Egnyte Unaffected by Heartbleed Vulnerability

April 15, 2014

You may have seen a flood of news over the past few days about the OpenSSL bug called Heatbleed that has impacted much of the Internet. We wanted to announce that the Egnyte platform, which includes all of our products in the cloud and on-premises, has not been impacted by this vulnerability. Unlike other affected services, Egnyte has never used the version of OpenSSL that was hit by this major threat.

The wide scale impact of this bug has highlighted numerous concerns and actions that hardware vendors, cloud service providers and consumers should take. Whether or not you have services that have been affected, steps should be taken to ensure that this threat is not introduced unwittingly.For businesses:

Operations engineers should review the process for spinning up new servers that include the right version of OpenSSL.
Apply the patches provided by hardware vendors who have issued fixes for any equipment that may have this vulnerability.
Cloud service providers should review every SSL certificate that they may have in place with any third-party service component.
Consider installing new SSL certificates with new signing keys.
Expire any live sessions that may have been running against these services.

This should serve as yet another wakeup call for consumers of web services and push them to adopt the following online best practices:

Enable multi-factor authentication, wherever possible.
Reset passwords on a regular basis.
Ask your service provider for audit reports and set up a process to review these reports on a regular basis for unanticipated access or usage.

We’d like to assure our customers that we take all possible steps to protect your critical data and eliminate threats of this kind.For more information, check out these materials on Heartbleed:Heartbleed overview: http://heartbleed.com/Heartbleed alert: http://www.kb.cert.org/vuls/id/720951Our helpdesk has some helpful info as well