What is Heartbleed?
Heartbleed is a newly discovered very widespread vulnerability in the OpenSSL implementation of the SSL/TLS protocol. The flaw allows attackers to steal passwords and confidential data that you have provided online. In this SOC Talk, Elastica’s CTO Dr. Zulfikar Ramzan describes the flaw’s mechanics and ramifications.
Why Passwords Are Not Sufficient
The massive exposure of Heartbleed reminds us that passwords and other sensitive data provided to SaaS applications are perpetually at risk. Passwords themselves are keys to the castle and our data represents the crown jewels inside. Passwords “enhance” security, but we should not rely on them alone.
The Value of Behavioral Modeling
As fraud detection pioneers, credit card companies know passwords are limited. Criminals might already have your information, which is why you get called when a transaction seems dubious. Current transactions are cross referenced against your historical profile using data science and machine learning. Can similar techniques be applied to securing enterprise SaaS applications?