The dilemma of the defender is that the attacker is able to purchase or pirate the software protections that we use to defend our networks. In it’s simplest form virus authors are able to buy, test, or steal antivirus products and keep them updated. The ability to test their product (virus) against our defenses ensures they will be successful placing their virus products in our environment.

In a limited sense this is not an impact to defense, generally signature based antivirus is considered a dead technology and it’s installed to meet regulatory compliance. This vulnerability extends to every commercial product you can purchase, attackers are able to purchase any commercial product with the default ruleset installed and test their attacks against it.

Extending the understanding of access to the products, the attacker can easily test the product itself for security vulnerabilities. While this might seem a bit ridiculous many security products receive little attention  for vulnerabilities because it’s assumed that security products would bave few if any vulnerabilities. It’s almost a blindness that security groups have for the products they aquire.

Comparatively there are very few security products in the market over business software, for most security products there is a small market. This means the attackers return on investment is higher for security software compared to most business software. If the attacker is targeting your business, it’s even easier because they can normally identify the software packages you are using from the resumes or interviews of your current and past employees.

What can you do to protect yourself from these issues? Test the security related software you purchase at least as well as any other package your purchase. As well if there are default rules built into your products ensure you have customized these rules to be relevant to your environment. If you can prevent it, don’t expose products to the Internet.