Real time, continuous detection, defense and protection from Heartbleed by Indusface
The day the world got to know of Heartbleed, is going to be a day that security professionals, across organizations, more than anyone else will remember in infamy. The moment word got out of this vulnerability via the security intelligence community, Indusface’s security teams have been working overtime to ensure all locks are in place to protect customers with mission-critical websites from exposure due to Heartbleed. We proactively reached out to all our customers by issuing a security incident report and suggesting remediation guidelines for this vulnerability.
As a precautionary measure, Indusface in collaboration with most of its customer’s security teams volunteered to perform automated application scanning and manual penetration tests, across the internet-facing assets which customers wanted to be tested for security issues related to Heartbleed. In parallel, the signatures in our automated scanning solution were upgraded within 24 hours to ensure that such issues were detected in future scans. This has further strengthened our ability to continuously monitor and detect this vulnerability, and ensure that it is fixed in a timely manner. Organizations within our security ecosystem were informed to avail free application security checks for all their application assets and still can do so.
Interestingly, we encountered a situation where two customers had a serious issue introduced by a recently acquired layer 7 protection device. Even though this was not in the scope of work defined, our security experts worked round the clock to help the customer troubleshoot and identify the issues. Upon identification, fixes were recommended and implemented to ensure customer’s assets were secured.
Unfortunately, since an exploit due to this vulnerability does not leave a trail of leads to follow on to its detection, it is important for security teams to provide the utmost vigilance in proactively staying a step ahead of all possible known exploits that could happen here.
Our real-time methodology to place the right detection, defense and protection mechanisms in place for our customers showcases the powerful strength of our solution’s capabilities. We will continue to enhance our solutions to continuously help our customers stay secure from any issues cropping up due to any vulnerabilities, as of now specifically Heartbleed.