But usually without such consequences. In this situation with Carbon Black, I am most interested in the actual reasons of all this media noise. From what point business as usual becomes a scandal. Ok, when you see Carbon Black customer’s private files in public access at Virus Total it’s a 100% epic fail. But what about other options.
Illustration from investigation by DirectDefense
- Agent makes file analysis by himself on user’s host. It’s probably ok. Some paranoid person, like me, may say that it’s possible that data may leak during the update process, like in case of M.E.Doc. But it probably can be detected it in traffic somehow.
- Agent sends file to the vendor’s cloud for further analysis in some private multiscanner. Vendor will have copy of your private data. What if this data will leak? Are you sure that vendor will bear responsibility for this?
- Agent sends file to vendor’s cloud, vendor than sends it to some third-party for analysis. Are you sure vendors that you use doesn’t do this? How can you investigate this? What will be your next actions if you figure out that they do it without your permission?
- Agent sends file to the vendor’s cloud, vendor then sends it to some third-party for analysis, third-party opens access to this file for a wide range of people.