How Heartbleed Is Changing Security

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
Next How Heartbleed Is Changing Security-7 Next

Changes to enterprise security

Even if passwords are here to stay and two-factor authentication is seen as a small step above passwords and usernames, experts believe that Heartbleed will force enterprises to evaluate security methods already in place.

According to Steve Hultquist, CIO and VP of Customer Success at RedSeal Networks, we’re likely to see wider implementation of systems that offer complete, network-wide visibility and that allow companies to see which paths are potentially open and which servers are vulnerable, prioritizing the most important issues first and helping the enterprise to apply patches accordingly. Hultquist added that in most organizations today, there are still cracks in the security architecture, gaps in visibility, and a resulting inability to actually see what could happen across the network. We're likely to see redoubled efforts to bridge the gaps between security groups, security products, logs data and analytics, and network infrastructure systems.

Expect to see more scrutiny on open source applications and a push for larger companies using these applications to provide financial assistance for better testing and security reviews, added Dodi Glenn, ThreatTrack's senior director of Security Intelligence and Research Labs. Glenn also pointed out that we may see more creative approaches to passwords and authentication, such as graphical passwords and more widespread use of tokens for authentication.

Few cybersecurity issues have people talking, and worried, like the Heartbleed bug.

As Chester Wisniewski explained in a CNN article:

The bug itself is a simple, honest mistake in the computer code that was intended to reduce the computing resources encryption consumes. The problem is that this bug made it past the quality assurance tests and has been deployed across the Internet for nearly two years.

Heartbleed hit in ways that we once naturally assumed were secure. It affected OpenSSL, an open source code, and the open source community has long prided itself on its high levels of security. And it affected encryption, which every security expert recommends when asked how to best transmit data. Mike Gross, director of professional services and risk management at 41st Parameter, stated:

Heartbleed exposed a major gap in security that will have significant downstream effects on consumers for years. While the Heartbleed flaw itself had a relatively simple fix on the surface and consumer-facing sites and Web portals, the big unknown is whether all known servers and mobile apps affected by the flaw have been patched across large and complex enterprises. That's a very difficult undertaking and a single gap could expose consumers to the same data compromise risk and organizations to a repeat of the recent scramble.

What is most worrisome to many computer users is the widespread reach of Heartbleed. This isn’t a simple breach of one company or a vulnerability that has touched one software application. It affects the financial industry, small businesses, firewalls, printers, machinery in power plants. The list is seemingly endless.

How will enterprise security react to Heartbleed? Is this the push needed to finally re-evaluate passwords and other ineffective methods of network security?

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.