Amy Blackshaw

Web Threat Detection - Helping with Shellshock

Discussion created by Amy Blackshaw Employee on Sep 30, 2014

Security teams continue to focus on the news from last week's Shellshock announcement while cybercriminals are focusing on how to exploit the vulnerability. We are aware that many exploits are currently targeting organization – and are working with many of our customers on providing visibility, analysis and action to protect their security posture. Researchers have warned this major vulnerability in Bash is bigger than Heartbleed, considering its presence in so many Linux and UNIX systems and the severity of the exploit.  We have worked to enable our Web Threat Detection community to quickly identify potential exploits.  In short, Web Threat Detection is monitoring every 'click' across all Headers & Cookies for non-standard, unique values specifically associated with this exploit.  Many monitoring systems don't have access to monitor against:

 

1.  All header data

2. All cookie data

3. Every page request

 

Web Threat Detection is uniquely positioned to monitor all three to provide visibility across the entire online user lifecycle to quickly take action upon cybercriminals attempting to exploit Shellshock.  Please reach out to me or your account rep if you would like more information on specific rules.

Outcomes