Welcome!

News Feed Item

Tripwire Releases Comprehensive Coverage for Heartbleed OpenSSL Vulnerability

Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced detection for Heartbleed (CVE–2014-0160), the OpenSSL vulnerability announced on April 8, 2014, by Codenomicon and Neel Mehta, a security researcher for Google. All Tripwire vulnerability management products, including Tripwire® IP360™, Tripwire® PureCloud and Tripwire® SecureScan, provide authenticated and unauthenticated checks for Heartbleed.

“While the response to this vulnerability has initially focused on web servers, it is much more widespread than that,” said Lamar Bailey, director of Tripwire’s Vulnerability and Exposure Research Team (VERT). “It’s important that information security professionals validate multiple services and operating systems with specific vulnerability checks in order to really understand their exposure to this risk. Simple banner checks and running only authenticated tests are not comprehensive enough, particularly for something this serious."

OpenSSL is used with a variety of networking products, and many organizations will have more than one vulnerable application or operating system. While web servers are an obvious target, Heartbleed also affects File Transfer Protocol (FTP), Internet Message Access Protocol (IMAP), Post Office Protocol version 3 (POP3), Extensible Messaging and Presence Protocol (XMPP), and Simple Mail Transfer Protocol (SMTP). Because Heartbleed can affect so many different applications, finding and remediating this critical vulnerability quickly across multiple machines can be a daunting task.

Tripwire SecureScan provides free vulnerability scanning for up to 100 IP addresses and includes comprehensive detection rules that discover Heartbleed in a wide variety of conditions. Tripwire SecureScan contains the same robust vulnerability checks included in Tripwire IP360, a vulnerability management solution used by the largest, most sensitive networks in the world.

Specific Heartbleed-related checks include:

  • Remote SSL/TLS vulnerability checks.
  • Remote vulnerability checks for SMTP, POP3, XMPP, IMAP and FTP – services that speak plain text and then switch to SSL/TLS.
  • Local Windows OpenVPN vulnerability check.
  • Local Linux distribution checks for Ubuntu, SUSE, RedHat, CentOS and Oracle Enterprise Linux.
  • A recommendation on issuing a new SSL certificate.

“It is rare for a vulnerability to be as extensive and severe as Heartbleed and the industry reaction is telling as to the severity. We will be dealing with the fallout for a long time,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “We’re pleased to be able to consistently offer both authenticated and unauthenticated detection across a variety of applications and operating systems, from the entirely free Tripwire SecureScan product to the enterprise class vulnerability management in Tripwire IP360.”

Tripwire® Enterprise and Tripwire® Log Center® can also detect Heartbleed using custom rules and policies.

To sign up for a free license of SecureScan, please visit: https://www.tripwire.com/securescan/?home-banner.

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com, get security news, trends and insights at http://www.tripwire.com/state-of-security/ or follow us on Twitter @TripwireInc.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Increasing IoT connectivity is forcing enterprises to find elegant solutions to organize and visualize all incoming data from these connected devices with re-configurable dashboard widgets to effectively allow rapid decision-making for everything from immediate actions in tactical situations to strategic analysis and reporting. In his session at 18th Cloud Expo, Shikhir Singh, Senior Developer Relations Manager at Sencha, will discuss how to create HTML5 dashboards that interact with IoT devic...
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, will explain how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
There is an ever-growing explosion of new devices that are connected to the Internet using “cloud” solutions. This rapid growth is creating a massive new demand for efficient access to data. And it’s not just about connecting to that data anymore. This new demand is bringing new issues and challenges and it is important for companies to scale for the coming growth. And with that scaling comes the need for greater security, gathering and data analysis, storage, connectivity and, of course, the...
Artificial Intelligence has the potential to massively disrupt IoT. In his session at 18th Cloud Expo, AJ Abdallat, CEO of Beyond AI, will discuss what the five main drivers are in Artificial Intelligence that could shape the future of the Internet of Things. AJ Abdallat is CEO of Beyond AI. He has over 20 years of management experience in the fields of artificial intelligence, sensors, instruments, devices and software for telecommunications, life sciences, environmental monitoring, process...
Struggling to keep up with increasing application demand? Learn how Platform as a Service (PaaS) can streamline application development processes and make resource management easy.
SYS-CON Events announced today that Ericsson has been named “Gold Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. Ericsson is a world leader in the rapidly changing environment of communications technology – providing equipment, software and services to enable transformation through mobility. Some 40 percent of global mobile traffic runs through networks we have supplied. More than 1 billion subscribers around the world re...
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists will dis...
Many private cloud projects were built to deliver self-service access to development and test resources. While those clouds delivered faster access to resources, they lacked visibility, control and security needed for production deployments. In their session at 18th Cloud Expo, Steve Anderson, Product Manager at BMC Software, and Rick Lefort, Principal Technical Marketing Consultant at BMC Software, will discuss how a cloud designed for production operations not only helps accelerate developer...
We’ve worked with dozens of early adopters across numerous industries and will debunk common misperceptions, which starts with understanding that many of the connected products we’ll use over the next 5 years are already products, they’re just not yet connected. With an IoT product, time-in-market provides much more essential feedback than ever before. Innovation comes from what you do with the data that the connected product provides in order to enhance the customer experience and optimize busi...
Much of the value of DevOps comes from a (renewed) focus on measurement, sharing, and continuous feedback loops. In increasingly complex DevOps workflows and environments, and especially in larger, regulated, or more crystallized organizations, these core concepts become even more critical. In his session at @DevOpsSummit at 18th Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, will show how, by focusing on 'metrics that matter,' you can provide objective, transparent, and meaningfu...
The increasing popularity of the Internet of Things necessitates that our physical and cognitive relationship with wearable technology will change rapidly in the near future. This advent means logging has become a thing of the past. Before, it was on us to track our own data, but now that data is automatically available. What does this mean for mHealth and the "connected" body? In her session at @ThingsExpo, Lisa Calkins, CEO and co-founder of Amadeus Consulting, will discuss the impact of wea...
If there is anything we have learned by now, is that every business paves their own unique path for releasing software- every pipeline, implementation and practices are a bit different, and DevOps comes in all shapes and sizes. Software delivery practices are often comprised of set of several complementing (or even competing) methodologies – such as leveraging Agile, DevOps and even a mix of ITIL, to create the combination that’s most suitable for your organization and that maximize your busines...
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, will discuss how leveraging the Industrial Interne...
Up until last year, enterprises that were looking into cloud services usually undertook a long-term pilot with one of the large cloud providers, running test and dev workloads in the cloud. With cloud’s transition to mainstream adoption in 2015, and with enterprises migrating more and more workloads into the cloud and in between public and private environments, the single-provider approach must be revisited. In his session at 18th Cloud Expo, Yoav Mor, multi-cloud solution evangelist at Cloudy...