Skip to main content
banner image
venafi logo

4 Ways to Arm Your Incident Response Team for Rapid Key and Certificate Remediation

4 Ways to Arm Your Incident Response Team for Rapid Key and Certificate Remediation

June 25, 2015 | Patriz Regalado

Your network has been attacked and your security is compromised. Your incident response (IR) team goes to work trying to discover the cause of the breach and restore your organization’s equilibrium—the faster the better. Just how fast and how thorough that process is has a lot to do with the tools your IR team uses, particularly when it comes to cryptographic key and digital certificate security.

Most security controls blindly trust keys and certificates, allowing cybercriminals to use them to hide in encrypted traffic, spoof websites, deploy malware, and steal data. The 2015 Cost of Failed Trust Report, published by the Ponemon Institute, confirmed just how widespread the problem is. Every Global 5000 company in the survey had responded to an attack involving keys and certificates within the last 24 months.

Breaches using keys and certificates put sensitive data in the wrong hands and damage corporate reputations. They also consume staff hours and result in lost operational and development time. IT security professionals who responded to the Ponemon Institute estimate the total impact of attacks using keys and certificates at almost $600 million. They also estimate a total risk for each organization of $53 million over the next two years.

Incident Response teams also have to respond to outages. With the increased use of keys and certificates, there are also more outages—all organizations surveyed had 2 or more certificate-related outages over the last 2 years with a total possible impact of $15 million per outage.

The Ponemon Institute report revealed other surprising facts. The average enterprise has over 23,000 keys and certificates, but 54% of security professionals admit that they don’t know where their keys and certificates are located, who owns them, or how they are used. With this lack of visibility it’s not surprising that 100% of organizations responded to attacks using keys and certificates as well as certificate-related outages. And when they respond to incidents, most companies try to get by with issuing new certificates but not issuing new keys, which leaves an organization open to continued breaches, outages, and exploitation.

Keys and certificates in incident response plans.

Without key and certificate security built into your IR plan, your IR team won’t be able to act quickly to determine the extent of the attack and bring your organization back to a trusted, secure state. Here are 4 ways to strengthen IR with key and certificate security controls.

  1. Ensure complete visibility
    • Identify all keys and certificates across networks, cloud instances, CAs, and trust stores.
    • Map user access to servers and applications
    • Establish a baseline to identify misuse
  2. Enforce policies and workflows
    • Implement policy criteria for strong cryptography and key and certificate rotation
    • Enforce configurable workflow capabilities for replacement, issuance, and renewal
    • Track response progress with real-time dashboards and reports
    • Terminate access when needed, revoking all certificates associated to a user
  3. Automate management and security
    • Automate and validate the entire issuance and renewal process
    • Replace certificates in seconds, and remediate across thousands of certificates within hours following a certificate authority compromise or a new vulnerability such as Heartbleed
  4. Establish certificate reputation insight.
    • Use global certificate reputation to identify certificate misuse such as stolen certificates used for spoofed websites
    • Remediate immediately through certificate whitelisting and blacklisting

Security Operations and Incident Response teams need to be able to identify what is “self” and trusted and what is not and therefore dangerous. When key and certificate security is added to your incident response plan, you can identify which keys and certificates are trusted, protect those that should be trusted, and fix or blocks those that are not. With this security in place, you can quickly return the network to a trusted state while minimizing damages, downtime, outages, recovery time, and costs—all while protecting your network, your business, and your brand.

Has your IR team recently responded to attacks using keys and certificates? What approaches has your team found helpful to return to a secure, trusted state after these attacks?

Like this blog? We think you will love this.
 Bild eines verärgerten jungen Mannes, der mit dem Kopf in der Hand auf seinen Computerbildschirm starrt
Featured Blog

Erneuerung, Neuausstellung, Widerruf – so vereinfachen Sie das Zertifikatsmanagement

Nachfolgend finden Sie einige Informationen zu jedem dieser Verfahren.  

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Patriz Regalado
Patriz Regalado
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more