Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
A Lot of Security Purchases Remain Shelfware
Newest First  |  Oldest First  |  Threaded View
dplyons
dplyons,
User Rank: Apprentice
1/21/2015 | 10:04:59 AM
Re: Firewalls installed but not configured correctly, really?
I have known many standard IT Admins.  I would trust very very few of them with maintaining a firewall, let alone researching/implementing proper security policies.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/21/2015 | 8:40:00 AM
Re: Firewalls installed but not configured correctly, really?
Great point about acess rules, @dplyons. But do you really need a security engineer to configure access to corporate systems via a firewall ? Shouldn't your standard IT admin be able to do that? 
Dr.T
Dr.T,
User Rank: Ninja
1/20/2015 | 4:08:57 PM
fanciest firewall?
I agree with the article mainly. I like the term fanciest firewall, I hope he was not talking about shape, color and other pretty things about the firewall. :--)) Granted, there are really nice firewalls out there, however as I mentioned in my other post firewall would not be considered a security device in today's environment. We need to go beyond firewalls and start implementing strategies that protects us from the things coming through the firewall.
Dr.T
Dr.T,
User Rank: Ninja
1/20/2015 | 4:01:05 PM
Re: Firewalls installed but not configured correctly, really?
I hear you Marilyn and agree. At the same time, with today's high sophisticated tools firewall is not really a security device, nobody is really trying to hack firewall, they are just passing through without any effort.
Dr.T
Dr.T,
User Rank: Ninja
1/20/2015 | 3:57:24 PM
Re: Great Insight
Not only that but no ROI, business could not really afford buying a product but no using it in today's limited budget world. 
Dr.T
Dr.T,
User Rank: Ninja
1/20/2015 | 3:55:07 PM
No skilled IT staff?
 

As article mentioned. the main reason maybe there is no skilled IT staff in hour. Sometime companies do the purchase in rush because of immediate needs and when the pressure goes away next a few months, that creates an illusion that the threats or vulnerabilities disappeared, that basically defines the end of project and puts the software recent bought to shelf.
dplyons
dplyons,
User Rank: Apprentice
1/20/2015 | 10:35:45 AM
Re: Firewalls installed but not configured correctly, really?
Incorrectly configured firewalls are all-too-common.  Too many users/managers/CIO's insisting that things "just work", too few security engineers.  The results are access rules that are far too broad, or simply permitting all traffic.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
1/20/2015 | 8:39:01 AM
Firewalls installed but not configured correctly, really?
This is quite remarkable.. not to mention data from database monitoring tools that was never seen and a lack of policy for diata leak prevention tools. How common is this, really? Please share!
Daniel Riedel
Daniel Riedel,
User Rank: Author
1/19/2015 | 11:36:30 AM
Great Insight
Thanks for bringing to light this all too common scenario, Jai. Businesses can't expect to see results from security software if it just sits on the shelf. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.