End the Headache: Identify and Prioritize Heartbleed Vulnerabilities on your Network with Skybox Risk AssessmentHow can Skybox Security help? Skybox can help you identify hosts vulnerable to the Heartbleed Bug and prioritize remediation efforts such as patching, IPS and other security controls. One of the core features of Skybox software is the ability to model your network topology and controls. Since the Skybox platform holds a data repository of your network devices, you can use Skybox to help identify assets that could be compromised by this vulnerability before you have an opportunity to perform a more detailed scan.

OpenSSL is a common toolkit that may exist on many different assets. To quickly identify assets that could contain OpenSSL and could be accessed from outside the network, Skybox customers can examine all potential network paths with Access Analyzer.

In the image above we have selected the source as the internet and the destination as any asset with port 443 accessible (the port most commonly used by SSL). This will analyze the network topology and controls for any paths available between the internet and devices with this port number.

In this case there is one IP with Port 443 that is exposed to the internet. Also listed is the route and the access controls that would be traversed. We could repeat this process for any other network source or port that we might be concerned about; for example, we might want to look at the partner zone for the same type of access.

A data repository analysis (or view) is another way to quickly identify assets that could be impacted. Simply create a new view that will highlight specific products that have been detected by scanners or patch management systems.

The image above shows a new analysis called “Check for Open SSL”. In the parameters section, select “OpenSSL” as the product. This analysis will return information on any hosts that were detected to have OpenSSL during the last scan.

Example results are pictured below. In this case we have grouped the results by SSL version. Since the Heartbleed vulnerability only exists on versions 1.0.1 this network is safe.

It seems like every day there is a new vendor announcement about the Heartbleed Bug.It’s nearly impossible to keep up with email after email of vendor Heartbleed updates.Use the Skybox Vulnerability Center (www.vulnerabilitycenter.com) for the most up-to-date information on enterprise vendor updates. In the Skybox Vulnerability Database search box, enter “heartbleed” or “CVE-2014-0160”

Are Skybox Security solutions vulnerable to the Heartbleed Bug? The Skybox View Enterprise Suite, Skybox Appliances, and Skybox Virtual Appliances are not vulnerable to the Heartbleed bug. Customers are advised to check the version of their OpenSSL libraries if they are running Skybox products on their own servers (not Skybox Appliances).

www.skyboxsecurity.com

Headquarters: Skybox Security, Inc.• 2099 Gateway Place, Suite 450 • San Jose, California 95110 USAPhone: +1 (866) 441 8060 • Phone: +1 (408) 441 8060 • Fax: +1 (408) 441 8068Copyright © 2014 Skybox Security, Inc. All rights reserved. Skybox is a trademarks of Skybox Security, Inc. All other registered or unregistered trademarks are the sole property of their respective owners.