Imagine for a minute what would happen if you could not trust any transaction on the Internet. Not too long ago you would not have ever considered buying something online—simply because there were no guarantees of privacy or security on the internet. The popular cartoon published by the New Yorker in 1993 shows a dog surfing the internet with the caption, “on the internet, nobody knows you’re a dog.” That all changed with the use of digital certificates to help drive trust on the internet. With digital certificates one is able to ensure digital transactions are both confidential and unaltered.
Fast forward to today where the average American adult spends 11 hours per day with electronic media, and it becomes critical to be able to establish confidentially and integrity of Internet data at all times. Keys and certificates are intertwined into our everyday lives so much so that taking advantage of the trust established by them is the perfect attack vector. Unfortunately this is exactly what has happened!
Cybercriminals understand that by taking advantage of a trust mechanism like keys and certificates, it once again becomes very difficult to identify with whom you are exchanging information—all of a sudden we are back in 1993. In the last 6 months, we’ve seen large organizations like Sony and Anthem fall victim to breach through the misuse of keys and certificates. Keys and certificates are quickly becoming the preferred attack vectors for cybercriminals, and the problem is so large that Gartner predicts by 2017, 50% of network attacks will use SSL due to the trusted channel it provides. Moreover, it’s not only cybercriminals that misuse certificates, corporations like Lenovo and GoGo both used certificates to perform man-in-the-middle (MITM) attacks to inject adds or manipulate traffic.
Combating Certificate Misuse with Certificate Reputation
Like reputation services for URLs, email, and files, certificate reputation was born out of necessity to help enterprises detect new threats. Cybercriminals are increasingly misusing digital certificates in malicious campaigns and going undetected for extended periods of time.
Phishing is one of the most common practices used to steal credentials and banking information. To support this, cybercriminals use fraudulent or stolen certificates. The challenge is that there are over 1.2 billion websites online right now. How would your organization scan the internet to identify the misuse of certificates to spoof your organization’s brand? Certificate reputation is designed to determine whether or not a digital certificate can or cannot be trusted.
Venafi is proud to announce our new Venafi TrustNet certificate reputation service that is available with the launch of Venafi Trust Protection Platform, version 15.1. TrustNet is a global authoritative key and certificate reputation service that identifies rogue or anomalous key and certificate usage. TrustNet offers the most comprehensive collection of key and certificate intelligence.
TrustNet employs a global sensor network to identify certificate misuse on the internet. There are no limitations to specific browsers or operating systems. Subscribers to the service can take advantage of the native integration with Venafi products to provide alerts on any anomalous certificate behavior identified for certificates issued by the enterprise that are forged or misused on the internet. For security vendors that want to take advantage of the reputation feed integrated into security gateways, a public API is provided for integration with any application.
Once a certificate anomaly has been identified, it is imperative to take immediate action. TrustNet provides global whitelisting for trusted CAs and certificates, and blacklisting for untrusted ones.
Using TrustNet, enterprises can more easily mitigate new and emerging threats: