Free Heartbleed cure leads ExtraHop to SecOps future

Latest security vulnerability demonstrates the need for a closer relationship between security and operations teams

  • 10 years ago Posted in

Sorting out the aftermath of worldwide Heartbleed exploit is an issue that is going affect many businesses for a while. This inevitably leads to the appearance of new tools aimed at helping to relieve the pressures on business that Heartbleed has created.

One of the latest to appear comes from IT operational intelligence and analytics specialist, ExtraHop, which has announced a free enterprise solution designed to help security and IT operations teams detect the Heartbleed exploit in SSL servers, proactively patch affected services, and reissue certificates before security is further compromised.

The company also sees Heartbleed as marker for the development for greater SecOps in business, the coming together of security and operations teams as parts of a unified systems and service management environment.

Threats like Heartbleed that operate under the radar for extended periods of time as well as those that are more readily identified like the November 2013 Target data breach, call for greater cooperation between both security and IT operations teams.

Just as DevOps methodologies evolved to unify development/test and IT operations, a similar shift in IT is occurring with SecOps – a cross-departmental approach where siloed security and IT operations teams collaborate to proactively and consistently monitor systems and network activity to protect their business from attacks. Wire data is a crucial, cross-tier source of visibility enabling this cooperation between security and operations.

“Everyone understands the commercial sense of 24×7 availability, the value of real-time business interactions, and the operational efficiency that comes from maintaining the highest possible levels of availability. With this in mind, it is difficult to understand why downtime caused by security failures is viewed so differently. If efforts to keep business systems up and running under all operational circumstances are accepted as being vital to the health of the business, why is it that not enough focus is placed on the need to protect organisations from attacks that can cause significant downtime, customer inconvenience, and reputational damage?” said Andrew Kellett, Principal Analyst, Software–IT Solutions at global analyst firm, Ovum, in his report titled `Proactive security is required in highly regulated industries’.

ExtraHop sees itself as part of this new move to link security and operations, rather than continue to have treated as separate and distinct functions within the IT organisation. It also sees the Heartbleed vulnerability underscoring the need for greater prioritisation of security concerns within operations, and a more collaborative ‘SecOps’ approach that ensures both availability and security across the IT environment.

To that end, it sees its wire data analytics platform as purpose-built to equip IT operations and security teams with the visibility they need to collaboratively identify and eliminate vulnerabilities such as Heartbleed while limiting disruption to the organisation and its customers.

Its benefits include proactively identifying potential threats with SSL transaction analysis, including certificates used, session details, cipher suites, connections over time, record sizes, and other metrics for every SSL transaction. It can also analyse SSL records by content type, including application data, change cipher, handshakes, alerts, and even heartbeats – the message used in the Heartbleed exploit.

SSL traffic spikes by heartbeat can be identified to alert IT to potential exploitation of the Heartbleed vulnerability.

The Heartbleed-specific bundle expands the capabilities of the ExtraHop compliance and security solution, which delivers correlated, cross-tier visibility for IT teams to pervasively and persistently monitor their environments and detect anomalous behaviour. This approach complements intrusion prevention (IPS), intrusion detection (IDS), and Security Information and Event Management (SIEM) systems, laying the foundation for deep collaboration between IT operations and IT security teams.

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...