Welcome!

News Feed Item

Security Rapid Response Bulletin: Remediation for Heartbleed Vulnerability Requires Keys and Certificates to Be Replaced

Venafi Offers the Only Solution to Find and Fix Vulnerable Cryptographic Keys and Digital Certificates Across the Enterprise

SALT LAKE CITY, UT -- (Marketwired) -- 04/09/14 -- Venafi, the inventor of Next-Generation Trust Protection systems, today warns that the most devastating vulnerability of 2014 and beyond comes from failing to replace all keys and certificates on systems impacted by the OpenSSL Heartbleed bug. Without replacing keys and certificates, Heartbleed leaves open doors into Global 2000 organizations and governments with perpetual security vulnerabilities since attackers can spoof legitimate websites, decrypt private communications, and steal the most sensitive data.

The Heartbleed OpenSSL vulnerability impacts at least 50% of the public facing webservers on the Internet, enabling attackers for the last 3 years to extract private keys, digital certificates and other sensitive data. Keys and certificates establish the trust businesses and government rely on for secure banking, ecommerce, and private communications. Attacks that take advantage of the recently publicized vulnerability are an order of magnitude larger than the Target Corporation data breach reported late last year. This is because this vulnerability affects virtually every organization that uses the internet and is one that can be exploited by simply visiting a website and taking advantage of the vulnerability. No special skills or tools are required.

Register and attend a live webinar for more information on responding to Heartbleed at www.venafi.com/heartbleed.

To close the door on these vulnerabilities, organizations should follow these recommendations:

  • Identify all public facing servers using OpenSSL 1.0.1 - 1.0.1f and upgrade to OpenSSL 1.0.1g
  • Identify keys and certificates to fix based on knowledge of vulnerable applications
  • Generate new keys and X.509 certificates
  • Install new keys and certificates on servers, revoke vulnerable certificates

As simple as these steps sound, many organizations are challenged to carry them out.

"While the Heartbleed code has been fixed, it is alarming that many organizations remain vulnerable. Most Global 2000 organizations and governments don't have a clear path to quickly change out the thousands of affected and exposed keys and certificates in order to ensure security," says Jeff Hudson, CEO of Venafi. "But if they don't change out every one of those keys and certificates quickly, the continued exposure to Heartbleed means attackers can keep spoofing legitimate websites, decrypting private communications, and stealing the most sensitive data."

Venafi can help affected organizations identify and change all the SSL keys and certificates that are vulnerable. Venafi's business is to help organizations move from a vulnerable situation to a safe, secure, and trusted state. Organizations can request help at http://www.venafi.com/contact.

Venafi's incident response to Heartbleed includes Venafi TrustAuthority™ which identifies and replaces vulnerable keys and certificates. TrustAuthority builds an intelligent inventory of keys and certificates, understands how they're used, identifies vulnerabilities, and replaces them. Further, TrustAuthority continuously monitors the certificates and detects and remediates anomalies as they are identified on an ongoing basis. In other words, get from vulnerable to secure and stay that way.

Many organizations that are Venafi customers today, have rapidly responded to Heartbleed and are back to a known secure state using Venafi TrustForce. TrustForce fully automates the protection of keys and certificates enabling organizations to protect hundreds of thousands of keys and certificates and respond by automatically changing keys and certificates in minutes.

Register and attend a live webinar for more information on responding to Heartbleed at www.venafi.com/heartbleed.

Read the Venafi Customer Security Rapid Response Bulletin here.

To get the latest news and information about Venafi:
Visit the blog at http://www.venafi.com/blog
Follow us on Twitter: @Venafi
Follow us on LinkedIn: http://www.linkedin.com/company/venafi
Follow us on Google+: http://www.google.com/+VenafiCo
Like us on Facebook: https://www.facebook.com/Venafi

About Venafi
Venafi is the leading cybersecurity company in Next-Generation Trust Protection (NGTP). Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. As part of an enterprise infrastructure protection strategy, Venafi Trust Protection Platform prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity and increased threats, and remediates errors and attacks by automatically replacing keys and certificates. Venafi Threat Center provides research and threat intelligence for trust-based attacks. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to deep and abiding love. But as with any long-term affair, the honeymoon soon leads to needing to live well together ... and maybe even getting some relationship help along the way. And so it goes with container orchestration and automation solutions, which are rapidly emerging as the means to maintain the bliss between rapid container adoption and broad container use among multiple cloud host...
The cloud era has reached the stage where it is no longer a question of whether a company should migrate, but when. Enterprises have embraced the outsourcing of where their various applications are stored and who manages them, saving significant investment along the way. Plus, the cloud has become a defining competitive edge. Companies that fail to successfully adapt risk failure. The media, of course, continues to extol the virtues of the cloud, including how easy it is to get there. Migrating...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, discussed the b...
Imagine if you will, a retail floor so densely packed with sensors that they can pick up the movements of insects scurrying across a store aisle. Or a component of a piece of factory equipment so well-instrumented that its digital twin provides resolution down to the micrometer.
The need for greater agility and scalability necessitated the digital transformation in the form of following equation: monolithic to microservices to serverless architecture (FaaS). To keep up with the cut-throat competition, the organisations need to update their technology stack to make software development their differentiating factor. Thus microservices architecture emerged as a potential method to provide development teams with greater flexibility and other advantages, such as the abili...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settle...
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchain is approaching the peak. It is considered by Gartner as one of the ‘Key platform-enabling technologies to track.’ While there is a lot of ‘hype vs reality’ discussions going on, there is no arguing that blockchain is b...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in order to protect your data and privacy, IoT applications need to embrace Blockchain technology for a new level of product security never before seen - or needed.
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, provided some practical insights on what, how and why when implementing "software-defined" in the datacent...
ChatOps is an emerging topic that has led to the wide availability of integrations between group chat and various other tools/platforms. Currently, HipChat is an extremely powerful collaboration platform due to the various ChatOps integrations that are available. However, DevOps automation can involve orchestration and complex workflows. In his session at @DevOpsSummit at 20th Cloud Expo, Himanshu Chhetri, CTO at Addteq, will cover practical examples and use cases such as self-provisioning infra...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory? In her Day 2 Keynote at @DevOpsSummit at 21st Cloud Expo, Aruna Ravichandran, VP, DevOps Solutions Marketing, CA Technologies, was jo...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mobility, enabled by an automated and seamless flow across on-premises and cloud resources. In his general session at 21st Cloud Expo, Greg Tevis, an IBM Storage Software Technical Strategist and Customer Solution Architec...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...