- "We had a lot of people worried when they saw the alert on the Heartbleed vulnerability; I just sat back and smiled because I had seen that we were already protected with our Palo Alto Networks security platform."
− Neal Moss, systems and network analyst, IT infrastructure at BYU Hawaii
- "The breadth of risk for Heartbleed goes beyond web applications like Yahoo!, Google and Facebook. Getting a good handle on all the vulnerable services that make up an organization's attack surface can be a daunting challenge. There is hope though, because Palo Alto Networks is in a unique position to protect against Heartbleed through the next-generation design of our enterprise security platform, and the automated protections we released, preventing exploitation of this vulnerability for our customers."
For its customers, Palo Alto Networks provides unique protection from exploitation of the Heartbleed vulnerability, including:− Raj Shah, senior director of cybersecurity at Palo Alto Networks
- Innovative approach to identifying threats – unlike other security products, our platform natively decodes all traffic at the application layer, regardless of port and the protocol used, including SSL/TLS tunnels. Therefore, we are able to decompose the protocol (SSL in this case) to detect anomalies in ways that cannot be done with legacy network security devices.
- Automated vulnerability protection – Multiple content updates were automatically sent to our customers starting April 9 th, 2014. These vulnerability protections detect and immediately block attempted exploitation of the vulnerability (content updates 429 and 430, which include IPS vulnerability signature IDs 36416, 36417, 36418, and 40039).
- Inherent PAN-OS features – our core operating system (PAN-OS), is not impacted by CVE-2014-0160 because it does not use a vulnerable version of the OpenSSL library.