Welcome!

News Feed Item

Security Rapid Response Bulletin: Remediation for Heartbleed Vulnerability Requires Keys and Certificates to Be Replaced

Venafi Offers the Only Solution to Find and Fix Vulnerable Cryptographic Keys and Digital Certificates Across the Enterprise

SALT LAKE CITY, UT -- (Marketwired) -- 04/09/14 -- Venafi, the inventor of Next-Generation Trust Protection systems, today warns that the most devastating vulnerability of 2014 and beyond comes from failing to replace all keys and certificates on systems impacted by the OpenSSL Heartbleed bug. Without replacing keys and certificates, Heartbleed leaves open doors into Global 2000 organizations and governments with perpetual security vulnerabilities since attackers can spoof legitimate websites, decrypt private communications, and steal the most sensitive data.

The Heartbleed OpenSSL vulnerability impacts at least 50% of the public facing webservers on the Internet, enabling attackers for the last 3 years to extract private keys, digital certificates and other sensitive data. Keys and certificates establish the trust businesses and government rely on for secure banking, ecommerce, and private communications. Attacks that take advantage of the recently publicized vulnerability are an order of magnitude larger than the Target Corporation data breach reported late last year. This is because this vulnerability affects virtually every organization that uses the internet and is one that can be exploited by simply visiting a website and taking advantage of the vulnerability. No special skills or tools are required.

Register and attend a live webinar for more information on responding to Heartbleed at www.venafi.com/heartbleed.

To close the door on these vulnerabilities, organizations should follow these recommendations:

  • Identify all public facing servers using OpenSSL 1.0.1 - 1.0.1f and upgrade to OpenSSL 1.0.1g
  • Identify keys and certificates to fix based on knowledge of vulnerable applications
  • Generate new keys and X.509 certificates
  • Install new keys and certificates on servers, revoke vulnerable certificates

As simple as these steps sound, many organizations are challenged to carry them out.

"While the Heartbleed code has been fixed, it is alarming that many organizations remain vulnerable. Most Global 2000 organizations and governments don't have a clear path to quickly change out the thousands of affected and exposed keys and certificates in order to ensure security," says Jeff Hudson, CEO of Venafi. "But if they don't change out every one of those keys and certificates quickly, the continued exposure to Heartbleed means attackers can keep spoofing legitimate websites, decrypting private communications, and stealing the most sensitive data."

Venafi can help affected organizations identify and change all the SSL keys and certificates that are vulnerable. Venafi's business is to help organizations move from a vulnerable situation to a safe, secure, and trusted state. Organizations can request help at http://www.venafi.com/contact.

Venafi's incident response to Heartbleed includes Venafi TrustAuthority™ which identifies and replaces vulnerable keys and certificates. TrustAuthority builds an intelligent inventory of keys and certificates, understands how they're used, identifies vulnerabilities, and replaces them. Further, TrustAuthority continuously monitors the certificates and detects and remediates anomalies as they are identified on an ongoing basis. In other words, get from vulnerable to secure and stay that way.

Many organizations that are Venafi customers today, have rapidly responded to Heartbleed and are back to a known secure state using Venafi TrustForce. TrustForce fully automates the protection of keys and certificates enabling organizations to protect hundreds of thousands of keys and certificates and respond by automatically changing keys and certificates in minutes.

Register and attend a live webinar for more information on responding to Heartbleed at www.venafi.com/heartbleed.

Read the Venafi Customer Security Rapid Response Bulletin here.

To get the latest news and information about Venafi:
Visit the blog at http://www.venafi.com/blog
Follow us on Twitter: @Venafi
Follow us on LinkedIn: http://www.linkedin.com/company/venafi
Follow us on Google+: http://www.google.com/+VenafiCo
Like us on Facebook: https://www.facebook.com/Venafi

About Venafi
Venafi is the leading cybersecurity company in Next-Generation Trust Protection (NGTP). Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. As part of an enterprise infrastructure protection strategy, Venafi Trust Protection Platform prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity and increased threats, and remediates errors and attacks by automatically replacing keys and certificates. Venafi Threat Center provides research and threat intelligence for trust-based attacks. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that A&I Solutions has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 1999, A&I Solutions is a leading information technology (IT) software and services provider focusing on best-in-class enterprise solutions. By partnering with industry leaders in technology, A&I assures customers high performance levels across all IT environments including: mai...
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
SYS-CON Events announced today that Systena America will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Systena Group has been in business for various software development and verification in Japan, US, ASEAN, and China by utilizing the knowledge we gained from all types of device development for various industries including smartphones (Android/iOS), wireless communication, security technology and IoT serv...
SYS-CON Events announced today that Outscale will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outscale's technology makes an automated and adaptable Cloud available to businesses, supporting them in the most complex IT projects while controlling their operational aspects. You boost your IT infrastructure's reactivity, with request responses that only take a few seconds.
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive ad...
SYS-CON Events announced today that Outscale, a global pure play Infrastructure as a Service provider and strategic partner of Dassault Systèmes, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2010, Outscale simplifies infrastructure complexities and boosts the business agility of its customers. Outscale delivers a secure, reliable and industrial strength solution for its customers, which i...
SYS-CON Events announced today that Twistlock, the leading provider of cloud container security solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Twistlock is the industry's first enterprise security suite for container security. Twistlock's technology addresses risks on the host and within the application of the container, enabling enterprises to consistently enforce security policies, monitor...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus intern...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
Everywhere we turn in our industry we can find strong opinions about the direction, type and nature of cloud’s impact on computing and business. Another word that is used in every context in our industry is “hybrid.” In his session at 20th Cloud Expo, Alvaro Gonzalez, Director of Technical, Partner and Field Marketing at Peak 10, will use a combination of a few conceptual props and some research recently commissioned by Peak 10 to offer a real-world consideration of how the various categories of...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
In order to meet the rapidly changing demands of today’s customers, companies are continually forced to redefine their business strategies in order to meet these needs, stay relevant and continue to see profitable growth. IoT deployment and development is integral in this transformation, and today businesses are increasingly seeing the value of investing their resources into IoT deployments. These technologies are able increase ROI through projects such as connecting supply chains or enabling sm...