Is this a truly important vulnerability or just another piece of clickbait? Is your Imgur or OKCupid account being vulnerable important? No one uses their “real” emails on those sites anyways, this seems overblown.
How about if your National Tax Authority’s electronic filing site had to be taken down 3 weeks before the annual filing date? The question isn’t if you or your security team is paranoid. The key concern is whether you all are paranoid enough!
For the past 36 hours we have been seeing a chaotic fire drill of activity as Security, IT, and Executive teams assess their vulnerability, develop remedies, and take drastic interim action. When the tax department of one of the world’s largest economies takes down their filing site at a critical juncture, that is a demonstration of a desperate problem. The CRA’s security department guaranteed that their actions will get intense coverage well beyond anything that a Yahoo outage would and still went ahead due to their analysis of the threat.
Now that you are calling everyone in your organization to make sure that the HeartBleed vulnerability gets patched immediately while you are simultaneously madly changing every password you have, think to the future. As an organization what can you do to mitigate the impact of the next vulnerability of this scale? The main driver of the time and cost of diagnosing and remediating these vulnerabilities is the lack of situational awareness over your network and data environment. Your organization doesn’t know what it has, where it is, who relies on it, nor what the impacts are. You only know that the information you do have is of low quality and can’t be relied on in an emergency.
LightMesh gives you the information that you need to instantly identify your vulnerabilities – what physical and virtual machines are running which pieces of software, what certificates they are using, what internal and external customers are relying on them for which services and applications. A single query will replace weeks of person-effort, giving a near instantaneous Mean Time To Diagnose. With its automation and orchestration abilities, LightMesh also dramatically reduces Mean Time To Repair.
Patch your servers, refresh your certificates, change your passwords, and please get a password manager like 1Password or LastPass. Then call us to get a true understanding of your critical information infrastructure and avoid having to spend 40 hour days madly inventorying and patching servers.