The day the world got to know of Heartbleed, is going to be a day that security professionals, across organizations, more than anyone else will remember in infamy. The moment word got out of this vulnerability via the security intelligence community, Indusface’s security teams have been working overtime to ensure all locks are in place to protect customers with mission-critical websites from exposure due to Heartbleed. We proactively reached out to all our customers by issuing a security incident report and suggesting remediation guidelines for this vulnerability.
As a precautionary measure, Indusface in collaboration with most of its customer’s security teams volunteered to perform automated application scanning and manual penetration tests, across the internet-facing assets which customers wanted to be tested for security issues related to Heartbleed. In parallel, the signatures in our automated scanning solution were upgraded within 24 hours to ensure that such issues were detected in future scans. This has further strengthened our ability to continuously monitor and detect this vulnerability, and ensure that it is fixed in a timely manner. Organizations within our security ecosystem were informed to avail free application security checks for all their application assets and still can do so.
Interestingly, we encountered a situation where two customers had a serious issue introduced by a recently acquired layer 7 protection device. Even though this was not in the scope of work defined, our security experts worked round the clock to help the customer troubleshoot and identify the issues. Upon identification, fixes were recommended and implemented to ensure customer’s assets were secured.
Unfortunately, since an exploit due to this vulnerability does not leave a trail of leads to follow on to its detection, it is important for security teams to provide the utmost vigilance in proactively staying a step ahead of all possible known exploits that could happen here.
Our real-time methodology to place the right detection, defense and protection mechanisms in place for our customers showcases the powerful strength of our solution’s capabilities. We will continue to enhance our solutions to continuously help our customers stay secure from any issues cropping up due to any vulnerabilities, as of now specifically Heartbleed.
Stay tuned for more relevant and interesting security articles. Follow Indusface on Facebook, Twitter, and LinkedIn.
This post was last modified on December 25, 2023 12:27
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More
Secure Node.js APIs using best practices: Employ proper HTTP methods, robust authentication, and API-specific security… Read More
