{"id":111083,"date":"2020-05-20T06:00:11","date_gmt":"2020-05-20T13:00:11","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=111083"},"modified":"2020-05-19T07:44:16","modified_gmt":"2020-05-19T14:44:16","slug":"network-vulnerabilities-in-conferencing-tools","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2020\/05\/network-vulnerabilities-in-conferencing-tools\/","title":{"rendered":"Vulnerabilities in Conferencing Tools: Much Ado about Something or Nothing?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">With rapid change going on in most businesses, it's little surprise that speculation and hasty conclusions can supersede taking the time to validate the facts for ourselves. Many articles have come out recently about vulnerabilities in video conferencing tools, but even when the vulnerabilities are real, we shouldn\u2019t draw the wrong conclusions from them. In recent days, I have heard a number of statements that I would suggest go too far. I\u2019ve heard people saying, \u201cUse this solution, as that one is insecure!\u201d and so on.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><span style=\"font-weight: 400;\">It\u2019s possible to look up current known vulnerabilities for any popular conferencing tools. Sites such as <\/span><a href=\"https:\/\/www.cvedetails.com\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">CVE Details<\/span><\/a><span style=\"font-weight: 400;\"> maintain records of vulnerabilities. You can visit them and see for yourself how many known vulnerabilities in conferencing tools there are and when they were discovered.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So what you should take away from what you find?<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">All tools have had vulnerabilities. Just because one is in the news this week for a new vulnerability, it shouldn\u2019t necessarily mean you should change to a different tool. Always ensure you have a patching process in place, and consider what tools can give preventative controls to allow you the time to test and deploy patches in a strategic way. For example, these tools could include your gateway, firewall or VPN\/endpoint security.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Stick to the facts. I\u2019m sure we all have heard people saying they can\u2019t use capability X because it\u2019s unsafe versus capability Y. With many people in the world working from home now, we need to consider whether staff are shifting tools by themselves. You must be able to continue to assess what tools are being used across your networks and only allow those you are supporting \u2013 and securing. At the very least, control what content and connectivity follows between the tools you secure, and other personal-use tools, if you allow this practice.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">No matter which video conferencing tool you leverage, follow <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/04\/network-video-conferencing-security\/\"><span style=\"font-weight: 400;\">best practices for video conferencing security<\/span><\/a><span style=\"font-weight: 400;\">. Leverage the security capabilities your tools provide, but also consider what your own security capabilities can do to bolster that security where required. It\u2019s important to ensure we embrace Security 101 logic, especially during challenging times or situations. For more about this, read my previous blog, \u201c<\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/04\/policy-video-conferencing\/\"><span style=\"font-weight: 400;\">The Rush to Video Conferencing \u2013\u00a0Are We Failing to Use Good Cyber Hygiene?<\/span><\/a><span style=\"font-weight: 400;\">\u201d<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Also, don\u2019t forget that not all risks are equal. It's worth checking through vulnerabilities as they are posted to assess how much of a risk they pose to your organization.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Understanding the risk a vulnerability poses to your organization will help you determine the right balanced response steps to take.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">All too often, we forget to take into account how the specific vendor responds to a vulnerability. The reality is that all code will have errors. It's written by humans, and we aren\u2019t perfect. What makes the real difference is what comes after the vulnerability is revealed.<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Does the vendor respond to the vulnerability in a timely fashion?\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Do they give you the right information to make an informed decision?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">How quickly do they release the patch or fix?<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">How good is that fix? The last thing anyone needs is to patch a fix.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">It's only human nature that in heightened times we have to make decisions faster. We should remember that emotions take hold in our brains much faster than logic (read \u201c<\/span><a href=\"https:\/\/us.macmillan.com\/books\/9780374533557\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">Thinking, Fast and Slow<\/span><\/a><span style=\"font-weight: 400;\">,\u201d by the Nobel-Prize winner Daniel Kahneman). Most of us are already in an emotional state with the world challenges we face, and as such, we have to pay additional attention to allow our logical brains to make the right decisions. As security teams work to adjust to organizational changes and increases in remote work, it\u2019s key to remain logical as we assess how to react to vulnerabilities in the tools we use to enable our daily work.<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Read more about <\/span><\/i><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/tag\/video-conferencing-security\/\"><i><span style=\"font-weight: 400;\">best practices for video conferencing security<\/span><\/i><\/a><i><span style=\"font-weight: 400;\">. <\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerabilities in conferencing tools don\u2019t necessarily mean you should stop using them.<\/p>\n","protected":false},"author":150,"featured_media":108494,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6769,6765],"tags":[102,7099],"coauthors":[1466],"class_list":["post-111083","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-public-sector","category-secure-the-enterprise","tag-remote-access","tag-video-conferencing-security"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/03\/IMG_2009.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/111083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=111083"}],"version-history":[{"count":1,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/111083\/revisions"}],"predecessor-version":[{"id":111084,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/111083\/revisions\/111084"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/108494"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=111083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=111083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=111083"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=111083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}