- Tyson Supasatit
- October 15, 2014
Following on the heels of the Heartbleed and Shellshock exploits, the new POODLE vulnerability in SSL version 3.0 (SSLv3) is the latest to require IT teams to identify and patch vulnerable systems.
Published by Google's security team today (Tuesday, October 14), the POODLE vulnerability targets a version of SSL that is 15 years old but still used widely. IT teams will want to identify systems using this version and disable SSLv3 on those machines if possible.
At ExtraHop, identifying vulnerable machines was a 15-second process (see the screenshots below for the results). That's because we have an ExtraHop appliance analyzing all our wire data—all L2-L7 communications between systems—and extracting a wealth of information for easy exploration. Whether it is identifying devices using SSLv3 or performing a Heartbleed audit going back years, ExtraHop puts your wire data at your fingertips.
Identifying SSLv3 Servers and Clients in Four ClicksIf you are an ExtraHop user, here is what you need to do in order to identify SSLv3 sessions in your environment:
- Click on the Applications tab in the left-hand navigation
- Click on the "All Activity" application
- Click SSL in the left-hand navigation to view all SSL metrics
- Click on the SSLv3 count under Sessions by Version
This is just one example of what you can do with wire data. The possibilities are virtually limitless! Find out for yourself by exploring our free, interactive online demo.
ExtraHop's SSL envelope analysis reveals all kinds of interesting details about encryption in your environment, including SSLv3 usage.
Drilling into SSLv3 conversations, you can easily identify top-talkers using that version.
Adding a widget showing SSLv3 top-talkers to your dashboard is a simple three-step process.
This is a companion discussion topic for the original entry at http://www.extrahop.com/post/blog/neuter-the-poodle-detect-all-sslv3-clients-and-servers-with-extrahop/