Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
(Update: we’ve posted a fix for this issue, see http://blogs.splunk.com/2014/04/10/fix-now-available-splunk-and-the-heartbleed-vulnerability/.)
Dear Splunk users,
As you’re likely aware, a significant vulnerability in OpenSSL, which the security community is calling the “Heartbleed” vulnerability, was discovered and publicized earlier this week. This is not a bug in code that Splunk produced, but rather in a component of a package that is in common use throughout the software industry.
The purpose of this blog post is to inform you about what Splunk is doing to address this issue. For more detailed information about the vulnerability itself, refer to http://heartbleed.com.
Here’s what you need to know:
We are currently QA testing our fix for Splunk Enterprise, but it is taking a while because our product is complex, multi-platform, and this fix has significant potential impact within our product. We want to make sure we deliver a quality product fix to you.
We’ll be making a 6.0.3 version (with just this fix in it) available, then follow that with patches for 6.0-6.0.2. This means you will have a choice as to whether you want to upgrade or patch. We of course recommend that you upgrade to the latest version, as well as review the content in our “Securing Splunk” manual about hardening your Splunk deployment.
The great majority of Splunk deployments are behind firewalls and/or require VPN access, and so do not have a high level of exposure as a result of this vulnerability. If your Splunk deployment allows access from outside your firewall or VPN, you are exposed and could be impacted by this vulnerability.
We will make an announcement on our Security Portal within the next few days when we have completed our testing and posted the fix. You can watch for an announcement there via RSS.
----------------------------------------------------
Thanks!
rachel perkins
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.