閉める
閉める
明日に向けたネットワーク
明日に向けたネットワーク
サポートするアプリケーションとユーザー向けに設計された、より高速で、より安全で、回復力のあるネットワークへの道を計画します。
          Netskopeを体験しませんか?
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。
            SSEのリーダー。 現在、シングルベンダーSASEのリーダーです。
            Netskope、2024年Gartner®社のシングルベンダーSASEのマジック・クアドラントでリーダーの1社の位置付けと評価された理由をご確認ください。
              ダミーのためのジェネレーティブAIの保護
              ダミーのためのジェネレーティブAIの保護
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                最新の情報漏えい対策(DLP)for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  SASEダミーのための最新のSD-WAN ブック
                  Modern SD-WAN for SASE Dummies
                  遊ぶのをやめる ネットワークアーキテクチャに追いつく
                    リスクがどこにあるかを理解する
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        レガシーVPNを完全に置き換えるための6つの最も説得力のあるユースケース
                        レガシーVPNを完全に置き換えるための6つの最も説得力のあるユースケース
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmoliveは、スマートで適応性のあるデータ保護により「知的財産」を保護します
                          Colgate-Palmoliveは、スマートで適応性のあるデータ保護により「知的財産」を保護します
                            Netskope GovCloud
                            NetskopeがFedRAMPの高認証を達成
                            政府機関の変革を加速するには、Netskope GovCloud を選択してください。
                              Let's Do Great Things Together
                              Netskopeのパートナー中心の市場開拓戦略により、パートナーは企業のセキュリティを変革しながら、成長と収益性を最大化できます。
                                Netskopeソリューション
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskopeテクニカルサポート
                                  Netskopeテクニカルサポート
                                  クラウドセキュリティ、ネットワーキング、仮想化、コンテンツ配信、ソフトウェア開発など、多様なバックグラウンドを持つ全世界にいる有資格のサポートエンジニアが、タイムリーで質の高い技術支援を行っています。
                                    Netskopeの動画
                                    Netskopeトレーニング
                                    Netskopeのトレーニングは、クラウドセキュリティのエキスパートになるためのステップアップに活用できます。Netskopeは、お客様のデジタルトランスフォーメーションの取り組みにおける安全確保、そしてクラウド、Web、プライベートアプリケーションを最大限に活用するためのお手伝いをいたします。

                                      Poodle Attack: 1,632 Cloud Apps Vulnerable

                                      Oct 15 2014
                                      Tags
                                      Cloud Best Practices
                                      Cloud Security
                                      Movie Line Monday
                                      Netskope Threat Research Labs
                                      SaaS Security
                                      Tools and Tips
                                      Vulnerability Advisory

                                      As most of you have read, there’s another SSL exploit out there. As announced by OpenSSL.org (https://www.openssl.org/~bodo/ssl-poodle.pdf), the Poodle attack has been designed to take advantage of a vulnerability in the SSL V 3.0 protocol using the CBC mode encryption. Though a few other vulnerabilities were disclosed (https://www.openssl.org/news/secadv_20141015.txt), the Poodle attack seems to have gained much more attention. To be more specific about the vulnerability, the attack exploits the vulnerability found in the implementation of the CBC mode in SSL V 3.0 where in the padding bytes are not checked against any value nor covered by the message digest (MAC). The attack itself is complicated to carry out as it involves a client downgrade dance along with the attacker being the man-in-middle and having the ability to control/modify the traffic from the client to a server. Though the attack involves intricacy in execution, it is easy to carry out given today’s computing resources.

                                      By carefully crafting and sending a huge number of requests to a server, an attacker can extract various parts of a HTTP communication. This could be the Cookie key-values or Authentication headers etc. After extracting the intended parts, the attacker can later infiltrate and cause data leakage.

                                      Netskope continuously monitor thousands of SaaS apps and our preliminary analysis has shown that more than 3,562 (as of October 15, 2014 — see below for an updated count) of them are still vulnerable due to their current support SSL V 3.0. We will provide an update of this count daily and we’re reaching out to vendors to counsel them on this vulnerability. We’re recommending that they turn-off the support for SSL V 3.0 and to watch for anomalous behaviors on any other network protection devices (e.g., IPS), such as using SSL V 3.0 flows with CBC mode and huge number of connection failures or web server error messages in a very short period of time.

                                      For our customers the good news is that Netskope Active™ is configured to never fallback to SSL 3.0 protocol. This ensures that traffic going through the Netskope Active Platform is secure and is not susceptible to the Poodle attack. For example, say “Acme SaaS App” has this vulnerability — by using Netskope Active™ we ensure that no hacker with a malicious intent can take control of the session from end users to “Acme SaaS App.”

                                      For consumers, it is our recommendation that you turn-off/disable the use of SSL V 3.0 in client programs such as browsers.

                                      For more details of how the Poodle attack works and some background, check out our video below. If you’d like to get a little deeper into this subject or discuss proactive steps for getting ahead of threats like this, please don’t hesitate to email us at [email protected].

                                      *** OCTOBER 16 UPDATE *** 3,329 cloud apps remain vulnerable, this is down from yesterday’s count of 3,562

                                      *** OCTOBER 17 UPDATE *** 2,754 cloud apps remain vulnerable

                                      *** OCTOBER 18 UPDATE *** 1,862 cloud apps remain vulnerable

                                      *** OCTOBER 19 UPDATE *** 1,737 cloud apps remain vulnerable

                                      *** OCTOBER 20 UPDATE *** 1,677 cloud apps remain vulnerable

                                      *** OCTOBER 21 UPDATE *** 1,632 cloud apps remain vulnerable

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog