Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Heartbleed protection with HP TippingPoint

MarthaAviles ‎04-10-2014 09:15 AM - edited ‎09-25-2015 08:25 AM

What is the vulnerability? How does it take advantage of a network or system?

The Heartbleed bug affects OpenSSL—allowing attackers to infiltrate areas of memory from a system running the software. By accessing these areas of memory, the names and passwords—as well as actual content—are open to data theft.


How are HP TippingPoint customers protected?

The HP TippingPoint DVLabs team began evaluating the available data and PoCs on April 8, 2014

in order to provide a vulnerability signature in an ad-hoc release of the TippingPoint Digital Vaccine.  In the meantime, we have released a custom filter package to our customers until the official DV is ready.


The coverage provided by this custom filter, similar to all currently available vendor-provided filters, will detect large SSL heartbeat responses (over 200 bytes) to indicate whether the vulnerability has possibly been exploited. This filter protects HP TippingPoint customers until a more comprehensive Digital Vaccine is released.


In the meantime, we strongly recommend that everyone observe the published best practices to limit exposure:

  • Upgrade if possible (if not, then disable heartbeats)
  • Revoke all current keys and replace them with new ones
  • Change any credentials that may have been loaded into memory by the vulnerable processes
  • See additional information on “Thoughts on the Heartbleed bug.”


We have also verified that the HP TippingPoint NGIPS, SMS and NGFW platforms, as well as the Threat Management Center (TMC) portal, are not vulnerable to this OpenSSL vulnerability.


Where can you find more information on this vulnerability?

More information can be found on this vulnerability on the National Vulnerability Database

About the Author


Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference on August 29 - September 1, 2016 to learn from peers in every industry and hear from Big Data experts and thought lea...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference on September 13 - 16, 2016, and is the place to meet the world’s top information security talent, discuss new pr...
Read more
View all