Click here to close now.

Welcome!

Search Authors: AppDynamics Blog, Plutora Blog, Pat Romanski, Elizabeth White, Liz McMillan

News Feed Item

97 Percent of Global 2000 External Servers Remain Vulnerable to Cyber Attacks Due to Heartbleed

New On-Demand Vulnerability Report Reveals Gaps in Heartbleed Remediation and Cryptographic Key and Digital Certificate Security

SALT LAKE CITY, UT -- (Marketwired) -- 07/29/14 -- Venafi, the leader of Next-Generation Trust Protection solutions, today announced in its Q3 Heartbleed Threat Research Analysis that 97 percent of Global 2000 organizations' public-facing servers remain vulnerable to cyber attacks due to incomplete Heartbleed remediation. This leaves the door open for attackers to spoof legitimate websites, decrypt private communications, and steal sensitive data sent over SSL. To assist organizations with complete Heartbleed remediation, including comprehensive cryptographic key and digital certificate security, Venafi now offers its Venafi Labs Vulnerability Report -- the same report used for the Venafi Q3 Heartbleed Threat Research Analysis -- to all organizations.

Undiscovered for over two years, Heartbleed is an OpenSSL vulnerability that allows attackers to extract data in memory simply by communicating with a host server. Successful exploits show that sensitive data, including passwords, SSL/TLS keys, and X.509 digital certificates, could be extracted. In addition to applying the OpenSSL patch, organizations must assume that all keys and certificates were compromised, given the extent and duration of the vulnerability.

Following Heartbleed's discovery, experts from Bruce Schneier to Gartner warned that, to fully remediate Heartbleed, all SSL keys and certificates must be replaced. Gartner analyst Erik Heidt warned that past "lazy" security and patch management was insufficient and that all keys and certificates should be replaced. Venafi Labs research from July 2014 found that critical security flaws remain due to a systemic failure to replace vulnerable keys and revoke and replace digital certificates.

For its Threat Research Analysis, Venafi Labs evaluated 1,639 Global 2000 organizations across more than 550,000 public-facing servers and found critical security flaws using the Venafi Labs Vulnerability Report. The report reveals that only 387 Global 2000 organizations have fully remediated Heartbleed, accounting for an astonishingly small three percent of the total public-facing servers scanned. The remaining ninety-seven percent have significant exposure to ongoing cyber attacks and malicious activity. Enterprises must also assume, just as many did with user IDs and passwords, that all keys and certificates were compromised -- not just the keys and certificates that secured the systems hosting the Heartbleed vulnerability -- and must be revoked and replaced. Thousands of applications behind the firewall, including those of Cisco, Juniper, HP, IBM, Oracle, McAfee, Symantec and many others, remain exposed.

"IT Security teams are under the false notion that they have remediated Heartbleed by applying a software patch. But if someone walks into your house through an open door and steals your house keys, you don't then rely on the same locks once you've closed the door. Organizations must find and replace all of their keys and certificates -- all of them. Otherwise massive security gaps and open doors remain. Enterprises need to equip themselves with systems to detect keys and certificates across their networks and in the cloud, and rapidly respond and remediate by replacing them," said Kevin Bocek, ‎vice president, security strategy and threat intelligence, Venafi.

Recommended response and remediation:

  • Know where all of an organization's keys and certificates are located
  • Generate new cryptographic keys, request new certificates
  • Apply new keys and certificates, revoke old ones
  • Validate remediation to ensure new keys and certificates are in place and operational

To help with this remediation, organizations can now run a customized Venafi Labs Vulnerability Report that reveals their specific key and certificate security exposure. This complementary, online report enables users to generate an on-demand SSL/TLS vulnerability assessment for their organization's entire publicly facing server footprint, including subsidiaries. The report helps users understand key and certificate vulnerabilities specific to their organization and clearly identifies the most egregious vulnerabilities that require immediate remediation to reduce attack surfaces and risk. Unlike other vulnerability reports, the Venafi service associates all of an organization's hosts and their keys and certificates across domains and geographies. The report is available at https://www.venafi.com/threat-center/vulnerability-report/.

Download the Venafi Q3 Heartbleed Threat Research Analysis (PDF) at: http://www.venafi.com/heartbleedanalysis/.

To get the latest news and information about Venafi:
Visit the blog: http://www.venafi.com/blog
Follow us on Twitter: @Venafi
Follow us on LinkedIn: http://www.linkedin.com/company/venafi
Follow us on Google+: http://www.google.com/+VenafiCo
Like us on Facebook: https://www.facebook.com/Venafi

About Venafi
Venafi is the leading cybersecurity company in Next-Generation Trust Protection. Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. As part of an enterprise infrastructure protection strategy, Venafi Trust Protection Platform prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity and increased threats, and remediates errors and attacks by automatically replacing keys and certificates. Venafi Threat Center provides research and threat intelligence for trust-based attacks. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare, and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners, and Origin Partners. For more information, visit www.venafi.com.

