Palo Alto Networks has announced that it provides protection from the Heartbleed bug for its enterprise customers.
According to the US Cert Alert that was documented on April 8, 2014, this vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the heartbeat extension.
“The breadth of risk for Heartbleed goes beyond web applications like Yahoo!, Google and Facebook. Getting a good handle on all the vulnerable services that make up an organization’s attack surface can be a daunting challenge. There is hope though, because Palo Alto Networks is in a unique position to protect against Heartbleed through the next-generation design of our enterprise security platform, and the automated protections we released, preventing exploitation of this vulnerability for our customers,” Raj Shah, Senior Director of Cybersecurity at Palo Alto Networks.
For enterprises who are not Palo Alto Networks customers that are concerned about protecting themselves, we suggest, at a minimum, updating web servers to the latest patched version of OpenSSL available as of April 7, 2014 (1.0.1g), and immediately replacing SSL private keys after the patch is in place.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.