|[April 09, 2014]
Cybersecurity Pioneer: "Defense.Net's Secure Network Technology Provides Immunity from the Heartbleed Bug"
BELMONT, Calif. --(Business Wire)--
the only company designed to mitigate the increasing scale and
sophistication of modern Distributed
Denial of Service (DDoS) attacks, today released statements from the
company's founder, Barrett Lyon, on the "Heartbleed" vulnerability
announced last night that has exposed more than half a million websites
and may be one of the most catastrophic bugs in secure computing history.
Barrett Lyon, co-founder and CTO of Defense.Net (Photo: Business Wire)
Lyon, whose pursuit of hackers operating as part of the Russian mob was
chronicled in the best-selling book Fatal
System Error, and who created what is now the $1 billion DDoS
mitigation industry more than 10 ears ago, noted the following:
"Unless an OpenSSL implementation has been patched, anyone can
remotely view 64K chunks of memory. Said another way, whatever was
left behind in the memory of the vulnerable server… becomes public
data… This could be passwords, accounts, personal data, and the SSL
private keys of the server itself! To give you an idea of how big of a
problem this is, this software is used in everything from web sites,
VPNs, specialized networking equipment, email communications, phone
apps, you name it."
"Whether or not this is a bug or an intentional addition is all
speculation at this point and it's been in the software for over two
years, exposing anyone using OpenSSL."
"To make matters worse, once the bug has been patched globally,
it's highly likely that every SSL certificate that has been on an
exposed server will have to be re-issued creating an absolute
logistical and security nightmare. The cost of replacing half a
million SSL certificates could range in the several hundreds of
millions of dollars and it's unclear when this can or will happen."
"But there is an immediate solution that has already been
protecting millions of websites from Heartbleed. A side benefit of
Defense.Net's DDoS mitigation is a better and more protected network.
In the process of cleaning up invalid bots and removing attack
traffic, Defense.Net's DDoS mitigation also validates legitimate
network protocols against illegitimate ones. This is achieved
through a process where on one layer of our network we create a
proprietary SSL/TLS implementation, and on another layer of our
network we monitor and block the behavior of traffic that attempts to
exploit the Heartbleed bug."
More details can be found on Lyon's blog (http://www.blyon.com/)
which will be updated as more is uncovered about this vulnerability.
Founded by Barrett Lyon, who created the Distributed Denial of Service
(DDoS) attack mitigation industry more than 10 years ago, Defense.Net
has combined the top minds in the DDoS space with breakthrough new
technologies designed to effectively address today's and tomorrow's DDoS
mitigation challenges. It is the only company to defend businesses and
organizations against this new generation of massive and sophisticated
DDoS attacks while delivering the highest levels of Internet application
performance - two areas where legacy DDoS mitigation services have not
been able to match the modern strategies of today's cyberattackers. With
increasing threats from the escalating scale and complexity of DDoS
attacks and a growing number of antagonists willing to use them,
Defense.Net protects organizations from modern attacks by providing
end-users with a seamless experience as if no attack were occurring. The
company has raised more than $9.5M in debt and equity financing with
investors that include visionary security and Internet investor Bessemer
Venture Partners (BVP).
Photos/Multimedia Gallery Available: http://www.businesswire.com/multimedia/home/20140409006284/en/
[ InfoTech Spotlight's Homepage ]