Security Ratings

BitSight Releases ROBOT Vulnerability Identification Feature

David Soohoo | December 20, 2017

Within the BitSight Security Ratings platform, we prioritize features specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. BitSight now enables users to identify organizations who are potentially vulnerable to ROBOT — short for "Return Of Bleichenbacher's Oracle Threat"— attacks. The vulnerability behind the ROBOT attack was originally discovered in 1998 and has resurfaced through a number of proprietary TLS/SSL implementations, affecting some of the most popular websites — including Facebook and PayPal. The vulnerability ultimately provides a method by which an attacker can decrypt TLS/SSL traffic and obtain sensitive information.

This new functionality to identify where ROBOT exists across your supply chain is very similar to the feature within the platform that allows organizations are potentially vulnerable to Struts attacks. BitSight users can navigate to the Portfolio page and use the Vulnerabilities filter to find organizations potentially vulnerable to ROBOT attacks. They can then go to a company’s Diligence page and search for “ROBOT” to find the potentially vulnerable hosts.

ROBOT_vulnerability_filter_mock_companies.gif

This new feature provides valuable insight into the security posture of an organization (and its vendors). With global cyber attacks that exploit internal vulnerabilities, companies must keep track of the endpoints on their network and ensure that patching is enabled and up-to-date. BitSight is leading the way in the Security Rating Services industry to provide insights like this to better equip security and risk professionals to reduce the cyber risk associated with their third parties and within their organizations.

Want to learn more about BitSight Security Ratings?

Take A Tour

Suggested Posts

BitSight Study: Healthcare Sector is Far Too Vulnerable to Cyber Threats

Healthcare is under attack. Hospitals, doctors’ networks, insurance companies, and others are prime targets for hackers due to the valuable protected health information (PHI) they store and the vital role they play in our nation’s critical...

READ MORE »

What Boards of Directors Are Missing about Cybersecurity

Cyberattacks have increased significantly in recent years, bringing vital conversations about cybersecurity into the Boardroom. As Board oversight of cybersecurity has increased, Board members — even those without technical expertise —...

READ MORE »

Research Paper Validates Security Ratings’ Correlation to Likelihood of Breach

This spring, the research paper titled “Risky Business: Assessing Security with External Measurements” was published on Cornell’s academic resource site. Authored by former BitSight data scientist, Jay Jacobs, as well as fellow academics...

READ MORE »

Subscribe to get security news and updates in your inbox.