Using Endpoint Security Products against you

Pretty interesting read on several vulnerabilities relating to Symantec Endpoint Protection

http://codewhitesec.blogspot.be/2015/07/symantec-endpoint-protection.html

The article discuss various means to remotely compromise the management console and plant code in the distribution package.

There are several takeaways here:

  • Given that your security product is supposed to be securing your entire environment, your management console must be locked down, patched, etc.
  • If you haven’t performed an audit on your management console settings, you are asking for trouble. At the very least, explain why you have certain rules in place (file/folder exceptions come to mind)
  • Does your management console have a auditing function? Do you check it?
  • Are the endpoint packages that you create, verified and signed?
  • (To the vendors) Do services really require local SYSTEM to run?
  • If your endpoint product is compromised, you can no longer trust it or the system that it is protecting.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s