Heartbleed, a critical security vulnerability affecting generic purpose operating systems, web servers, routers, and in several instances Android-powered smartphones and tablets, presents a considerable security issue for companies across the UAE. Du, the region’s fastest-growing telecommunications company, is offering companies in the UAE managed vulnerability scanning that can accurately detect the presence of the Heartbleed security vulnerability across numerous platforms. This solution is available to all UAE organisations, whether they are du customers or not.
Du’s cloud-based security vulnerability management solution, powered by Qualys, provides remedial recommendations upon the detection of the Heartbleed vulnerability. It is suitable for businesses of all sizes, from small to medium (SMEs) to large enterprises.
Delivered by the first security private cloud of its kind in the UAE, the managed vulnerability scanning solution is part of Du’s managed cloud services offering. It can detect the presence of Heartbleed in a variety of IT technologies, such as variations of the UNIX and Linux operating systems, Oracle Java ME and MySQL RDBMS, Apache and Weblogic webservers.
“In the instance that issues such as the Heartbleed vulnerability should arise, we wish to assure our customers that our managed services suite is capable of providing ample threat mitigation,” said Marwan Abdulla Bindalmook, Senior Vice President – Technology Security & Risk Management, du. “Our managed security services are delivered through our du security cloud,, we are pleased to offer security vulnerability management solution to businesses in the UAE, to help them identify whether or not they are at risk from the security issues that Heartbleed poses.”
The successful exploitation of Heartbleed may lead to the disclosure of very sensitive information such as user names passwords and cryptographic keys used to maintain the secrecy of privileged or classified information. Known formally as CVE-2014-0160, Heartbleed is caused by poorly-written code in the OpenSSL cryptographic module. A security advisory has been issued by the OpenSSL organization which suggests affected users to immediately upgrade to the newest OpenSSL 1.0.1g version. The presence of the OpenSSL cryptographic module is so ubiquitous in the corporate IT environment and also so deep down the software stack that detection alone is “mountainous task”.
For further information, please contact:
Public Relations Manager
Brand & Communications
Tel: +971 55 9367045
Tel: +971 4 367 6154