Venafi is pleased to announce the availability of the Venafi Labs Vulnerability Report. In the last 12 months, trust-based attacks that make use of, or abuse, the trust established by keys and certificates have been catapulted to the forefront of the security industry. Highly publicized examples, like Edward Snowden, , Heartbleed, and the issuance of fraudulent certificates from intermediate certificate authorities, are causing the security industry to reevaluate how keys and certificates are secured.
Garter estimates that by 2017, 50% of network-based attacks will use SSL. This is no surprise when you consider that many organizations are enabling always-on-SSL and have little to no visibility into how keys and certificates are configured or secured. Most organizations lack the visibility into their SSL / TLS landscape. The result is that these organizations are in a state of increased exposure to trust-based attacks and have no ability to respond.
The gaps in enterprise security for keys and certificates diminish the effectiveness of all other security investments. Bad actors are able to bypass defense-in-depth solutions because of the trusted status they gain from abusing keys and certificates.
Venafi Labs frequently analyzes the websites of the Global 2000 organizations and the Alexa Top 1 Million to identify SSL / TLS vulnerabilities. The Heartbleed research [g1] that was recently published by Venafi was derived from the global SSL / TLS threat intelligence provided by the Venafi Labs Vulnerability Report. This threat intelligence is now available to anyone, allowing organizations to perform SSL / TLS vulnerability analysis for their entire publicly-facing server footprint.
Venafi Labs Vulnerability Report provides organizations with the ability to easily identify where they need to take action first to reduce their attack surface against trust-based attacks.
Automated vulnerability scanning for an organization’s entire SSL / TLS publicly-facing landscape
Once an organization is registered on the portal, the Venafi Labs Vulnerability Report will identify any of its publicly-facing SSL / TLS hosts for evaluation. This is a critical step that many organizations miss. The majority of reports show hosts of which the information security group was not aware, to which it has not applied security policies, or weak security configuration. Imagine that you have a backdoor to your house that you didn’t know about, it’s unsecured, and criminals have been using it to secretly gain access to your house for years! Although this is unlikely for an actual house, this is commonplace for SSL / TLS hosts.
It’s good practice to evaluate the hosts you know about from a SSL / TLS security perspective. But how can you evaluate the SSL / TLS security posture for systems of which you are not aware? Venafi Labs Vulnerability Report helps organizations find these ‘hidden secret doors’ into the enterprise network.
Venafi Labs Vulnerability Report performs a detailed evaluation of SSL / TLS for an organization and is able to identify which hosts belong to that organization. Unlike other solutions that only focus on a single domain at a time, the Venafi performs deep analysis to gather all publicly-facing hosts associated with an organization—including subsidiaries.
Identification of the most egregious SSL / TLS vulnerabilities
When evaluating the publicly-facing SSL / TLS security landscape, it is very easy to get overwhelmed when trying to decide where first to start remediating vulnerabilities. Venafi Labs simplifies this task with the introduction of the Venafi Labs Vulnerability Report Vulnerability Scale.
Using this Vulnerability Scale, users can quickly and easily identify where the most egregious publicly-facing SSL / TLS vulnerabilities are that should be addressed first. Using this methodology, organizations can rapidly reduce their overall threat surface.