Black Lotus Partners with CloudSigma to Provide Enhanced DDoS Protection in Cloud Environments

International Customers Can Now Leverage the Customizable, Enterprise-Scale Cybersecurity Solution for a More Seamless, Protected Cloud Experience

November 04, 2014 09:00 AM Eastern Standard Time

SAN FRANCISCO--(BUSINESS WIRE)--Black Lotus, a leader in availability security and provider of distributed denial of service (DDoS) protection, today announced a partnership with CloudSigma, a public cloud infrastructure-as-a-service (IaaS) provider with advanced hybrid hosting solutions. As DDoS attacks become increasingly common across industries, it is crucial for cloud providers to consider the cybersecurity of their customers. By partnering with Black Lotus, CloudSigma’s customers are afforded enhanced protection, ensuring they aren’t at risk for wasted time or resources in the event of a targeted DDoS attack.

“Recent research shows that nearly 40 percent of enterprises are unprepared for DDoS attacks, which can be very hard to recover from”

For a global cloud provider like CloudSigma that services major enterprises across markets, a basic, automated DDoS mitigation offering is insufficient. As DDoS methods grow more complex, countermeasures require a larger portion of a business’ IT team to manage the attack, pulling employees away from their primary responsibilities and incurring significant losses in revenue as a result. Black Lotus provides hands-on, customizable protection that takes into account the environments at stake to give CloudSigma customers the guaranteed around-the-clock uptime that they rely on for optimum productivity and maximum profits.

“Recent research shows that nearly 40 percent of enterprises are unprepared for DDoS attacks, which can be very hard to recover from,” said Robert Jenkins, chief executive officer at CloudSigma. “Our partnership with Black Lotus enhances our existing core infrastructure DDoS protection with a more user-focused, customizable service. It will also complement our firewall policies for greater security in general, giving our customers a more seamless, protected experience in our cloud.”

Black Lotus’ Chief Security Officer and Co-Founder Shawn Marck said, “Our company’s mission is to ensure our customers – whether websites, protected servers or data centers – can go about their business without fear of censorship or disruption due to a DDoS attack. By partnering with CloudSigma, we’re able to expand into new regions and market segments and provide the proactive security-as-a-service solution that enterprises need to easily sidestep the prolonged detrimental impact an attack can have.”

Black Lotus’ DDoS protection solution is available immediately from all of CloudSigma’s cloud locations, including San Jose, Washington D.C., Miami and Honolulu in the U.S., and its dual locations in Zurich, Switzerland in Europe.

Service providers and data center companies that are interested in DDoS protection services can contact Black Lotus at sales@blacklotus.net or call 866-477-5554.

About Black Lotus

Black Lotus Communications is a security innovator and pioneer of the first commercially viable DDoS mitigation solutions. These advanced solutions enhance the security posture of small and medium businesses and enterprise clients while reducing capital expenditures, managing risk, ensuring compliance, and improving earnings and retention. Breakthrough developments at Black Lotus include the world's first DDoS-protected hosting network, the first IPv6 DDoS mitigation environment, and the first highly effective Layer 7 attack mitigation strategy. For more information, visit www.blacklotus.net or follow Black Lotus on Twitter at https://twitter.com/ddosprotection.

About CloudSigma

CloudSigma is a pure-cloud Infrastructure-as-a-Service (IaaS) provider that offers highly-available, flexible, enterprise-class cloud servers and cloud hosting solutions, both in Europe and the U.S. CloudSigma is one of the most customizable cloud providers on the market, giving customers full control over their cloud and eliminating restrictions on how users deploy their computing resources. With CloudSigma, customers can provision processing, storage, networks and other fundamental computing resources as they please, as well as easily deploy any operating system or application with full root/administrative access. The result is a high-performing cloud at an efficient price.

With infrastructure in Equinix data centres in Zurich, Switzerland, as well as Washington DC, San Jose & Miami, US, and a DRFortress data center in Honolulu, CloudSigma selects the highest-quality facilities to support its innovative infrastructure. CloudSigma is increasingly being recognized for its advancement of the cloud IaaS industry and more information may be found at www.CloudSigma.com or by visiting the company on Twitter@CloudSigma, Facebook and Google+.

Contacts

Black Lotus Press Contact:
Metis Communications
Justine Boucher, +1 617-236-0500
blacklotus@metiscomm.com
or
CloudSigma Press Contact:
March Communications
Meredith L. Eaton, +1 617-960-9877
cloudsigma@marchpr.com

Tags: Customers → DDoS attacks → DDoS mitigation → DDoS protection → DrDoS attacks → Partnerships → Protection for Networks → SQL injection → SSL → Vulnerabilities

Black Lotus Partners with CloudSigma to Provide Enhanced DDoS Protection in Cloud Environments

By Unknown → Tuesday, November 4, 2014

Defending your site against the Heartbleed vulnerability

Earlier this week US-CERT released details of a vulnerability (CVE-2014-0160), which exists in OpenSSL, a software package used by many web servers such as Apache and nginx to provide encryption for HTTPS connections. OpenSSL versions in the 1.0.1 series prior to 1.0.1g with the RFC6520 TLS heartbeat extension enabled are susceptible, accounting for an estimated 500,000 servers worldwide. To mitigate this threat server administrators must upgrade to OpenSSL 1.0.1g or recompile existing 1.0.1 implementations with the -DOPENSSL_NO_HEARTBEATS flag.

By exploiting this vulnerability an intruder is able to view up to 64kb of data in memory, potentially revealing the site's SSL private key and other confidential information such as login names and passwords. This vulnerability is particularly dangerous as it has existed for the past 2 years and it is almost certain that those with nefarious intentions have been exploiting the vulnerability for quite some time. This means that all login names, passwords, and SSL keys on affected systems must be considered compromised.

A hacker with a stolen SSL key is particularly dangerous. This makes it possible for the hacker to poison DNS cache and create a seemingly perfect clone of the site for which the SSL key was created. Visitors will believe that they are visiting the real site and will see the SSL padlock as expected with zero indication that the visitor has been redirected to a malicious copy of the site, almost certainly resulting in theft of the visitors private information such as login credentials, identifying information, financial data, and so forth.

Black Lotus recommends that system administrators take the following course of action:

- Ensure that web servers are not running a vulnerable OpenSSL implementation.
- In the event that the server was ever running a vulnerable OpenSSL implementation, contact the SSL certificate authority for any keys which may have been compromised and request revocation of the certificate. A new SSL certificate based on a new CSR will be required.
- To be certain, test your site using this tool.- Regardless of the outcome of the aforementioned test, change all passwords, continue to do so frequently and do not use common passwords across multiple sites.

Black Lotus is proactively responding to this threat by testing internal systems and those of managed clients. We have confirmed that no Black Lotus systems have been impacted by this vulnerability and no confidential information such as customer login credentials have been compromised. Regardless, we encourage customers to use the aforementioned tool to test for this vulnerability. In the event that a web server is deemed vulnerable it is important to inspect not only the origin web server but also any proxy, such as a DDoS protection service, that may be handling traffic for the site as an OpenSSL implementation on either could result in a leak.

If you have any concerns about the security of your Black Lotus server or DDoS protection service please contact support@blacklotus.net for immediate remediation assistance.

Tags: Articles → Heartbleed → SSL → Vulnerabilities

Defending your site against the Heartbleed vulnerability

By Unknown → Wednesday, April 9, 2014