Nearly two and a half years have elapsed since the OpenSSL vulnerability known as the Heartbleed bug was initiated. Beginning on December 31st of 2011, 64 kilobytes of data have been leaking out of an estimated 17% of servers from around the globe [1].

 
Hackers have been able to take advantage of this exploit by utilizing a heartbeat request to query a memory response from servers maintaining data for entities such as Yahoo!, Imgur, and Slate.com. Even the FBI and Deutsche Bank have been caught in the wake of Heartbleed since it was revealed [2].
 
CimTrak and Heartbleed
Over the past two days, we have received many inquiries from CimTrak customers with questions about Heartbleed. The Heartbleed vulnerability does not affect any version of CimTrak.  The implementation of TLS in CimTrak does not contain the bug that made HeartBleed possible.
 
How Can CimTrak Help With The Heartbleed Vulnerability?
Heartbleed may have compromised many servers and network devices in an organization’s network.  It is possible that the credentials and keys to those systems have been exposed and used to maliciously access those systems.
 
CimTrak can be installed on those systems to help ensure that none of the exploited machines have been altered in any unexpected manner. CimTrak is especially helpful, as none of the changes that ultimately result from Heartbleed will have a signature associated with them. Because of this, many traditional security tools will offer little to no protection. Since the exploit will result in rogue access to systems and keys, implementing an integrity monitoring tool, such as CimTrak, on all critical systems is one of the few defenses that will provide true IT security.
 
 
CimTrak Technical Summary

Try CimTrak for Free

Get your Free 14-day trial of CimTrak

Just let us know what capabilities you want to test out, and we'll set up a trial in your environment.