IT Central Station is now PeerSpot: Here's why

What are the threats associated with using ‘bogus’ cybersecurity tools?

Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)

There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 

What are some of the threats that may be associated with using 'fake' cybersecurity tools?

What can people do to ensure that they're using a tool that actually does what it says it does?

PeerSpot user
1213 Answers

SimonClark - PeerSpot reviewer
Top 5LeaderboardMSP/MSSP

Dan Doggendorf gave sound advice.

Whilst some of the free or cheap platforms will provide valuable information and protection, your security strategy has to be layered. Understand what you want to protect and from whom. At some point you will need to spend money but how do you know where to spend it? There are over 5,000 security vendors to choose from.

There is no silver bullet and throwing money at it won’t necessarily fix what you are at risk from but at the same time free products are free for a reason.

If your organisation doesn’t have a large team of security experts to research the market and build labs then you need to get outside advice. Good Cyber-advisors will understand your business and network architecture therefore will ask the right questions to help you to navigate the plethora of vendors and find the ones that are right for where your business is now and where you intend it to be in the future.

Large IT resellers will sell you what they have in their catalogues based on what you ask for and give a healthy discount too but that may not fix the specific risks your business is vulnerable to. A consultative approach is required for such critical decisions.

By the way, there are free security products and services that I recommend.

Danny Miller - PeerSpot reviewer

Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved. 

Doctor Mafuwafuwane - PeerSpot reviewer
Real User

Open Source or Free products need proper management. Based on my experience I have found that many people who uses open source don't bother to patch them and attackers then utilize such loopholes.

One of the great example one client was using free vulnerability management plus IP scanner. And they got hit with ransomware. During the investigation I realise the attacker utilized the same tool to affect other devices on the network. The attack took his time at least 2 months unnoticed. 

Basil Dange - PeerSpot reviewer
Top 5LeaderboardReal User

One should 1st have details understanding of what he/she is looking to protect within environment as tool are specially designed for point solution. Single tool will not able to secure complete environment and you should not procure any solution without performing POC within your environment 

As there is possibility that tool which works for your peer organisation does not work in similar way for yours as each organisation has different components and workload/use case

Javier Medina - PeerSpot reviewer
Top 5Real User

You should build a lab, try the tools and analyze the traffic and behavior with a traffic analizer like wireshark and any sandbox or edr that shows you what the tools do, but all this should be outside your production environment, use tools that has been released by the company provider and not third party downloads or unknown or untrusted sources.

Javier Medina - PeerSpot reviewerJavier Medina
Top 5Real User

Assosiated threats are many, like data loss, data exfiltración, vlan hoppin, sensible data expossure, ransomeware, etc.

Curtis Yanko - PeerSpot reviewer
Top 5Vendor

I suppose it depends on just how 'bogus' they are. If they are truly 'bogus' then you are likely looking at a trojan. If, however, we are just talking about a 'bad' security tool then you are talking about trying to manage your security with bad or missing information.

reviewer1266459 - PeerSpot reviewer
Top 5LeaderboardReal User

Refrain from free products

Delete products and traces of product after evaluation

Always know what you want from the cybersecurity solution. Can identify illegal operations of the products if different from its stipulated functions.

Work with recognised partners and solution providers

Download opensource from reputable sites

KarenBonomi - PeerSpot reviewer

Tools are not necessarily bogus. Sometimes they are just 'legacy' tools that have been around for too long and no longer fit the problem they were designed to solve, simply because IT infrastructure, organizational needs, and cybersecurity threat complexity have evolved

Alan - PeerSpot reviewer
Top 5Real User

Bogus cybersecurity tools might bring about the data exfiltration, trojan horse 

Dawid Van Der Merwe - PeerSpot reviewer
Top 5LeaderboardVendor

I think this is quite an open-ended question.

Since cyber security is quite a vast world, it might be better to start small. Ask yourself what it is you are looking for or need. From there you can start asking specific questions based on that need. You should then be able to get more specific answers. Free doesn't always mean bad, but it probably will mean that you require more man power and more technical skills to manage it correctly. There are also quite a few "community" options available. Quite often you might start with a free solution and then upgrade that solution to their paid version which would give you more features.

So find out what it is you need and grow from there.

J Rice - PeerSpot reviewer

The biggest threat in using "bogus" or fake tools would be that they are themselves actually tools for someone else to access you. Its a very plausible and likely scenario. 

Buyer's Guide
Application Security
June 2022
Find out what your peers are saying about SonarSource, Veracode, Snyk and others in Application Security. Updated: June 2022.
609,272 professionals have used our research since 2012.