Poodle Vulnerability: Verify Security Diligence In Vendor Ecosystem

Ben Fagan | October 17, 2014

Third party breaches have become a common occurrence in the last year. From Target to Home Depot and Goodwill, major organizations have been compromised from vulnerabilities present in their extended network ecosystems. Compounding fears surrounding third party vulnerabilities, the last year has also seen no less than three major security flaws affecting basic internet protocols. The first two, Heartbleed and Bash, grabbed media headlines and left businesses scrambling to ensure they weren't left vulnerable. Just this week, another major security flaw dubbed Poodle was uncovered by security researchers. This bug affects SSL v3, a widely used protocol to secure communications over the internet. With growing concern about third party security and the seemingly neverending revelations of internet bugs, organizations are left wondering how they can better gain visibility into the vulnerability of their third parties when it comes to basic configuration hygiene.


Preview of BitSight's Poodle Vulnerability Test in the Security Ratings Portal

While the news often focuses on major cyber attacks and sophisticated malware campaigns, basic diligence measures can be a major vulnerability in a company’s network. Yet, while most companies can easily check to see if they have properly configured SPF, SSL or DKIM records, it isn’t always easy to verify that third parties have implemented these configurations. To address these concerns, BitSight has released a new feature in the Security Ratings portal that gives customers the ability to check themselves and third parties for vulnerability to the Poodle bug. Along with panels to check for vulnerability to Heartbleed and Bash, this new feature demonstrates BitSight’s commitment to continuously provide customers with insight into their own networks, and networks in their extended ecosystems. 

Suggested Posts

How DataOps is Transforming How Business Handles Data

You are building a mission-critical big data infrastructure. You have a team of talented software engineers who are dragged into internal meetings with various stakeholders and customers as data and product Subject Matter Experts. You have...


BitSight Security Ratings Platform Expands Its Visibility in Compromised Systems

Since creating the Security Ratings market in 2011, a core component of BitSight’s value to users has been providing industry-leading comprehensive visibility into malware communications.


Advanced Security Benchmarking with BitSight Peer Analytics

On March 4th, BitSight released  Peer Analytics, the newest advanced analytics module from the leader in security ratings. This allows organizations to better understand and manage their security performance in relation to their industry...

Subscribe to get security news and updates in your inbox.