Security Ratings

BitSight Releases ROBOT Vulnerability Identification Feature

David Soohoo | December 20, 2017

Within the BitSight Security Ratings platform, we prioritize features specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. BitSight now enables users to identify organizations who are potentially vulnerable to ROBOT — short for "Return Of Bleichenbacher's Oracle Threat"— attacks. The vulnerability behind the ROBOT attack was originally discovered in 1998 and has resurfaced through a number of proprietary TLS/SSL implementations, affecting some of the most popular websites — including Facebook and PayPal. The vulnerability ultimately provides a method by which an attacker can decrypt TLS/SSL traffic and obtain sensitive information.

This new functionality to identify where ROBOT exists across your supply chain is very similar to the feature within the platform that allows organizations are potentially vulnerable to Struts attacks. BitSight users can navigate to the Portfolio page and use the Vulnerabilities filter to find organizations potentially vulnerable to ROBOT attacks. They can then go to a company’s Diligence page and search for “ROBOT” to find the potentially vulnerable hosts.

ROBOT_vulnerability_filter_mock_companies.gif

This new feature provides valuable insight into the security posture of an organization (and its vendors). With global cyber attacks that exploit internal vulnerabilities, companies must keep track of the endpoints on their network and ensure that patching is enabled and up-to-date. BitSight is leading the way in the Security Rating Services industry to provide insights like this to better equip security and risk professionals to reduce the cyber risk associated with their third parties and within their organizations.

Want to learn more about BitSight Security Ratings?

Take A Tour

Suggested Posts

Use the right cybersecurity analytics to make a business case for risk management

Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year...

READ MORE »

A response to Security Ratings - Love, Loathe or Live With Them

A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has...

READ MORE »

Content Security Policy Limits Dangerous Activity… So Why Isn’t Everyone Doing It?

Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and threats.  Users expect that the sites and services they rely on are...

READ MORE »

Subscribe to get security news and updates in your inbox.