Welcome!

News Feed Item

Security Rapid Response Bulletin: Remediation for Heartbleed Vulnerability Requires Keys and Certificates to Be Replaced

Venafi Offers the Only Solution to Find and Fix Vulnerable Cryptographic Keys and Digital Certificates Across the Enterprise

SALT LAKE CITY, UT -- (Marketwired) -- 04/09/14 -- Venafi, the inventor of Next-Generation Trust Protection systems, today warns that the most devastating vulnerability of 2014 and beyond comes from failing to replace all keys and certificates on systems impacted by the OpenSSL Heartbleed bug. Without replacing keys and certificates, Heartbleed leaves open doors into Global 2000 organizations and governments with perpetual security vulnerabilities since attackers can spoof legitimate websites, decrypt private communications, and steal the most sensitive data.

The Heartbleed OpenSSL vulnerability impacts at least 50% of the public facing webservers on the Internet, enabling attackers for the last 3 years to extract private keys, digital certificates and other sensitive data. Keys and certificates establish the trust businesses and government rely on for secure banking, ecommerce, and private communications. Attacks that take advantage of the recently publicized vulnerability are an order of magnitude larger than the Target Corporation data breach reported late last year. This is because this vulnerability affects virtually every organization that uses the internet and is one that can be exploited by simply visiting a website and taking advantage of the vulnerability. No special skills or tools are required.

Register and attend a live webinar for more information on responding to Heartbleed at www.venafi.com/heartbleed.

To close the door on these vulnerabilities, organizations should follow these recommendations:

  • Identify all public facing servers using OpenSSL 1.0.1 - 1.0.1f and upgrade to OpenSSL 1.0.1g
  • Identify keys and certificates to fix based on knowledge of vulnerable applications
  • Generate new keys and X.509 certificates
  • Install new keys and certificates on servers, revoke vulnerable certificates

As simple as these steps sound, many organizations are challenged to carry them out.

"While the Heartbleed code has been fixed, it is alarming that many organizations remain vulnerable. Most Global 2000 organizations and governments don't have a clear path to quickly change out the thousands of affected and exposed keys and certificates in order to ensure security," says Jeff Hudson, CEO of Venafi. "But if they don't change out every one of those keys and certificates quickly, the continued exposure to Heartbleed means attackers can keep spoofing legitimate websites, decrypting private communications, and stealing the most sensitive data."

Venafi can help affected organizations identify and change all the SSL keys and certificates that are vulnerable. Venafi's business is to help organizations move from a vulnerable situation to a safe, secure, and trusted state. Organizations can request help at http://www.venafi.com/contact.

Venafi's incident response to Heartbleed includes Venafi TrustAuthority™ which identifies and replaces vulnerable keys and certificates. TrustAuthority builds an intelligent inventory of keys and certificates, understands how they're used, identifies vulnerabilities, and replaces them. Further, TrustAuthority continuously monitors the certificates and detects and remediates anomalies as they are identified on an ongoing basis. In other words, get from vulnerable to secure and stay that way.

Many organizations that are Venafi customers today, have rapidly responded to Heartbleed and are back to a known secure state using Venafi TrustForce. TrustForce fully automates the protection of keys and certificates enabling organizations to protect hundreds of thousands of keys and certificates and respond by automatically changing keys and certificates in minutes.

Register and attend a live webinar for more information on responding to Heartbleed at www.venafi.com/heartbleed.

Read the Venafi Customer Security Rapid Response Bulletin here.

To get the latest news and information about Venafi:
Visit the blog at http://www.venafi.com/blog
Follow us on Twitter: @Venafi
Follow us on LinkedIn: http://www.linkedin.com/company/venafi
Follow us on Google+: http://www.google.com/+VenafiCo
Like us on Facebook: https://www.facebook.com/Venafi

About Venafi
Venafi is the leading cybersecurity company in Next-Generation Trust Protection (NGTP). Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. As part of an enterprise infrastructure protection strategy, Venafi Trust Protection Platform prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity and increased threats, and remediates errors and attacks by automatically replacing keys and certificates. Venafi Threat Center provides research and threat intelligence for trust-based attacks. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
As software becomes more and more complex, we, as software developers, have been splitting up our code into smaller and smaller components. This is also true for the environment in which we run our code: going from bare metal, to VMs to the modern-day Cloud Native world of containers, schedulers and micro services. While we have figured out how to run containerized applications in the cloud using schedulers, we've yet to come up with a good solution to bridge the gap between getting your contain...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
"We host and fully manage cloud data services, whether we store, the data, move the data, or run analytics on the data," stated Kamal Shannak, Senior Development Manager, Cloud Data Services, IBM, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
Information technology (IT) advances are transforming the way we innovate in business, thereby disrupting the old guard and their predictable status-quo. It’s creating global market turbulence. Industries are converging, and new opportunities and threats are emerging, like never before. So, how are savvy chief information officers (CIOs) leading this transition? Back in 2015, the IBM Institute for Business Value conducted a market study that included the findings from over 1,800 CIO interviews ...
"Operations is sort of the maturation of cloud utilization and the move to the cloud," explained Steve Anderson, Product Manager for BMC’s Cloud Lifecycle Management, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackIQ...
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new da...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
"We got started as search consultants. On the services side of the business we have help organizations save time and save money when they hit issues that everyone more or less hits when their data grows," noted Otis Gospodnetić, Founder of Sematext, in this SYS-CON.tv interview at @DevOpsSummit, held June 9-11, 2015, at the Javits Center in New York City.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his Day 2 Keynote at @ThingsExpo, Henrik Kenani Dahlgren, Portfolio Marketing Manager at Ericsson, discussed how to plan to cooperate, partner, and form lasting all-star teams to change the...