The Latest Palo Alto Networks News
Product and Solution Information, Press Releases, Announcements
|Palo Alto Networks Provides Enterprise Customers Protection From Heartbleed Vulnerability|
|Posted: Fri Apr 11, 2014 02:35:48 PM|
Santa Clara, Calif., April 11, 2014 - Palo Alto Networks (NYSE: PANW), the leader in enterprise security, announced it provides protection from the Heartbleed bug (vulnerability CVE-2014-0160) for its enterprise customers.
According to the US Cert Alert (TA14-098A) that was documented on April 8, 2014, this vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the heartbeat extension.
- Neal Moss, systems and network analyst, IT infrastructure at BYU Hawaii
- Raj Shah, senior director of cybersecurity at Palo Alto Networks
For its customers, Palo Alto Networks provides unique protection from exploitation of the Heartbleed vulnerability, including:
For enterprises who are not Palo Alto Networks customers that are concerned about protecting themselves, we suggest, at a minimum, updating web servers to the latest patched version of OpenSSL available as of April 7, 2014 (1.0.1g), and immediately replacing SSL private keys after the patch is in place.
More about the vulnerability
The Heartbleed bug is associated with a critical vulnerability in OpenSSL that was recently disclosed that affects servers running OpenSSL 1.0.1 through 1.0.1f, estimated at "over 17% of SSL web servers which use certificates issued by trusted certificate authorities." At worst, the vulnerability can lead to compromise of nearly the total contents of any server running affected versions of OpenSSL-enabled application, including internal services.