Welcome!

Linux Containers Authors: Pat Romanski, Liz McMillan, Elizabeth White, Yeshim Deniz, Zakia Bouachraoui

News Feed Item

Tripwire Expands Detection for Heartbleed

Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced expanded detection for Heartbleed (CVE–2014-0160), the OpenSSL vulnerability. All Tripwire vulnerability management products, including Tripwire® IP360™, Tripwire® PureCloud and Tripwire® SecureScan, provide comprehensive authenticated and unauthenticated checks for Heartbleed and Tripwire® Log Center® can detect a Heartbleed attack in progress.

“The initial response to Heartbleed has been focused on external scans and Web servers,” said Lamar Bailey, director of Tripwire’s Vulnerability and Exposure Research Team (VERT). “However, the long-term impact for most organizations is on their internal networks. This is where Heartbleed can affect a wide variety of servers, applications and operating systems. Because Heartbleed exploits have the potential to do significant long-term damage, IT and security teams now need to focus on internal networks."

The list of potentially vulnerable internal assets includes mission-critical internal applications and SSL-enabled services. These include File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Post Office Protocol version 3 (POP3), Extensible Messaging and Presence Protocol (XMPP), and Simple Mail Transfer Protocol (SMTP). The process of finding and patching Heartbleed vulnerabilities on internal networks is time and resource-intensive.

Tripwire SecureScan provides free internal vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Heartbleed in a wide variety of conditions. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.

In addition to SSL/TLS, SMTP, POP3, XMPP, IMAP, local Linux and FTP Heartbleed-related checks, Tripwire products now include checks for Heartbleed vulnerabilities in:

  • Juniper Junos OpenSSL.
  • Debian TLS.
  • PostgreSQL TLS.

Tripwire Log Center provides correlation rules for intrusion detection and intrusion prevention systems and generates alerts on Heartbleed exploit attempts in real-time. Tripwire Log Center also provides in-depth security analytics and reports on historical patterns related to these exploits. These rules currently support known Heartbleed intrusion detection signatures for these vendors and products:

  • Cisco Intrusion Detection System (IDS).
  • Cisco Intrusion Protection System (IPS).
  • McAfee Network Security Manager (NSM).
  • Palo Alto Firewall.
  • Snort® / Sourcefire.

“One of the most challenging aspects of Heartbleed remediation is finding every instance of it on internal networks,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “It is going to take time for vendors to assess where their products might be vulnerable and then publish updates. We are all going to be hunting for Heartbleed for a long time.”

Tripwire® Enterprise can also detect Heartbleed attacks in real-time using custom rules and policies.

To sign up for a free license of SecureScan, please visit: https://www.tripwire.com/securescan/?home-banner.

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.