BitSight

Poodle Vulnerability: Verify Security Diligence In Vendor Ecosystem

Ben Fagan | October 17, 2014

Third party breaches have become a common occurrence in the last year. From Target to Home Depot and Goodwill, major organizations have been compromised from vulnerabilities present in their extended network ecosystems. Compounding fears surrounding third party vulnerabilities, the last year has also seen no less than three major security flaws affecting basic internet protocols. The first two, Heartbleed and Bash, grabbed media headlines and left businesses scrambling to ensure they weren't left vulnerable. Just this week, another major security flaw dubbed Poodle was uncovered by security researchers. This bug affects SSL v3, a widely used protocol to secure communications over the internet. With growing concern about third party security and the seemingly neverending revelations of internet bugs, organizations are left wondering how they can better gain visibility into the vulnerability of their third parties when it comes to basic configuration hygiene.

Screen_Shot_2014-10-17_at_9.23.04_AM

Preview of BitSight's Poodle Vulnerability Test in the Security Ratings Portal

While the news often focuses on major cyber attacks and sophisticated malware campaigns, basic diligence measures can be a major vulnerability in a company’s network. Yet, while most companies can easily check to see if they have properly configured SPF, SSL or DKIM records, it isn’t always easy to verify that third parties have implemented these configurations. To address these concerns, BitSight has released a new feature in the Security Ratings portal that gives customers the ability to check themselves and third parties for vulnerability to the Poodle bug. Along with panels to check for vulnerability to Heartbleed and Bash, this new feature demonstrates BitSight’s commitment to continuously provide customers with insight into their own networks, and networks in their extended ecosystems. 

Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...

READ MORE »

Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...

READ MORE »

Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...

READ MORE »

Subscribe to get security news and updates in your inbox.