On Thursday, April 17, 2014, Tripwire conducted a webinar titled Heartbleed Outpatient Care: Steps for Secure Business Recovery (click link for webcast recording). We had such a tremendous response and attendance at this webinar, as demand has been high for more information.
We also had a very strong Q & A period and will be posting a number of the many questions that came in with written answers for your further review. Two polls were conducted, and here are the results of those inquiries, and some further commentary by those of us who provided the webinar. We appreciate all of you who participated.
Though 65% had used some sort of tool to detect Heartbleed vulnerabilities, we were surprised that approximately one-third of the participants had not used anything at all – a full 10 days since the vulnerability was announced to the public.
A question at the end also highlighted this related find:
For those of you who attended and are customers, a lot of interest to find where you could access Heartbleed rules and content for both Tripwire Enterprise and Tripwire Log Center, as well as the ASPL for Tripwire IP360.
After 10 days of Heartbleed in the marketplace, we were also surprised that over half of you (56%) either had been affected or did not know. The 43% of you who said you believe you had not been affected we now wonder about, especially since such a vast amount of the internet, services, applications, and devices were running a vulnerable version of OpenSSL.
We will be publishing all the questions asked with answers for your further edification. Thanks again for joining us, and if you’d like to comment further on the polls, or on the posted questions please add your commentary publicly here.
- Heartbleed and Your SOHO Wireless Systems
- Stopping the Heartbleed
- Detecting Heartbleed Exploits in Real-Time
- How to Detect the Heartbleed OpenSSL Vulnerability in Your Environment
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].