Dome9 Security Addresses Widespread Microsoft RDP Cloud Server Vulnerability

Dome9's Cloud Security Firewall Management Service Provides Strategic Response to Eliminate Ongoing Cloud Server Threats From OS and Application Vulnerabilities


SAN MATEO, CA--(Marketwire - Mar 22, 2012) - Dome9 Security, the leading provider of cloud security firewall management for public and private clouds, as well as for dedicated and virtual private servers (VPS), today announced that its cloud security firewall management service protects cloud servers from today's serious cloud server security threats, including the recently publicized Microsoft Remote Desktop Protocol (RDP) vulnerability. Dome9's cloud security service that automates firewall management eliminates the tactical response to both known vulnerabilities, and vulnerabilities yet to be discovered, and delivers a strategic approach to securing cloud servers.

Employed across millions of cloud and virtual private servers, RDP is a widely used service to control remote Windows servers. The recently announced vulnerability allows hackers to gain full access of any Windows server running RDP and execute remote code without needing any authentication to the server. The exploit affects all versions of Windows Server for any public, private, or hybrid cloud, as well as traditional datacenters, but Windows cloud servers are at the greatest risk because most have public-facing, open RDP ports that are not protected by a corporate perimeter.

"Microsoft's RDP vulnerability and others like it pose a serious threat to cloud servers," said Tim Mather, founding member of the Cloud Security Alliance, and co-author of "Cloud Security & Privacy." "Cloud users should take a proactive, strategic approach to securing their cloud servers that goes beyond the tactical, reactionary response of relying on patching alone."

"Hacker kits are already available for download that make it easy to identify and exploit this vulnerability on any Windows cloud server," said Roy Feintuch, Dome9 CTO and Co-Founder. "And, despite the newly released patch, it will take months -- if not years -- for every cloud server to be updated, creating a huge window of exposure for attackers. Dome9 provides a strategic solution to recurring vulnerabilities such as this, giving cloud users a long-term security solution that virtually eliminates the risk from vulnerabilities in the OS and application layers."

In addition to addressing this RDP vulnerability, Dome9 eliminates the risk from future, yet undiscovered vulnerabilities, and ends the continuous cycle of find and fix fire drills. Instead of keeping RDP and other service ports open publically on cloud servers, Dome9's cloud security service enables cloud users to close them, by default, and get secure, on-demand access. Dome9 ensures only authorized users can get to the secured resources they need, and any vulnerabilities from the OS and/or applications are virtually irrelevant because they are never exposed to the outside world. Dome9 has two offerings: The new, free Dome9 Lite Cloud, which provides centralized firewall management for an unlimited number of servers and clouds in virtual private, cloud, collocated, and hosted environments; and the pay-as-you-go Dome9 Business Cloud, which adds advanced policy automation.

Dome9 Security is the only cloud security service to automate cloud firewall management for public and private clouds, as well as for dedicated and Virtual Private Servers (VPS), across all platforms. Dome9 closes a critical gap in today's cloud computing server security -- ports such as SSH, RDP, and MYSQL left open so administrators can connect to and manage their cloud servers. This common practice leaves servers vulnerable to hackers who need only guess the correct username and password or exploit any protocol vulnerability to gain unauthorized control of a server. Dome9 secures all administrative ports -- for all servers and clouds -- enabling secure access, on-demand. Its key innovation is the ability to provide secure access leasing -- dynamically generated, time-based secure access to cloud servers -- which enables customers to close all server administrative ports by default.

About Dome9 Security
Dome9, the leader in cloud security management, automates and centralizes cloud firewall management across all servers and clouds. Available for both enterprises and hosting providers, and as a free offering, Dome9 supports clouds, VPS, dedicated servers, and Amazon's EC2 Security Groups, across all major operating systems and service providers. Dome9 is headquartered in Tel Aviv, Israel, with U.S. offices in San Mateo, Calif., and is venture backed by Opus Capital Ventures. For more information, visit: http://www.dome9.com/.

Dome9, Dome9 Central, Dome9 Connect, Dome9 Cloud Lite, and Dome9 Agent are registered trademarks of Dome9 Security. All other trademarks are registered to their respective companies. Copyright© Dome9 2012.

Contact Information:

Editorial Contact:
Dan Spalding
Spalding Communications, LLC
(408) 960-9297