SlideShare uma empresa Scribd logo

Assessing the damage and lessons learned

T
tomascohencs

It has been one month since the Heartbleed vulnerability in OpenSSL became widely known and we wanted to take a final look back at the bug and distill a few cloud security lessons we can all take forward. Out of the 3,571 cloud services in use at enterprises, 1,173 were affected by the vulnerability. While most cloud providers patched their services within 48 hours, Heartbleed struck at the core of web security. Through a simple exploit, it allowed an unsophisticated attacker to access passwords and encryption keys with minimal effort. That means that if an attacker captured and stored encrypted traffic during the last 2 years, those files could potentially now be decrypted.

Tecnologia
1 de 2
Baixar para ler offline
1 Month After Heartbleed Assessing the Damage and Lessons Learned It has been one month since the Heartbleed vulnerability in OpenSSL became widely known and we wanted to take a final look back at the bug and distill a few cloud security lessons we can all take forward. Out of the 3,571 cloud services in use at enterprises, 1,173 were affected by the vulnerability. While most cloud providers patched their services within 48 hours, Heartbleed struck at the core of web security. Through a simple exploit, it allowed an unsophisticated attacker to access passwords and encryption keys with minimal effort. That means that if an attacker captured and stored encrypted traffic during the last 2 years, those files could potentially now be decrypted. Across 250 companies, Skyhigh found that 100% of them used at least one service vulnerable to Heartbleed. Skyhigh customers were immediately notified of which services they used that were impacted, including which users had uploaded data to those services. We’ve anonymized data across our customers in order to report on the scope of Heartbleed and the amount of sensitive data that was exposed:  The average company used 279 services vulnerable to Heartbleed, and these services spanned all major SaaS Security categories  Companies uploaded, on average, 579.9 GB of data to these services One company had uploaded over 33.9 TB of data to affected services Heartbleed was patched relatively quickly, with most cloud providers fixing their services within 48 hours. Despite the rapid response, companies have to assume that all the data uploaded to these services could still be compromised. The volume of that data is staggering. A finance executive we spoke with in the aftermath of Heartbleed said he received emails from 13 cloud services that week notifying him they had been affected. The problem isn’t limited to finance. The companies impacted by the use of Heartbleed-vulnerable cloud services span industries including manufacturing, media and entertainment, insurance, energy, and healthcare. When you look at the volume of data that was affected, it can be challenging to understand what the impact was. In response, companies storing data in affected services have taken steps to remediate the damage. Skyhigh customers can view Heartbleed-vulnerable services in the
Global Registry by going to the Discover menu and following these steps:  Click “Global Registry” in the Discover menu  Open “Service Risk” by clicking the up arrow to the left of that section  Scroll down to the Security category and view “Susceptible to Heartbleed” One positive result of Heartbleed is the renewed focus on underfunded but critical open source Internet infrastructure. The Linux Foundation recently raised $3.9 million from cloud heavyweights including Amazon Web Services, Cisco, Dell, Facebook, Google, IBM, Microsoft, Rackspace, and VMware to fund open source projects including OpenSSL. That will help expand the team (currently only one full time developer) so that this critical piece of infrastructure can be maintained and secured. One thing experts can agree on is that there are more vulnerabilities as serious as Heartbleed in the wild, yet to be discovered and publicized. Due to their nature, companies can only react once they become aware of their exposure. Skyhigh is offering a free Heartbleed Audit, detailing all services in use that were or are still vulnerable to Heartbleed. Email us at heartbleedaudit@skyhighnetworks.com for more information. Since 100% of companies were impacted in some way, Skyhigh has also developed a guide with steps IT Security teams can take to remediate the damage from Heartbleed.

Recomendados

в гостях у дедушки зная
в гостях у дедушки знаяв гостях у дедушки зная
в гостях у дедушки зная
Ресурсный центр ГБОУ ЦРР - детский сад 26
 
Aanikirjasto
AanikirjastoAanikirjasto
Aanikirjasto
Pääkirjasto Mäntsälä
 
образовательная программа 93
образовательная программа 93образовательная программа 93
образовательная программа 93
virtualtaganrog
 
Water Street EDGE Seminars Aim to Help Farmers in Today’s Market
Water Street EDGE Seminars Aim to Help Farmers in Today’s MarketWater Street EDGE Seminars Aim to Help Farmers in Today’s Market
Water Street EDGE Seminars Aim to Help Farmers in Today’s Market
Darren Frye
 
Revista digital
Revista digitalRevista digital
Revista digital
1lina12
 
Misunderstanding story
Misunderstanding storyMisunderstanding story
Misunderstanding story
kurimimi
 
