on Sep 30, 2014Security teams continue to focus on the news from last week's Shellshock announcement while cybercriminals are focusing on how to exploit the vulnerability. We are aware that many exploits are currently targeting organization – and are working with many of our customers on providing visibility, analysis and action to protect their security posture. Researchers have warned this major vulnerability in Bash is bigger than Heartbleed, considering its presence in so many Linux and UNIX systems and the severity of the exploit. We have worked to enable our Web Threat Detection community to quickly identify potential exploits. In short, Web Threat Detection is monitoring every 'click' across all Headers & Cookies for non-standard, unique values specifically associated with this exploit. Many monitoring systems don't have access to monitor against:
1. All header data
2. All cookie data
3. Every page request
Web Threat Detection is uniquely positioned to monitor all three to provide visibility across the entire online user lifecycle to quickly take action upon cybercriminals attempting to exploit Shellshock. Please reach out to me or your account rep if you would like more information on specific rules.