Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Tired of Hearing about Heartbleed? Do Something About It. ThreatMetrix Strategies for “Staunching” Heartbleed and Any Similar Threats in the Future.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

After going unnoticed for two years, researchers discovered Heartbleed, the flaw that could let a hacker defeat OpenSSL, the most common encryption technology on the Internet. Another way of saying it is Heartbleed put 66 percent of servers worldwide at the mercy of cybercriminals. And another way of saying that is email, instant messaging, e-commerce transactions and more were being jeopardized in every corner of the planet, exposing passwords, credit card numbers and other personal data.

The Heartbleed security flaw was a danger to websites and the mobile applications and networking equipment that connect homes and businesses to the Internet, including such things as routers and printers. In short, the flaw presented a danger to the entire Internet of Things, i.e., any device from air conditioners to refrigerators that could be connected online.

After putting in a patch to fix the flaw, many, if not most online businesses, only had one strategy to offer users: change your passwords.

“Today it’s Heartbleed and tomorrow it will be another data breach or vulnerability,” said Alisdair Faulkner, chief products officer, ThreatMetrix.

“Passwords are a static means of security and are frankly obsolete as a stand-alone authentication solution in today’s cybersecurity landscape. Once account login information is obtained, cybercriminals have access to personal data used for committing bank fraud or falsifying credit card transactions – the possibilities are endless. Security should not just rely on point-in-time authentication solutions. Instead, continuous evaluation of trust is required based on what the user is attempting to do.”

ThreatMetrix’s preventative cybersecurity strategies offer protection that goes well beyond passwords and other forms of static authentication:

Real-time trust analytics – Move beyond just big-data collection and improve effectiveness of controls with real-time analysis of device, location, identity and behavioral context for every authentication attempt. Real-time trust analytics offer unprecedented identity authentication policies for businesses and enterprises by comparing against global benchmarks derived from peers in their industry, the size and scale of the enterprise, geographic location and more.

Enhanced mobile identification – Detects jailbroken devices and offers location-based authentication, protecting mobile transactions by indicating when the mobile operating system has been breached and the security of applications has been compromised.

“To protect against future attacks like Heartbleed, businesses need to move beyond legacy verification and authentication solutions and recognize the benefits of leveraging a collective approach to cybersecurity,” said Faulkner. “The ThreatMetrix® Global Trust Intelligence Network (The Network) delivers real-time intelligence, providing customers with consistent risk assessments of data and creating a digital persona of users by mapping their online behaviors and devices.”

Consumers can protect their online identities and personal information from threats like Heartbleed by ensuring location information on social networks is encrypted and by using different passwords across sites and never storing them on devices.

By ThreatMetrix Posted