. Based on my experience I have found that many people who uses open source don't bother to patch them and attackers then utilize such loopholes.
One of the great example one client was using free vulnerability management plus IP scanner. And they got hit with ransomware. During the investigation I realise the attacker utilized the same tool to affect other devices on the network. The attack took his time at least 2 months unnoticed.
One should 1st have details understanding of what he/she is looking to protect within environment as tool are specially designed for point solution. Single tool will not able to secure complete environment and you should not procure any solution without performing POC within your environment
As there is possibility that tool which works for your peer organisation does not work in similar way for yours as each organisation has different components and workload/use case
You should build a lab, try the tools and analyze the traffic and behavior with a traffic analizer like wireshark and any sandbox or edr that shows you what the tools do, but all this should be outside your production environment, use tools that has been released by the company provider and not third party downloads or unknown or untrusted sources.
Assosiated threats are many, like data loss, data exfiltración, vlan hoppin, sensible data expossure, ransomeware, etc.
I think this is quite an open-ended question.
Since cyber security is quite a vast world, it might be better to start small. Ask yourself what it is you are looking for or need. From there you can start asking specific questions based on that need. You should then be able to get more specific answers. Free doesn't always mean bad, but it probably will mean that you require more man power and more technical skills to manage it correctly. There are also quite a few "community" options available. Quite often you might start with a free solution and then upgrade that solution to their paid version which would give you more features.
So find out what it is you need and grow from there.
Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved
Is SonarQube is the best tool for static analysis or there are any good tools which compete with SonarQube?
On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass.
Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber.
The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned.
How could Twitter have been better prepared for this? How do you rate their response?