Stemming the ‘Heartbleed’ Bug with deep visibility into IT environments

Threats like Heartbleed that operate under the radar for extended periods of time as well as those that are more readily identified like the November 2013 Target data breach, call for greater cooperation between both security and IT operations teams. Just as DevOps methodologies evolved to unify development/test and IT operations, a similar shift in IT is occurring with SecOps – a cross-departmental approach where siloed security and IT operations teams collaborate to proactively and consistently monitor systems and network activity to protect their business from attacks. Wire data is a crucial, cross-tier source of visibility enabling this cooperation between security and operations.

“Everyone understands the commercial sense of 24×7 availability, the value of real-time business interactions, and the operational efficiency that comes from maintaining the highest possible levels of availability. With this in mind, it is difficult to understand why downtime caused by security failures is viewed so differently. If efforts to keep business systems up and running under all operational circumstances are accepted as being vital to the health of the business, why is it that not enough focus is placed on the need to protect organisations from attacks that can cause significant downtime, customer inconvenience, and reputational damage?” said Andrew Kellett, Principal Analyst, Software–IT Solutions at global analyst firm, Ovum, in his report titled “Proactive security is required in highly regulated industries.”

“While security and operations have often been treated as separate and distinct functions within the IT organisation, the goals of these teams are very much the same – keep vital business systems up and running while reducing risk to the organisation,” said Jesse Rothstein, CEO, ExtraHop. “The Heartbleed vulnerability underscores the need for greater prioritisation of security concerns within operations, and a more collaborative ‘SecOps’ approach that ensures both availability and security across the IT environment.”

Leveraging ExtraHop’s wire data analytics platform, the Heartbleed solution is purpose-built to equip IT operations and security teams with the visibility they need to collaboratively identify and eliminate vulnerabilities while limiting disruption to the organisation and its customers.

Benefits include:
· Proactively identify potential threats with SSL transaction analysis, including certificates used, session details, cipher suites, connections over time, record sizes, and other metrics for every SSL transaction.
· Analyse SSL records by content type, including application data, change cipher, handshakes, alerts, and even heartbeats – the message used in the Heartbleed exploit.
· Identify spikes in SSL traffic by heartbeat to alert IT to potential exploitation of the Heartbleed vulnerability.
· Map the geographic origin of requests for a particular protocol in real-time with ExtraHop geomap capability, enabling businesses to spot heartbeat messages of suspicious or unusual origin.

The Heartbleed-specific bundle expands the capabilities of the ExtraHop compliance and security solution, which delivers correlated, cross-tier visibility for IT teams to pervasively and persistently monitor their environments and detect anomalous behavior. This approach complements intrusion prevention (IPS), intrusion detection (IDS), and Security Information and Event Management (SIEM) systems, laying the foundation for deep collaboration between IT operations and IT security teams.
To begin detecting Heartbleed exploits immediately, customer must download the free-forever ExtraHop virtual appliance and then install the Heartbleed solution bundle.