A Research Report
Security tools are intrusive by nature. They are privy to our user behavior and machine internals; they run as highly privileged processes; they inspect the user, machine and network activity; they “decide” for us what is “good”or “bad.” Gaining control over a security tool is an attacker’s dream come true.
In this paper, we take a look at a few examples of attacks, real-life instances where security tools acted as double-edged swords, such as:
Intrusive implementations in AVG, McAfee, TrendMicro and other host based packages
Remote code execution exploits in FireEye devices
Backdoors in Juniper NetScreen routers
We review the vulnerabilities of security tools and their risks. We also look at practical steps chief information security officers (CISOs) and their teams can take to protect their networks so at the end of the day, CISOs can know that they can sleep well at night.