This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration.
Need a new registration confirmation email? Click here
TheStreet Open House

Palo Alto Networks Provides Enterprise Customers Protection From Heartbleed Vulnerability

SANTA CLARA, Calif., April 11, 2014 /PRNewswire/ -- Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, announced it provides protection from the Heartbleed bug (vulnerability CVE-2014-0160) for its enterprise customers.

PANW

According to the US Cert Alert ( TA14-098A) that was documented on April 8, 2014, this vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the heartbeat extension.

QUOTES

  • "We had a lot of people worried when they saw the alert on the Heartbleed vulnerability; I just sat back and smiled because I had seen that we were already protected with our Palo Alto Networks security platform." 

−      Neal Moss, systems and network analyst, IT infrastructure at BYU Hawaii

  • "The breadth of risk for Heartbleed goes beyond web applications like Yahoo!, Google and Facebook. Getting a good handle on all the vulnerable services that make up an organization's attack surface can be a daunting challenge. There is hope though, because Palo Alto Networks is in a unique position to protect against Heartbleed through the next-generation design of our enterprise security platform, and the automated protections we released, preventing exploitation of this vulnerability for our customers."

−      Raj Shah, senior director of cybersecurity at Palo Alto Networks

For its customers, Palo Alto Networks provides unique protection from exploitation of the Heartbleed vulnerability, including:

  • Innovative approach to identifying threats – unlike other security products, our platform natively decodes all traffic at the application layer, regardless of port and the protocol used, including SSL/TLS tunnels. Therefore, we are able to decompose the protocol (SSL in this case) to detect anomalies in ways that cannot be done with legacy network security devices.
  • Automated vulnerability protection – Multiple content updates were automatically sent to our customers starting April 9 th, 2014. These vulnerability protections detect and immediately block attempted exploitation of the vulnerability (content updates 429 and 430, which include IPS vulnerability signature IDs 36416, 36417, 36418, and 40039).
  • Inherent PAN-OS features – our core operating system (PAN-OS), is not impacted by CVE-2014-0160 because it does not use a vulnerable version of the OpenSSL library. 

For enterprises who are not Palo Alto Networks customers that are concerned about protecting themselves, we suggest, at a minimum, updating web servers to the latest patched version of OpenSSL available as of April 7, 2014 (1.0.1g), and immediately replacing SSL private keys after the patch is in place.  

More about the vulnerability

The Heartbleed bug is associated with a critical vulnerability in OpenSSL that was recently disclosed that affects servers running OpenSSL 1.0.1 through 1.0.1f, estimated at "over 17% of SSL web servers which use certificates issued by trusted certificate authorities."  At worst, the vulnerability can lead to compromise of nearly the total contents of any server running affected versions of OpenSSL-enabled application, including internal services.

1 of 2

Select the service that is right for you!

COMPARE ALL SERVICES
Action Alerts PLUS
Try it NOW

Jim Cramer and Stephanie Link actively manage a real portfolio and reveal their money management tactics while giving advanced notice before every trade.

Product Features:
  • $2.5+ million portfolio
  • Large-cap and dividend focus
  • Intraday trade alerts from Cramer
  • Weekly roundups
TheStreet Quant Ratings
Try it NOW
Only $49.95/yr

Access the tool that DOMINATES the Russell 2000 and the S&P 500.

Product Features:
  • Buy, hold, or sell recommendations for over 4,300 stocks
  • Unlimited research reports on your favorite stocks
  • A custom stock screener
  • Upgrade/downgrade alerts
Stocks Under $10
Try it NOW

David Peltier, uncovers low dollar stocks with extraordinary upside potential that are flying under Wall Street's radar.

Product Features:
  • Model portfolio
  • Stocks trading below $10
  • Intraday trade alerts
  • Weekly roundups
Dividend Stock Advisor
Try it NOW

Jim Cramer's protege, David Peltier, identifies the best of breed dividend stocks that will pay a reliable AND significant income stream.

Product Features:
  • Diversified model portfolio of dividend stocks
  • Alerts when market news affect the portfolio
  • Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
Real Money Pro
Try it NOW

All of Real Money, plus 15 more of Wall Street's sharpest minds delivering actionable trading ideas, a comprehensive look at the market, and fundamental and technical analysis.

Product Features:
  • Real Money + Doug Kass Plus 15 more Wall Street Pros
  • Intraday commentary & news
  • Ultra-actionable trading ideas
Options Profits
Try it NOW

Our options trading pros provide daily market commentary and over 100 monthly option trading ideas and strategies to help you become a well-seasoned trader.

Product Features:
  • 100+ monthly options trading ideas
  • Actionable options commentary & news
  • Real-time trading community
  • Options TV
To begin commenting right away, you can log in below using your Disqus, Facebook, Twitter, OpenID or Yahoo login credentials. Alternatively, you can post a comment as a "guest" just by entering an email address. Your use of the commenting tool is subject to multiple terms of service/use and privacy policies - see here for more details.
Submit an article to us!
DOW 17,172.68 -107.06 -0.62%
S&P 500 1,994.29 -16.11 -0.80%
NASDAQ 4,527.6890 -52.10 -1.14%

Brokerage Partners

Rates from Bankrate.com

  • Mortgage
  • Credit Cards
  • Auto

Free Newsletters from TheStreet

My Subscriptions:

After the Bell

Before the Bell

Booyah! Newsletter

Midday Bell

TheStreet Top 10 Stories

Winners & Losers

Register for Newsletters
Top Rated Stocks Top Rated Funds Top Rated ETFs