HeartBleed – a further update from Symantec Email & Web Security

Last week, we shared details of how the HeartBleed OpenSSL vulneratbility affected our Email & Web Security products.

The newest feature in our Web Security.cloud product, the ability to analyze and control data over HTTPS communications, was found to be vulnerable and was taken offline immediately on April 9th 2014.  No other features, functionality or services were impacted.

I’m happy to announce that over the past weekend, we completed the work necessary to be able to restore this functionality.  With visibility into both unencrypted HTTP and encrypted HTTPS traffic, Symantec Web Security.cloud can secure users from malware, enforce web usage policy and prevent sensitive and confidential data from leaving the network.

As a reminder, the following products and services are NOT at risk and no our customers do not need to take any action:

  • Symantec Email Security.cloud
  • Symantec Email Security.cloud – Policy Based Encryption
  • Symantec Instant Messaging Security.cloud
  • Symantec Enterprise Instant Messenger.cloud
  • Symantec Web Security.cloud
  • Symantec Email & Web Security.cloud management portal (AKA ClientNet)
  • Symantec Messaging Gateway
  • Symantec Web Gateway

Symantec has launched a dedicated site where you can find the latest HeartBleed related updates on other Symantec products as well as advice for businesses and consumers.


Leave a Reply