Image Available: http://www2.marketwire.com/mw/frame_mw?attachid=2646727

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
SYS-CON Events announced today that Liaison Technologies, a leading provider of data management and integration cloud services and solutions, has been named "Silver Sponsor" of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York, NY. Liaison Technologies is a recognized market leader in providing cloud-enabled data integration and data management solutions to break down complex information barriers, enabling enterprises to make smarter decisions, faster.
Participants will reach the final if their IoT solution is liked. A community vote will determine the best solutions submitted in each country, after which an expert jury will select the national winners and the best international IoT solution. Each country's best solution can win a national marketing campaign worth up to €30,000 and become a partner in Deutsche Telekom's participating markets. The winning international solution can become partner of Deutsche Telekom Group across all eight countries and reach out to a potential of 10,8 million business customers. Deutsche Telekom Group has a...
Recent technology advances in miniaturization has positioned the wearables as the pinnacle of technology convergence with the human body. We inquire if wearables are mere standard miniaturized devices extended with the connectivity and present our views on considerations like design, applications, performance, efficiency, interoperability, usage scenarios, human device interaction and consequent trade-offs enabling wearables to impart optimal value.
WebRTC Summit has announced today that Peter Dunkley has been named summit chair of WebRTC Summit 2015 New York. The 4th International WebRTC Summit will take place on June 9-11, 2015, at the Javits Center in Manhattan, New York. @ThingsExpo anticipates 90% of WebRTC companies & developers will monetize their products & services through IoT by 2016. Peter Dunkley is Technical Director at Acision. He graduated from The University of Edinburgh in 2000 with a BSc (Hons) in Computer Science. After graduation Peter worked on a PSTN switch developing signalling stacks for SS7, ISDN and simi...
In this session we look at creating interactive communications via the web by adding messaging, file transfer, and group communication (group chat and audio/video conferencing) into the web experience. We will also discuss potential applications of this technology in areas including B2B, B2C, P2P, and gaming. Peter is Technical Director at Acision. He graduated from The University of Edinburgh in 2000 with a BSc (Hons) in Computer Science. After graduation Peter worked on a PSTN switch developing signalling stacks for SS7, ISDN and similar protocols and creating advanced routing and serv...
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas.
SYS-CON Events announced today that ProfitBricks, the provider of painless cloud infrastructure, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. ProfitBricks is the IaaS provider that offers a painless cloud experience for all IT users, with no learning curve. ProfitBricks boasts flexible cloud servers and networking, an integrated Data Center Designer tool f...
SYS-CON Events announced today that Dyn, the worldwide leader in Internet Performance, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.
SYS-CON Events announced today that kintone has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. kintone promotes cloud-based workgroup productivity, transparency and profitability with a seamless collaboration space, build your own business application (BYOA) platform, and workflow automation system.
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
SYS-CON Events announced today that On the Avenue Marketing Group, a sales and marketing firm that utilizes events to market and sell products to consumers, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. On the Avenue Marketing Group (OTA) is a sales and marketing firm that utilizes events to market and sell products to consumers. On behalf of our clients, we attend thousands of fairs, festivals, expos, concerts, conferences, and sporting events annually, helping them reach millions of individuals ...
SYS-CON Events announced today that ActiveState, the leading independent Cloud Foundry and Docker-based PaaS provider, has been named “Silver Sponsor” of SYS-CON's DevOps Summit New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. ActiveState believes that enterprises gain a competitive advantage when they are able to quickly create, deploy and efficiently manage software solutions that immediately create business value, but they face many challenges that prevent them from doing so. The Company is uniquely positioned to help address these challenges thro...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
SYS-CON Events announced today that Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® and DevOps Summit 2015 New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo® and DevOps Summit 2015 Silicon Valley, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
The WebRTC Summit 2015 New York, to be held June 9-11, 2015, at the Javits Center in New York, NY, announces that its Call for Papers is open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 16th International Cloud Expo, @ThingsExpo, Big Data Expo, and DevOps Summit.
SYS-CON Events announced today that Akana, formerly SOA Software, has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Akana’s comprehensive suite of API Management, API Security, Integrated SOA Governance, and Cloud Integration solutions helps businesses accelerate digital transformation by securely extending their reach across multiple channels – mobile, cloud and Internet of Things. Akana enables enterprises to share data as APIs, connect and integrate applications, drive part...
SYS-CON Events announced today that CommVault has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. A singular vision – a belief in a better way to address current and future data management needs – guides CommVault in the development of Singular Information Management® solutions for high-performance data protection, universal availability and sim...
SYS-CON Events announced today that SafeLogic has been named “Bag Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. SafeLogic provides security products for applications in mobile and server/appliance environments. SafeLogic’s flagship product CryptoComply is a FIPS 140-2 validated cryptographic engine designed to secure data on servers, workstations, appliances, mobile devices, and in the Cloud.
The best mobile applications are augmented by dedicated servers, the Internet and Cloud services. Mobile developers should focus on one thing: writing the next socially disruptive viral app. Thanks to the cloud, they can focus on the overall solution, not the underlying plumbing. From iOS to Android and Windows, developers can leverage cloud services to create a common cross-platform backend to persist user settings, app data, broadcast notifications, run jobs, etc. This session provides a high level technical overview of many cloud services available to mobile app developers, includi...
BroadSoft on Tuesday announced that it is a recipient of the 2014 Frost & Sullivan Market Leadership Award in the Hosted/Cloud Internet Protocol (IP) Telephony market for Latin America. According to Frost & Sullivan market research, the Latin America (LATAM) hosted/cloud Internet Protocol (IP) telephony market, including integrated unified communications and collaboration (UC&C) applications, is currently experiencing a rapid growth trajectory and is expected to exhibit a tenfold rise in annual revenues in the 2013-2020 period. With more than 600 cloud deployments internationally, BroadSoft w...