We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Sorting out the aftermath of worldwide Heartbleed exploit is an issue that is going affect many businesses for a while. This inevitably leads to the appearance of new tools aimed at helping to relieve the pressures on business that Heartbleed has created.
One of the latest to appear comes from IT operational intelligence and analytics specialist, ExtraHop, which has announced a free enterprise solution designed to help security and IT operations teams detect the Heartbleed exploit in SSL servers, proactively patch affected services, and reissue certificates before security is further compromised.
The company also sees Heartbleed as marker for the development for greater SecOps in business, the coming together of security and operations teams as parts of a unified systems and service management environment.
Threats like Heartbleed that operate under the radar for extended periods of time as well as those that are more readily identified like the November 2013 Target data breach, call for greater cooperation between both security and IT operations teams.
Just as DevOps methodologies evolved to unify development/test and IT operations, a similar shift in IT is occurring with SecOps – a cross-departmental approach where siloed security and IT operations teams collaborate to proactively and consistently monitor systems and network activity to protect their business from attacks. Wire data is a crucial, cross-tier source of visibility enabling this cooperation between security and operations.
“Everyone understands the commercial sense of 24×7 availability, the value of real-time business interactions, and the operational efficiency that comes from maintaining the highest possible levels of availability. With this in mind, it is difficult to understand why downtime caused by security failures is viewed so differently. If efforts to keep business systems up and running under all operational circumstances are accepted as being vital to the health of the business, why is it that not enough focus is placed on the need to protect organisations from attacks that can cause significant downtime, customer inconvenience, and reputational damage?” said Andrew Kellett, Principal Analyst, Software–IT Solutions at global analyst firm, Ovum, in his report titled `Proactive security is required in highly regulated industries’.
ExtraHop sees itself as part of this new move to link security and operations, rather than continue to have treated as separate and distinct functions within the IT organisation. It also sees the Heartbleed vulnerability underscoring the need for greater prioritisation of security concerns within operations, and a more collaborative ‘SecOps’ approach that ensures both availability and security across the IT environment.
To that end, it sees its wire data analytics platform as purpose-built to equip IT operations and security teams with the visibility they need to collaboratively identify and eliminate vulnerabilities such as Heartbleed while limiting disruption to the organisation and its customers.
Its benefits include proactively identifying potential threats with SSL transaction analysis, including certificates used, session details, cipher suites, connections over time, record sizes, and other metrics for every SSL transaction. It can also analyse SSL records by content type, including application data, change cipher, handshakes, alerts, and even heartbeats – the message used in the Heartbleed exploit.
SSL traffic spikes by heartbeat can be identified to alert IT to potential exploitation of the Heartbleed vulnerability.
The Heartbleed-specific bundle expands the capabilities of the ExtraHop compliance and security solution, which delivers correlated, cross-tier visibility for IT teams to pervasively and persistently monitor their environments and detect anomalous behaviour. This approach complements intrusion prevention (IPS), intrusion detection (IDS), and Security Information and Event Management (SIEM) systems, laying the foundation for deep collaboration between IT operations and IT security teams.
