The recent announcement by Symantec that its PC Anywhere product had been compromised is sure to be a blow to much more than just Symantec’s stock price. In the years that we have been assessing networks, the PCAnywhere platform used to be ubiquitous — authorized and/or rogue installations alike. Some connected to modems early on and then migrated to Internet connectivity when broadband became more common. As the era of GoToMyPC came into being, focus shifted away from PCAnywhere, but the product continues to have a huge install base in both the private and government sector.
For those customers of ours who are already on the NetworkBox UTM platform, they received a note last night (shown at the bottom of this post) from NetworkBox alerting them that they were already protected against PCAnywhere installations accessible from the Internet that operated through the NetworkBox. For those that are not on the NetworkBox platform, it is certainly worth considering. 24x7x365 proactively managed perimeter security (amounting, on average, to signatures being updated on the box 4 times an hour) with an entire organization looking out for and protecting your perimeter security likely far exceeds the percentage of a single FTE that you likely have tending to your perimeter today. Those already on the NetworkBox platform, we’re sure you appreciate the peace of mind that having a watchdog managing, monitoring activity, and proactive information like this brings with it.
The best path for any organization not on the NetworkBox platform who would like to verify that it does not have any susceptibility to PCAnywhere related attack vectors is to execute a comprehensive external vulnerability test that spans the entire reach of the organization’s publicly accessible IP space and all ports (while PCAnywhere uses well known ports, it can also be configured to use user-defined ports). According to InfoWorld Rapid 7 postulates that there are well over 140,000 IP Assets that are vulnerable directly from the Internet at present, many of them falsely assuming that because they are behind a firewall they are protected.
With the size of the remote workforce in healthcare and the creativity that is often employed to get work done, it is our recommendation that this announcement from Symantec be taken seriously.
Don’t hesitate to call on us if you have questions about how this announcement might affect your organization.