Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Mocana offers ‘Drop-In’ OpenSSL Replacement for Apache Web Servers

Security solutions vendor Mocana has taken somewhat of a sidestep from its focus as a provider of embedded device and mobile security solutions, and has released what it calls a highly secure drop-in replacement for the widely adopted OpenSSL stack for Apache Web servers.

Security solutions vendor Mocana has taken somewhat of a sidestep from its focus as a provider of embedded device and mobile security solutions, and has released what it calls a highly secure drop-in replacement for the widely adopted OpenSSL stack for Apache Web servers.

Dubbed NorthStar, the solution was developed from the ground up using modern programming practices and tools by security experts to ensure high code quality, Mocana said.

Mocana LogoAs an enterprise-grade secure connectivity solution for Apache web servers, NorthStar provides organizations with a high-quality secure sockets layer SSL/TLS alternative to OpenSSL that can be installed on Apache servers with a single command in a few minutes.

NorthStar includes all the necessary connecting “glue” needed to provide a simple, drop-in replacement for OpenSSL, the default cryptographic library provided for Apache web servers, Mocana added. 

OpenSSL has proven to be highly vulnerable, as evidenced by the recent Heartbleed vulnerability discovered earlier this year, a flaw that still plagues many enterprises around the globe. In fact, according to a recent report from Venafi, just 3 percent of external-facing servers in the world’s largest companies have been fully protected from the Heartbleed vulnerability.

“Complexity is the enemy of security, and with 457,000 lines of code that need patching seemingly every week, OpenSSL has kept many IT managers awake at night, waiting to react to the next announced vulnerability. The code for the TLS stack in NorthStar is only a fraction of that size, and has been comprehensively tested,” said James Blaisdell, CTO at Mocana. “The open source community has made numerous useful and popular contributions to the software industry, including the Apache server itself. But, it is clear that in the case of OpenSSL, this route has failed to keep up with industry and compliance requirements.”

San Francisco, Calif.-based Mocana also offers its NanoSSL solution for developers to provide secured data transport in embedded devices such as switches, routers, access points and modems, as well as medical equipment, industrial sensors, smart grid devices, camcorders and other devices that comprise the Internet of Things.

Available immediately for all major Linux platforms, pricing for NorthStar begins with a low volume subscription at $350 per server annually, with volume price discounts available. The company also is offering an option for an unlimited deployment for a three-year term. Licensed customers receive source code and precompiled binaries with per-server perpetual or subscription licensing.

Related: Organizations Slow at Patching Heartbleed in VMware Deployments

Advertisement. Scroll to continue reading.

RelatedHeartbleed Vulnerability Still Beating Strong

RelatedRecovering from Heartbleed: The Hard Work Lies Ahead

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.