I've read that the Bit9 compromise involved the company's own encryption keys, which led to trouble for customers...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
of Bit9's whitelisting services. Would you say this was likely a one-off incident, or should enterprises reconsider using application whitelisting technology? Is there any way to sniff out certificates that have been signed by malicious hackers?
Ask the Expert!
SearchSecurity.com expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
Because they're in the technology business, IT vendors are held to a higher security standard than most other organizations are. Information security vendors are held to an even higher standard because a compromise could allow widespread or very targeted attacks against customers. That's why, when journalist Brian Krebs first broke the story about the attack against the vendor, the public relations backlash was particularly fierce.
The attacker in the Bit9 compromise was able to infiltrate the vendor's network and compromise a system with an old but still valid software signing certificate. The attack started with a SQL injection attack against an Internet-facing device, which allowed the attacker to access a virtual machine with the certificate. (Bit9 says a third party analyzed its network to determine the extent of the attack, but the vendor did not report how the attacker found and gained access to the system with the certificate.) The attacker signed 32 malicious files, including part of a backdoor, to make them look legitimate, then used those files while attacking an undisclosed number of Bit9 customers. Thus, the attacker exploited the trust Bit9's customers had in the vendor.
Bit9 is not the first security vendor to be compromised, nor will it be the last. Its openness about the attack should help restore customer trust. Ironically, if Bit9 hadn't made the operational mistake of not installing its own software, the company would have been protected from the attack. Enterprises might want to consider the far-reaching implications if their vendor is compromised, then determine the appropriate course of action. In this case, they should try to determine whether Bit9's security model is sufficient for their environment, and if there are ways they could limit their risk if Bit9 (or any other security vendor) is compromised.
Dig Deeper on Application Attacks -Information Security Threats
Related Q&A from Nick Lewis
SSL attacks "in stealth mode" are helping attackers avoid detection and analysis. Expert Nick Lewis explains how to discover and defend against the ...continue reading
Learn how sinkholing is helping security experts analyze infected devices and even disable malware in compromised endpoints.continue reading
Motion and gestures are being used for mobile malware detection on smartphones. Learn how this method works and whether it is a worthy addition to an...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.