Welcome!

Recurring Revenue Authors: Zakia Bouachraoui, Elizabeth White, Yeshim Deniz, Pat Romanski, Xenia von Wedel

News Feed Item

97 Percent of Global 2000 External Servers Remain Vulnerable to Cyber Attacks Due to Heartbleed

New On-Demand Vulnerability Report Reveals Gaps in Heartbleed Remediation and Cryptographic Key and Digital Certificate Security

SALT LAKE CITY, UT -- (Marketwired) -- 07/29/14 -- Venafi, the leader of Next-Generation Trust Protection solutions, today announced in its Q3 Heartbleed Threat Research Analysis that 97 percent of Global 2000 organizations' public-facing servers remain vulnerable to cyber attacks due to incomplete Heartbleed remediation. This leaves the door open for attackers to spoof legitimate websites, decrypt private communications, and steal sensitive data sent over SSL. To assist organizations with complete Heartbleed remediation, including comprehensive cryptographic key and digital certificate security, Venafi now offers its Venafi Labs Vulnerability Report -- the same report used for the Venafi Q3 Heartbleed Threat Research Analysis -- to all organizations.

Undiscovered for over two years, Heartbleed is an OpenSSL vulnerability that allows attackers to extract data in memory simply by communicating with a host server. Successful exploits show that sensitive data, including passwords, SSL/TLS keys, and X.509 digital certificates, could be extracted. In addition to applying the OpenSSL patch, organizations must assume that all keys and certificates were compromised, given the extent and duration of the vulnerability.

Following Heartbleed's discovery, experts from Bruce Schneier to Gartner warned that, to fully remediate Heartbleed, all SSL keys and certificates must be replaced. Gartner analyst Erik Heidt warned that past "lazy" security and patch management was insufficient and that all keys and certificates should be replaced. Venafi Labs research from July 2014 found that critical security flaws remain due to a systemic failure to replace vulnerable keys and revoke and replace digital certificates.

For its Threat Research Analysis, Venafi Labs evaluated 1,639 Global 2000 organizations across more than 550,000 public-facing servers and found critical security flaws using the Venafi Labs Vulnerability Report. The report reveals that only 387 Global 2000 organizations have fully remediated Heartbleed, accounting for an astonishingly small three percent of the total public-facing servers scanned. The remaining ninety-seven percent have significant exposure to ongoing cyber attacks and malicious activity. Enterprises must also assume, just as many did with user IDs and passwords, that all keys and certificates were compromised -- not just the keys and certificates that secured the systems hosting the Heartbleed vulnerability -- and must be revoked and replaced. Thousands of applications behind the firewall, including those of Cisco, Juniper, HP, IBM, Oracle, McAfee, Symantec and many others, remain exposed.

"IT Security teams are under the false notion that they have remediated Heartbleed by applying a software patch. But if someone walks into your house through an open door and steals your house keys, you don't then rely on the same locks once you've closed the door. Organizations must find and replace all of their keys and certificates -- all of them. Otherwise massive security gaps and open doors remain. Enterprises need to equip themselves with systems to detect keys and certificates across their networks and in the cloud, and rapidly respond and remediate by replacing them," said Kevin Bocek, ‎vice president, security strategy and threat intelligence, Venafi.

Recommended response and remediation:

  • Know where all of an organization's keys and certificates are located
  • Generate new cryptographic keys, request new certificates
  • Apply new keys and certificates, revoke old ones
  • Validate remediation to ensure new keys and certificates are in place and operational

To help with this remediation, organizations can now run a customized Venafi Labs Vulnerability Report that reveals their specific key and certificate security exposure. This complementary, online report enables users to generate an on-demand SSL/TLS vulnerability assessment for their organization's entire publicly facing server footprint, including subsidiaries. The report helps users understand key and certificate vulnerabilities specific to their organization and clearly identifies the most egregious vulnerabilities that require immediate remediation to reduce attack surfaces and risk. Unlike other vulnerability reports, the Venafi service associates all of an organization's hosts and their keys and certificates across domains and geographies. The report is available at https://www.venafi.com/threat-center/vulnerability-report/.

Download the Venafi Q3 Heartbleed Threat Research Analysis (PDF) at: http://www.venafi.com/heartbleedanalysis/.

To get the latest news and information about Venafi:
Visit the blog: http://www.venafi.com/blog
Follow us on Twitter: @Venafi
Follow us on LinkedIn: http://www.linkedin.com/company/venafi
Follow us on Google+: http://www.google.com/+VenafiCo
Like us on Facebook: https://www.facebook.com/Venafi

About Venafi
Venafi is the leading cybersecurity company in Next-Generation Trust Protection. Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. As part of an enterprise infrastructure protection strategy, Venafi Trust Protection Platform prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity and increased threats, and remediates errors and attacks by automatically replacing keys and certificates. Venafi Threat Center provides research and threat intelligence for trust-based attacks. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare, and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners, and Origin Partners. For more information, visit www.venafi.com.

Image Available: http://www2.marketwire.com/mw/frame_mw?attachid=2646727

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

IoT & Smart Cities Stories
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...