Virtual appliances, even if they are provided by major software or cybersecurity vendors, can pose a serious risk to organizations, according to a report published on Tuesday by cloud visibility firm Orca Security.
Virtual appliances can be highly useful to organizations as they eliminate the need for dedicated hardware, they are often inexpensive or free, they are easy to configure and maintain, and they can be easily deployed on cloud platforms. Many virtual appliances can be used as provided.
Orca Security used its SideScanning technology to check virtual appliances for vulnerabilities and outdated operating systems. The company scanned a total of more than 2,200 virtual appliances from 540 vendors in April and May, and identified over 400,000 vulnerabilities.
The virtual appliances were obtained from marketplaces associated with cloud platforms such as AWS, VMware, Google Cloud Platform, and Microsoft Azure, but Orca says these virtual appliances are in many cases the same as the ones provided directly by vendors.
Orca’s analysis, which involved giving each appliance a security risk score ranging between 0 and 100, found that appliances from 8% of vendors had no issues. These vendors, which got an A+ grade, include Trend Micro, Pulse Secure, BeyondTrust and Versasec.
Nearly a quarter of the tested vendors had virtual appliances that got an A grade and 12% got a B. However, 15% of the tested appliances got an F, including ones from CA Technologies, Software AG, Intel, Zoho, Symantec, A10 Networks, Cloudflare and Micro Focus.
However, Orca noted that some vendors had some of their appliances graded A or A+ and other appliances graded F. This includes Intel, Symantec, Soho, Cognosys and Tibco.
Orca contacted each of the impacted vendors before ma ..
Support the originator by clicking the read the rest link below.
