The 'Heartbleed' vulnerability (CVE-2014-0160) has put the spotlight on the ramifications of zero day vulnerabilities. As news of the vulnerability broke and a patch became available, sysadmins around the globe were scrambling to patch or upgrade their servers. At the same time, security experts were also rushing to determine both how to detect and filter based on the signature of an Heartbleed attack and also the extent to which an attacked server may have been compromised .
These investigations even resorted to crowd-sourcing, for example, Cloudflare hosted an open competition to encourage hackers to answer the question, "can a site's private SSL keys be compromised?". Initially it was thought not, but unfortunately later the answer turned out to be affirmative.
Since the Heartbleed issue struck at the core of the web infra-structure, a library linked against Internet facing applications, the upgrade process itself was non-trivial for Ops teams to accomplish. It was required to take a position on version compatibility and application validation of often mission critical applications and possible service disruption weighed against the security risk of prolonged exposure. In many cases, the answer would have been to upgrade early without the normal testing that would usually be made when introducing an OS or library change into a production environment.
The recently launched SolarSecure product operates on every server within the data center and provides an additional layer to protect applications from Internet threats in addition to the standard Operating System mechanisms. Once the Heartbleed vulnerability rules were added to SolarSecure, it was able to protect each server immediately and without requiring application or library upgrades, patches or significant compatibility testing. Further, after upgrading, Solarsecure is able to offload such attacks from applications and can block Heartbleed and other attacks with little or no impact to application performance.
In summary, Heartbleed was a zero day vulnerability which required immediate action. Using SolarSecure enables such action to be effected very quickly accross the Enterprise.
Next Time ...