Detailed SSL Transaction Analysis Detects Heartbeats Used in the Heartbleed Exploit, Enabling IT Ops and Security Teams to Rapidly Neutralize Threats
[Update, September 15, 2015]: The ExtraHop Discovery Edition is no longer in active development or maintenance, but current license-holders may continue using all features described in this post.
SEATTLE, WA – April 24, 2014 – ExtraHop, the global leader in real-time wire-data analytics for IT operational intelligence, today announced that the ExtraHop Discovery Edition, a free-forever performance monitoring appliance, enables security and IT operations teams to rapidly detect the Heartbleed exploit in SSL servers with a new Heartbleed solution bundle. With this visibility, IT teams can proactively patch affected servers and reissue certificates before security is further compromised.
Threats like Heartbleed that operate under the radar for extended periods of time, as well as readily-identified threats like the November 2013 Target data breach, call for greater cooperation between both security and IT operations teams. Just as DevOps methodologies have evolved to unify development/test and IT operations, a similar shift in IT is occurring with SecOps – a cross-departmental approach where siloed security and IT operations teams collaborate to proactively and continuously monitor systems and network activity to protect their business from attacks. Wire data is the lynchpin for this crucial, cross-tier visibility.
"Everyone understands the commercial sense of 24×7 availability, the value of real-time business interactions, and the operational efficiency that comes from maintaining the highest possible levels of availability. With this in mind, it is difficult to understand why downtime caused by security failures is viewed so differently. If efforts to keep business systems up and running under all operational circumstances are accepted as being vital to the health of the business, why is it that not enough focus is placed on the need to protect organizations from attacks that can cause significant downtime, customer inconvenience, and reputational damage?" said Andrew Kellet, Principal Analyst, Software–IT Solutions at global analyst firm, Ovum, in his report titled Proactive Security is Required in Highly Regulated Industries.
"While security and operations have often been treated as separate and distinct functions within the IT organization, the goals of these teams are very much the same—to keep vital business systems up and running while reducing risk to the organization," said Jesse Rothstein, CEO, ExtraHop. "The Heartbleed vulnerability underscores the need for greater prioritization of security concerns within operations, and a more collaborative SecOps approach that ensures both availability and security across the IT environment."
The ExtraHop Wire Data Analytics platform, coupled with the Heartbleed solution bundle, equips IT operations and security teams with the visibility they need to work together to identify and eliminate vulnerabilities like Heartbleed while limiting disruption to the organization and its customers. The benefits of using ExtraHop to identify Heartbleed include the following:
- Proactively identify potential threats with SSL transaction analysis, including certificates used, session details, cipher suites, connections over time, record sizes, and other metrics for every SSL transaction.
- Analyze SSL records by content type, including application data, change cipher spec, handshake, alert, and even heartbeat – the message used in the Heartbleed exploit.
- Recognize spikes in SSL traffic by heartbeat to alert IT to potential exploitation of the Heartbleed vulnerability.
- Map the geographic origin of requests for a particular protocol in real time with the ExtraHop geomap capability, enabling businesses to spot heartbeat messages of suspicious or unusual origin.
To begin detecting Heartbleed exploits immediately, download the free-forever ExtraHop virtual appliance and then install the Heartbleed solution bundle. You can learn more in the blog post: Detect Heartbleed Exploits with ExtraHop's Free Download.
ExtraHop is the global leader in real-time wire data analytics. The ExtraHop Operational Intelligence Platform analyzes all L2–L7 communications, including full bidirectional transactional payloads. This innovative approach provides the correlated, cross-tier visibility essential for application performance, availability, and security in today's complex and dynamic IT environments. The winner of numerous awards from Interop, SearchNetworking, and others, the ExtraHop platform scales up to 20Gbps in a single appliance, deploys without agents, and delivers tangible value immediately upon deployment. Learn what we mean at www.extrahop.com or follow us on Twitter @ExtraHop.