Security Ratings

BitSight Releases ROBOT Vulnerability Identification Feature

David Soohoo | December 20, 2017

Within the BitSight Security Ratings platform, we prioritize features specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. BitSight now enables users to identify organizations who are potentially vulnerable to ROBOT — short for "Return Of Bleichenbacher's Oracle Threat"— attacks. The vulnerability behind the ROBOT attack was originally discovered in 1998 and has resurfaced through a number of proprietary TLS/SSL implementations, affecting some of the most popular websites — including Facebook and PayPal. The vulnerability ultimately provides a method by which an attacker can decrypt TLS/SSL traffic and obtain sensitive information.

This new functionality to identify where ROBOT exists across your supply chain is very similar to the feature within the platform that allows organizations are potentially vulnerable to Struts attacks. BitSight users can navigate to the Portfolio page and use the Vulnerabilities filter to find organizations potentially vulnerable to ROBOT attacks. They can then go to a company’s Diligence page and search for “ROBOT” to find the potentially vulnerable hosts.

ROBOT_vulnerability_filter_mock_companies.gif

This new feature provides valuable insight into the security posture of an organization (and its vendors). With global cyber attacks that exploit internal vulnerabilities, companies must keep track of the endpoints on their network and ensure that patching is enabled and up-to-date. BitSight is leading the way in the Security Rating Services industry to provide insights like this to better equip security and risk professionals to reduce the cyber risk associated with their third parties and within their organizations.

Want to learn more about BitSight Security Ratings?

Take A Tour

Suggested Posts

Content Security Policy Limits Dangerous Activity… So Why Isn’t Everyone Doing It?

Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and threats.  Users expect that the sites and services they rely on are...

READ MORE »

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...

READ MORE »

Do You Need to Create Segmented Networks to Protect Critical Assets?

Network segmentation — the act of dividing a network into multiple smaller, isolated networks that are not visible from the outside — has long been used to reduce cyber risk. At its core, segmentation assumes a “zero trust” approach to...

READ MORE »

Subscribe to get security news and updates in your inbox.