Dealing with the Heartbleed Fallout

It hasn’t been a fun few weeks for anyone. All sorts of systems were impacted all because of a popularly used OpenSSL cryptography library. Information was lost, accounts were breached and contingency plans were activated. Just to put it into perspective – according to the most recent statistics from Google, Android 4.1 accounts for 34.4 percent of handsets powered by Android. Google’s statistics only specify the market share percentage for Android 4.1 Jelly Bean, but there are a few newer versions of that software including version 4.1.1, which is said to be vulnerable to the bug, and version 4.1.2.

Security researchers have reportedly told Bloomberg that Android 4.1.1 is still used in millions of smartphones and tablets, including some made by Samsung and HTC. Google spokesperson Christopher Katsaros also confirmed to Bloomberg that there are millions of devices running on the affected software.

So, Heartbleed happened – now what? Many organizations – both cloud-based and on-premise shops – felt the impact of this vulnerability. Believe it or not, some data centers weren’t impacted quite as badly as others. What set them apart and how can you better protect your environment moving forward? Let’s take a look.

• Proactive monitoring. It’s one thing to have proactive monitoring – and another to actually act on it. Organizations are creating intelligent alerts and early warning systems to let them know if there is an anomaly or serious issue at hand. These alerts can help recognize a vulnerability, misconfigured port or an impending attack before they become very serious issues. Consider this – some organizations with good monitoring solutions were able to proactively see intruders on their network trying to access services using OpenSSL. This helped them stay a lot more proactive and secure their infrastructure faster.
• Virtual security technologies. It’s no longer about the standard unified threat management (UTM) appliance. Rather, organizations are deploying mixed systems where both virtual and physical technologies can make positive impacts on your platform. Here’s something to consider – not all VPN and SSL-based systems were impacted. Citrix’s NetScaler appliance (virtual and physical) was not actually impacted by the Heartbleed vulnerability. Having powerful virtual appliances in your environment can not only increase visibility across your network – it can also mitigate a serious attack.
• Advanced IPS/IDS and DLP. These technologies are absolutely critical. When speaking with a friend recently he told me that they had a part of their VPN compromised when Heartbleed happened. However, by using powerful IPS/IDS technologies he was able to find the bots on his network hitting the impacted VPN instances. Although some credentials were leaked, the sheer speed at which he was able to catch the issues helped the very large organization prevent anything major from actually happening. He was able to block IPs, bots, and malicious services even before a fix for Heartbleed was released.
• Log aggregation. Think of it as a “virtual paper trail.” Aggregating your logs from firewalls, security services, and other virtual instances is critical. What’s more important is your ability to quantify that data. Remember to set alerts and notifications should anomalies occur. Aggregating logs for reactive purposes can be very useful. Similarly, if an event occurs – log aggregation technologies can be tied to monitoring services. Most importantly, you’ll be able to trace where attacks happened, how they happened, and ensure that this type of issue is not repeated.

No system will ever be 100% perfect. There will always be holes, bugs and vulnerabilities that the bad guys will try to exploit. Still, by maintaining a proactively monitored environment and by staying vigilant you can at least respond to these types of threats better than anyone. Remember, you have powerful security technologies at the gateway. Make sure these systems are all being updated, monitored and secured proactively. In doing so, you’ll stand a better chance of catching an issue before it becomes a serious problem.