2021-01-06T14:09:00Z

What are the threats associated with using ‘bogus’ cybersecurity tools?


There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 

What are some of the threats that may be associated with using 'fake' cybersecurity tools?

What can people do to ensure that they're using a tool that actually does what it says it does?

Guest
1111 Answers

author avatar
Top 5Reseller


Dan Doggendorf gave sound advice.


Whilst some of the free or cheap platforms will provide valuable information and protection, your security strategy has to be layered. Understand what you want to protect and from whom. At some point you will need to spend money but how do you know where to spend it? There are over 5,000 security vendors to choose from.


There is no silver bullet and throwing money at it won’t necessarily fix what you are at risk from but at the same time free products are free for a reason.


If your organisation doesn’t have a large team of security experts to research the market and build labs then you need to get outside advice. Good Cyber-advisors will understand your business and network architecture therefore will ask the right questions to help you to navigate the plethora of vendors and find the ones that are right for where your business is now and where you intend it to be in the future.


Large IT resellers will sell you what they have in their catalogues based on what you ask for and give a healthy discount too but that may not fix the specific risks your business is vulnerable to. A consultative approach is required for such critical decisions.


By the way, there are free security products and services that I recommend.


2021-01-08T17:10:56Z
author avatar
Top 5User

The biggest threat is risks you think you have managed are not managed at all so you and your executive team have a completely false sense of security.  This is even worse than not having any tool in place.  With no tool in place, you at least know you have a vulnerability.


There several ways to ensure a tool is doing what it is supposed to do.


1. Product Selection - when selecting a tool, do not focus on what a tool can do.  Focus on what you want the tool to do.  You drive the direction of the sales demo, not the sales team.


2. Product Implementation - use professional services to implement and configure the solution.  Your team should be right there with them as a knowledge transfer session but the professional who installs and configures the product every day should drive the install, not someone who wants to learn.


3. Trusted Partners - find yourself a trusted partner(s) who can help guide you.  This should consist of product testing labs partners, advisors who live and breathe the space daily, and resellers with a strong engineering team.

2021-01-07T17:00:37Z
author avatar
User

Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved. 

2021-01-08T14:39:23Z
author avatar
Top 5LeaderboardReal User

Refrain from free products


Delete products and traces of product after evaluation


Always know what you want from the cybersecurity solution. Can identify illegal operations of the products if different from its stipulated functions.


Work with recognised partners and solution providers


Download opensource from reputable sites


2021-01-08T12:12:20Z
author avatar
Top 10Real User

Open Source or Free products need proper management. Based on my experience I have found that many people who uses open source don't bother to patch them and attackers then utilize such loopholes.



One of the great example one client was using free vulnerability management plus IP scanner. And they got hit with ransomware. During the investigation I realise the attacker utilized the same tool to affect other devices on the network. The attack took his time at least 2 months unnoticed. 

2021-01-07T22:48:44Z
author avatar
Top 5Real User

One should 1st have details understanding of what he/she is looking to protect within environment as tool are specially designed for point solution. Single tool will not able to secure complete environment and you should not procure any solution without performing POC within your environment 


As there is possibility that tool which works for your peer organisation does not work in similar way for yours as each organisation has different components and workload/use case

2021-01-07T15:20:48Z
author avatar
Top 10Real User

You should build a lab, try the tools and analyze the traffic and behavior with a traffic analizer like wireshark and any sandbox or edr that shows you what the tools do, but all this should be outside your production environment, use tools that has been released by the company provider and not third party downloads or unknown or untrusted sources.

2021-01-07T14:08:41Z
author avatar
Top 10Real User

Assosiated threats are many, like data loss, data exfiltración, vlan hoppin, sensible data expossure, ransomeware, etc.

2021-01-07T14:11:15Z
author avatar
Top 10Real User

Bogus cybersecurity tools might bring about the data exfiltration, trojan horse 

2021-01-08T01:19:14Z
author avatar
Top 5LeaderboardReseller

I think this is quite an open-ended question.

Since cyber security is quite a vast world, it might be better to start small. Ask yourself what it is you are looking for or need. From there you can start asking specific questions based on that need. You should then be able to get more specific answers. Free doesn't always mean bad, but it probably will mean that you require more man power and more technical skills to manage it correctly. There are also quite a few "community" options available. Quite often you might start with a free solution and then upgrade that solution to their paid version which would give you more features.

So find out what it is you need and grow from there.

2021-01-13T15:58:32Z
author avatar
User

Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved

2021-01-12T22:10:57Z
author avatar
User

The biggest threat in using "bogus" or fake tools would be that they are themselves actually tools for someone else to access you. Its a very plausible and likely scenario. 

2021-01-11T12:47:02Z
Find out what your peers are saying about SonarSource, Veracode, Sonatype and others in Application Security. Updated: February 2021.
464,857 professionals have used our research since 2012.