Click here to close now.


News Feed Item

Tripwire Releases Comprehensive Coverage for Heartbleed OpenSSL Vulnerability

Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced detection for Heartbleed (CVE–2014-0160), the OpenSSL vulnerability announced on April 8, 2014, by Codenomicon and Neel Mehta, a security researcher for Google. All Tripwire vulnerability management products, including Tripwire® IP360™, Tripwire® PureCloud and Tripwire® SecureScan, provide authenticated and unauthenticated checks for Heartbleed.

“While the response to this vulnerability has initially focused on web servers, it is much more widespread than that,” said Lamar Bailey, director of Tripwire’s Vulnerability and Exposure Research Team (VERT). “It’s important that information security professionals validate multiple services and operating systems with specific vulnerability checks in order to really understand their exposure to this risk. Simple banner checks and running only authenticated tests are not comprehensive enough, particularly for something this serious."

OpenSSL is used with a variety of networking products, and many organizations will have more than one vulnerable application or operating system. While web servers are an obvious target, Heartbleed also affects File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Post Office Protocol version 3 (POP3), Extensible Messaging and Presence Protocol (XMPP), and Simple Mail Transfer Protocol (SMTP). Because Heartbleed can affect so many different applications, finding and remediating this critical vulnerability quickly across multiple machines can be a daunting task.

Tripwire SecureScan provides free vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Heartbleed in a wide variety of conditions. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.

Specific Heartbleed-related checks include:

  • Remote SSL/TLS vulnerability checks.
  • Remote vulnerability checks for SMTP, POP3, XMPP, IMAP and FTP – services that speak plain text and then switch to SSL/TLS.
  • Local Windows OpenVPN vulnerability check.
  • Local Linux distribution checks for Ubuntu, SUSE, RedHat, CentOS and Oracle Enterprise Linux.
  • A recommendation on issuing a new SSL certificate.

“It is rare for a vulnerability to be as extensive and severe as Heartbleed and the industry reaction is telling as to the severity. We will be dealing with the fallout for a long time,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “We’re pleased to be able to consistently offer both authenticated and unauthenticated detection across a variety of applications and operating systems, from the entirely free Tripwire SecureScan product to the enterprise class vulnerability management in Tripwire IP360.”

Tripwire® Enterprise and Tripwire® Log Center® can also detect Heartbleed using custom rules and policies.

To sign up for a free license of SecureScan, please visit:

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at, get security news, trends and insights at or follow us on Twitter @TripwireInc.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that Agema Systems will exhibit at the 17th International Cloud Expo®, which will take place on November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Agema Systems is the leading provider of critical white-box rack solutions to data centers through the major integrators and value added distribution channels.
The cloud has reached mainstream IT. Those 18.7 million data centers out there (server closets to corporate data centers to colocation deployments) are moving to the cloud. In his session at 17th Cloud Expo, Achim Weiss, CEO & co-founder of ProfitBricks, will share how two companies – one in the U.S. and one in Germany – are achieving their goals with cloud infrastructure. More than a case study, he will share the details of how they prioritized their cloud computing infrastructure deployments ...
Data loss happens, even in the cloud. In fact, if your company has adopted a cloud application in the past three years, data loss has probably happened, whether you know it or not. In his session at 17th Cloud Expo, Bryan Forrester, Senior Vice President of Sales at eFolder, will present how common and costly cloud application data loss is and what measures you can take to protect your organization from data loss.
Interested in leveraging automation technologies and a cloud architecture to make developers more productive? Learn how PaaS can benefit your organization to help you streamline your application development, allow you to use existing infrastructure and improve operational efficiencies. Begin charting your path to PaaS with OpenShift Enterprise.
Decisions about budgets and resources are often made without IT even having a seat at the table. As technologist we understand the value of DevOps - but do your business counterparts? If they don't, your DevOps initiatives could lose funding before they start. In her session at DevOps Summit, Jeanne Morain, Strategist / Author at iSpeak Cloud, LLC, will provide insights on how to bridge the gap between business and technology leaders. Attendees will learn prescriptive guidance on balancing wor...
Organizations already struggle with the simple collection of data resulting from the proliferation of IoT, lacking the right infrastructure to manage it. They can't only rely on the cloud to collect and utilize this data because many applications still require dedicated infrastructure for security, redundancy, performance, etc. In his session at 17th Cloud Expo, Emil Sayegh, CEO of Codero Hosting, will discuss how in order to resolve the inherent issues, companies need to combine dedicated a...
The modern software development landscape consists of best practices and tools that allow teams to deliver software in a near-continuous manner. By adopting a culture of automation, measurement and sharing, the time to ship code has been greatly reduced, allowing for shorter release cycles and quicker feedback from customers and users. Still, with all of these tools and methods, how can teams stay on top of what is taking place across their infrastructure and codebase? Hopping between services a...
For almost two decades, businesses have discovered great opportunities to engage with customers and even expand revenue through digital systems, including web and mobile applications. Yet, even now, the conversation between the business and the technologists that deliver these systems is strained, in large part due to misaligned objectives. In his session at DevOps Summit, James Urquhart, Senior Vice President of Performance Analytics at SOASTA, Inc., will discuss how measuring user outcomes –...
Clearly the way forward is to move to cloud be it bare metal, VMs or containers. One aspect of the current public clouds that is slowing this cloud migration is cloud lock-in. Every cloud vendor is trying to make it very difficult to move out once a customer has chosen their cloud. In his session at 17th Cloud Expo, Naveen Nimmu, CEO of Clouber, Inc., will advocate that making the inter-cloud migration as simple as changing airlines would help the entire industry to quickly adopt the cloud wit...
While testing is often ignored when it comes to DevOps - it could be the most important aspect of achieving true DevOps success. Without rethinking automated testing from the ground-up, the entire DevOps productivity gain cannot be realized. Large tech companies build their own rapid test automation that runs in minutes across functional, performance, security and other tests. In his session at DevOps Summit, Kevin Surace, CEO of Appvance, will discuss how we learn from these real-world succe...
SYS-CON Events announced today that VividCortex, the monitoring solution for the modern data system, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The database is the heart of most applications, but it’s also the part that’s hardest to scale, monitor, and optimize even as it’s growing 50% year over year. VividCortex is the first unified suite of database monitoring tools specifically desi...
Apps and devices shouldn't stop working when there's limited or no network connectivity. Learn how to bring data stored in a cloud database to the edge of the network (and back again) whenever an Internet connection is available. In his session at 17th Cloud Expo, Bradley Holt, Developer Advocate at IBM Cloud Data Services, will demonstrate techniques for replicating cloud databases with devices in order to build offline-first mobile or Internet of Things (IoT) apps that can provide a better, ...
“All our customers are looking at the cloud ecosystem as an important part of their overall product strategy. Some see it evolve as a multi-cloud / hybrid cloud strategy, while others are embracing all forms of cloud offerings like PaaS, IaaS and SaaS in their solutions,” noted Suhas Joshi, Vice President – Technology, at Harbinger Group, in this exclusive Q&A with Cloud Expo Conference Chair Roger Strukhoff.
SYS-CON Events announced today that Cloud Raxak has been named “Media & Session Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Raxak Protect automates security compliance across private and public clouds. Using the SaaS tool or managed service, developers can deploy cloud apps quickly, cost-effectively, and without error.
DevOps is gaining traction in the federal government – and for good reasons. Heightened user expectations are pushing IT organizations to accelerate application development and support more innovation. At the same time, budgetary constraints require that agencies find ways to decrease the cost of developing, maintaining, and running applications. IT now faces a daunting task: do more and react faster than ever before – all with fewer resources.