Tc3.p3
Tc3.p3Tc3.p3
Tc3.p3
Guillermo Madueño
 
Tutorial autocad
Tutorial autocadTutorial autocad
Tutorial autocad
Centrul Doxis
 

Recomendados

в гостях у дедушки зная
в гостях у дедушки знаяв гостях у дедушки зная
в гостях у дедушки зная
Ресурсный центр ГБОУ ЦРР - детский сад 26
 
Aanikirjasto
AanikirjastoAanikirjasto
Aanikirjasto
Pääkirjasto Mäntsälä
 
образовательная программа 93
образовательная программа 93образовательная программа 93
образовательная программа 93
virtualtaganrog
 
Water Street EDGE Seminars Aim to Help Farmers in Today’s Market
Water Street EDGE Seminars Aim to Help Farmers in Today’s MarketWater Street EDGE Seminars Aim to Help Farmers in Today’s Market
Water Street EDGE Seminars Aim to Help Farmers in Today’s Market
Darren Frye
 
Revista digital
Revista digitalRevista digital
Revista digital
1lina12
 
Misunderstanding story
Misunderstanding storyMisunderstanding story
Misunderstanding story
kurimimi
 
Tc3.p3
Tc3.p3Tc3.p3
Tc3.p3
Guillermo Madueño
 
Tutorial autocad
Tutorial autocadTutorial autocad
Tutorial autocad
Centrul Doxis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Mais conteúdo relacionado

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Destaque

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Destaque (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Assessing the damage and lessons learned

  • 1. 1 Month After Heartbleed Assessing the Damage and Lessons Learned It has been one month since the Heartbleed vulnerability in OpenSSL became widely known and we wanted to take a final look back at the bug and distill a few cloud security lessons we can all take forward. Out of the 3,571 cloud services in use at enterprises, 1,173 were affected by the vulnerability. While most cloud providers patched their services within 48 hours, Heartbleed struck at the core of web security. Through a simple exploit, it allowed an unsophisticated attacker to access passwords and encryption keys with minimal effort. That means that if an attacker captured and stored encrypted traffic during the last 2 years, those files could potentially now be decrypted. Across 250 companies, Skyhigh found that 100% of them used at least one service vulnerable to Heartbleed. Skyhigh customers were immediately notified of which services they used that were impacted, including which users had uploaded data to those services. We’ve anonymized data across our customers in order to report on the scope of Heartbleed and the amount of sensitive data that was exposed:  The average company used 279 services vulnerable to Heartbleed, and these services spanned all major SaaS Security categories  Companies uploaded, on average, 579.9 GB of data to these services One company had uploaded over 33.9 TB of data to affected services Heartbleed was patched relatively quickly, with most cloud providers fixing their services within 48 hours. Despite the rapid response, companies have to assume that all the data uploaded to these services could still be compromised. The volume of that data is staggering. A finance executive we spoke with in the aftermath of Heartbleed said he received emails from 13 cloud services that week notifying him they had been affected. The problem isn’t limited to finance. The companies impacted by the use of Heartbleed-vulnerable cloud services span industries including manufacturing, media and entertainment, insurance, energy, and healthcare. When you look at the volume of data that was affected, it can be challenging to understand what the impact was. In response, companies storing data in affected services have taken steps to remediate the damage. Skyhigh customers can view Heartbleed-vulnerable services in the
  • 2. Global Registry by going to the Discover menu and following these steps:  Click “Global Registry” in the Discover menu  Open “Service Risk” by clicking the up arrow to the left of that section  Scroll down to the Security category and view “Susceptible to Heartbleed” One positive result of Heartbleed is the renewed focus on underfunded but critical open source Internet infrastructure. The Linux Foundation recently raised $3.9 million from cloud heavyweights including Amazon Web Services, Cisco, Dell, Facebook, Google, IBM, Microsoft, Rackspace, and VMware to fund open source projects including OpenSSL. That will help expand the team (currently only one full time developer) so that this critical piece of infrastructure can be maintained and secured. One thing experts can agree on is that there are more vulnerabilities as serious as Heartbleed in the wild, yet to be discovered and publicized. Due to their nature, companies can only react once they become aware of their exposure. Skyhigh is offering a free Heartbleed Audit, detailing all services in use that were or are still vulnerable to Heartbleed. Email us at heartbleedaudit@skyhighnetworks.com for more information. Since 100% of companies were impacted in some way, Skyhigh has also developed a guide with steps IT Security teams can take to remediate the damage from Heartbleed.