|By Business Wire||
|April 10, 2014 01:27 PM EDT||
Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced detection for Heartbleed (CVE–2014-0160), the OpenSSL vulnerability announced on April 8, 2014, by Codenomicon and Neel Mehta, a security researcher for Google. All Tripwire vulnerability management products, including Tripwire® IP360™, Tripwire® PureCloud and Tripwire® SecureScan, provide authenticated and unauthenticated checks for Heartbleed.
“While the response to this vulnerability has initially focused on web servers, it is much more widespread than that,” said Lamar Bailey, director of Tripwire’s Vulnerability and Exposure Research Team (VERT). “It’s important that information security professionals validate multiple services and operating systems with specific vulnerability checks in order to really understand their exposure to this risk. Simple banner checks and running only authenticated tests are not comprehensive enough, particularly for something this serious."
OpenSSL is used with a variety of networking products, and many organizations will have more than one vulnerable application or operating system. While web servers are an obvious target, Heartbleed also affects File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Post Office Protocol version 3 (POP3), Extensible Messaging and Presence Protocol (XMPP), and Simple Mail Transfer Protocol (SMTP). Because Heartbleed can affect so many different applications, finding and remediating this critical vulnerability quickly across multiple machines can be a daunting task.
Tripwire SecureScan provides free vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Heartbleed in a wide variety of conditions. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.
Specific Heartbleed-related checks include:
- Remote SSL/TLS vulnerability checks.
- Remote vulnerability checks for SMTP, POP3, XMPP, IMAP and FTP – services that speak plain text and then switch to SSL/TLS.
- Local Windows OpenVPN vulnerability check.
- Local Linux distribution checks for Ubuntu, SUSE, RedHat, CentOS and Oracle Enterprise Linux.
- A recommendation on issuing a new SSL certificate.
“It is rare for a vulnerability to be as extensive and severe as Heartbleed and the industry reaction is telling as to the severity. We will be dealing with the fallout for a long time,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “We’re pleased to be able to consistently offer both authenticated and unauthenticated detection across a variety of applications and operating systems, from the entirely free Tripwire SecureScan product to the enterprise class vulnerability management in Tripwire IP360.”
To sign up for a free license of SecureScan, please visit: https://www.tripwire.com/securescan/?home-banner.
Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.
- Innodisk | Efficiencies for Cloud Hardware at Cloud Expo New York
- Join Gartner, IBM, + AWS at AppSphere and save $200 when you register in August!
- In 2014 Big Data Investments Will Account for Nearly $30 Billion - Eventually Accounting for $76 Billion by 2020 End
- Global Cloud Security Market Growing at 15.7% CAGR to 2020: Forecast & Analysis in Research Report Available at ReportsnReports.com
- Video: DevOps and Security
- Worldwide Indoor Location Market Growing at 46.0% CAGR to 2019 Says a New Research Report Available at RnRMarketResearch.com
- Flexera Software's InstallAnywhere 2014 Simplifies Multi-Platform Installation for Physical, Virtual and Cloud Environments
- Mobility News Weekly – Week of August 3, 2014
- Searchmetrics Drives Over 200% World-Wide Growth As More Business Leaders Begin To Recognize The Value Of Search
- Mobility News Weekly – Week of August 17, 2014
- Digital Transformation's Impact on Enterprise Mobility and App Design Strategies
- Web Analytics Market by Solution (Search Engine Tracking & Ranking, Heat Map Analytics, Marketing Automation, Behavior Based Targeting) & by Services (Professional Services, Support & Maintenance) - Worldwide Forecasts & Analysis (2014 - 2019)
- Mobile Commerce News Weekly – Week of August 3, 2014
- Red Hat To Present At Internet of @ThingsExpo
- Mobile Cyber Security News Weekly – Week of August 10, 2014
- Where Are RIA Technologies Headed in 2008?
- Dolphin Announces Open API With Over 50 Add-ons Including Dropbox and Wikipedia
- Cloud People: A Who's Who of Cloud Computing
- 21st century Modern Alarm systems continue to play a key role in various institutions and industries
- SEO/SEM Tips & Tricks: How and When Should You Submit Your Website to Google?
- Cloud Expo 2011 East To Attract 10,000 Delegates and 200 Exhibitors
- Tips For Press Releases in Reputation Management from Industry Veteran Brandon Hopkins
- Yahoo! to Keynote 4th Cloud Expo: Accelerating Innovation with Cloud Computing
- Google Version 2.0: Googzilla - The Calculating Predator
- ManageWP Powers Over 100,000 WordPress Sites Within Three Months of Launch
- Ulitzer’s Amazing First 30 Days in Public Beta
- Google's Competitive Advantage: It Leverages "The Power of Free"
- Ulitzer vs. Ning - a Quick Review
- AOL To Enhance Video Search Engine by Adding RSS Feeds
- Confessions of a Ulitzer Addict