Because Heartbleed exploits have the potential to do significant long-term damage, IT and security teams now need to focus on internal networks
Portland, Oregon (PRWEB) April 24, 2014
Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced expanded detection for Heartbleed(CVE–2014-0160), the OpenSSL vulnerability. All Tripwire vulnerability management products, including Tripwire® IP360™, Tripwire® PureCloud and Tripwire® SecureScan, provide comprehensive authenticated and unauthenticated checks for Heartbleed and Tripwire® Log Center® can detect a Heartbleed attack in progress.
“The initial response to Heartbleed has been focused on external scans and Web servers,” said Lamar Bailey, director of Tripwire’s Vulnerability and Exposure Research Team (VERT). “However, the long-term impact for most organizations is on their internal networks. This is where Heartbleed can affect a wide variety of servers, applications and operating systems. Because Heartbleed exploits have the potential to do significant long-term damage, IT and security teams now need to focus on internal networks."
The list of potentially vulnerable internal assets includes mission-critical internal applications and SSL-enabled services. These include File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Post Office Protocol version 3 (POP3), Extensible Messaging and Presence Protocol (XMPP), and Simple Mail Transfer Protocol (SMTP). The process of finding and patching Heartbleed vulnerabilities on internal networks is time and resource-intensive.
Tripwire SecureScan provides free internal vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Heartbleed in a wide variety of conditions. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.
In addition to SSL/TLS, SMTP, POP3, XMPP, IMAP, local Linux and FTP Heartbleed-related checks, Tripwire products now include checks for Heartbleed vulnerabilities in:
- Juniper Junos OpenSSL.
- Debian TLS.
- PostgreSQL TLS.
Tripwire Log Center provides correlation rules for intrusion detection and intrusion prevention systems and generates alerts on Heartbleed exploit attempts in real-time. Tripwire Log Center also provides in-depth security analytics and reports on historical patterns related to these exploits. These rules currently support known Heartbleed intrusion detection signatures for these vendors and products:
- Cisco Intrusion Detection System (IDS).
- Cisco Intrusion Protection System (IPS).
- McAfee Network Security Manager (NSM).
- Palo Alto Firewall.
- Snort® / Sourcefire.
“One of the most challenging aspects of Heartbleed remediation is finding every instance of it on internal networks,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “It is going to take time for vendors to assess where their products might be vulnerable and then publish updates. We are all going to be hunting for Heartbleed for a long time.”
Tripwire® Enterprise can also detect Heartbleed attacks in real-time using custom rules and policies.
To sign up for a free license of SecureScan, please visit: https://www.tripwire.com/securescan/?home-banner.
Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats.