Poodle Vulnerability: Verify Security Diligence In Vendor Ecosystem

Poodle Vulnerability: Verify Security Diligence In Vendor Ecosystem

Third party breaches have become a common occurrence in the last year. From Target to Home Depot and Goodwill, major organizations have been compromised from vulnerabilities present in their extended network ecosystems. Compounding fears surrounding third party vulnerabilities, the last year has also seen no less than three major security flaws affecting basic internet protocols. The first two, Heartbleed and Bash, grabbed media headlines and left businesses scrambling to ensure they weren't left vulnerable. Just this week, another major security flaw dubbed Poodle was uncovered by security researchers. This bug affects SSL v3, a widely used protocol to secure communications over the internet. With growing concern about third party security and the seemingly neverending revelations of internet bugs, organizations are left wondering how they can better gain visibility into the vulnerability of their third parties when it comes to basic configuration hygiene.

Screen_Shot_2014-10-17_at_9.23.04_AM

Preview of Bitsight's Poodle Vulnerability Test in the Security Ratings Portal

While the news often focuses on major cyber attacks and sophisticated malware campaigns, basic diligence measures can be a major vulnerability in a company’s network. Yet, while most companies can easily check to see if they have properly configured SPF, SSL or DKIM records, it isn’t always easy to verify that third parties have implemented these configurations. To address these concerns, Bitsight has released a new feature in the Security Ratings portal that gives customers the ability to check themselves and third parties for vulnerability to the Poodle bug. Along with panels to check for vulnerability to Heartbleed and Bash, this new feature demonstrates Bitsight’s commitment to continuously provide customers with insight into their own networks, and networks in their extended ecosystems.