We Eat Our Own Dog Food, and It's Delicious
When the Heartbleed bug was announced on April 7, the first thing ExtraHop’s IT department did was patch its servers. The next thing they did was conduct an audit of every SSL transaction for the previous two years, searching for Heartbleed activity using the ExtraHop platform.
Read the post from Bri Hatch, ExtraHop IT Director
DevOps' Hearts Race While CISO Looks for Heartbleed
Field Engineer Vihar Chokshi wows a CISO by showing him how easily the ExtraHop platform detects Heartbleed attempts. Meanwhile, his DevOps team sits on edge as he kicks off a multi-day network scan of their entire environment.
Listen in on Vihar's conversation with the CISO
ExtraHop’s Free-Forever Discovery Edition Detects Heartbleed
Interested in trying out ExtraHop for yourself? With either the full version or Discovery Edition, you can see all SSL transactions by content type and sender/recipient, including the heartbeat messages used in the Heartbleed exploit.
Watch the video or read the blog post to learn more, and then download the Discovery Edition
virtual appliance.
Target's Data Breach: What IT Pros on LinkedIn Had to Say
After the Target data breach last November, we posted an update to our LinkedIn page, asking “What’s the lesson from Target’s data breach?” We received 52 responses from IT professionals and summarized them in a blog post.
Read the best responses from the LinkedIn community.
Experts: Heartbleed Will Affect Security for Years
The priority in fixing Heartbleed vulnerabilities is public-facing web properties, but the bug will plague enterprise IT groups for years because of unpatched internal devices, according to security experts interviewed by InformationWeek’s DarkReading.com.
You should be worried about FTP over SSL, VPN servers and clients, legacy systems, VOIP phones, and even printers. Our take: All the more reason to analyze SSL transactions, including heartbeat messages, using ExtraHop. If it’s on the wire, we’ll see it.
Read the full article.
|