While the theft of source code for Symantec's pcAnywhere has put the remote-access program in the spotlight, the security issues posed by remote management products are not new. In fact, data released over the last year shows that poorly configured remote-access programs routinely account for a significant portion of data breaches and network security incidents.
Remote-access software, for example, led to a stunning 62 percent of breaches studied by security firm Trustwave in its recently released global security report (resource has moved). The company looked at 300 breaches it investigated on behalf of clients and analyzed the results of 2,000 penetration tests. The data matches up with Verizon's annual survey of breach data from its own security practice and investigations by the U.S. Secret Service. The company found that hacking accounted for half of all breaches, and 64 percent of those hacks exploited weaknesses in remote-access software.
"The market problem is much bigger than pcAnywhere," says Joel Bomgar, CEO and founder of enterprise remote-management software maker Bomgar. "That entire category of technology is inherently risk prone. When you have listening ports, someone is going to find a way to brute-force it." Read more.