Skip to main content
banner image
venafi logo

Here’s How to Secure the Internet’s Shaky Foundation

Here’s How to Secure the Internet’s Shaky Foundation

October 7, 2015 | Jeff Hudson, Venafi CEO
Key Takeaways
  • The foundation of the Internet is based on two pillars: DNS and PKI-SSL
  • Cybercriminals misuse PKI-SSL to create trusted identities and to hide in encrypted channels
  • We need a third pillar: the Immune System for the Internet™ to identify and neutralize misused certificates

The foundation of the internet, DNS and PKI-SSL, is now threatened by attacks using SSL/TLS keys and certificates. We need an Immune System for the Internet to identify and neutralize key and certificate misuse.

Photo by Paulo Raquec. Unedited.

Photo by Paulo Raquec. Unedited. Flickr.

When we humans created the cyber realm known as the Internet, we based its foundation on two fundamental technology pillars: DNS (Doman Name System) and PKI-SSL (Public Key Infrastructure-Secure Sockets Layer). DNS was the Internet's first technology pillar: It functioned like an address book and postal-delivery service, providing routing tables that got electrons (that is, electronic information) from Point A through 10 or 12 hops to Point B.

For a little while, DNS's miraculous ability to move information from computer to computer was enough.

Then people realized they couldn't necessarily trust the information they received via the Internet because there was no way to truly identify the sender. Peter Steiner's 1993 New Yorker cartoon delightfully illustrated this problem. In it, a computer-savvy canine tells his cartoon pal: "On the Internet, nobody knows you're a dog."

On the Internet, nobody knows you're a dog.

The Internet is a Good Place to Hide

In 1995, Netscape's chief scientist, Taher Elgamal, spearheaded the effort to address the Internet's identity problem through the second technology pillar (SSL), and soon X.509 certificates were providing trustworthy communications to individuals and organizations everywhere. So foundational is this technology today that the New Yorker recently published a sequel to Steiner's famous cartoon—a 2015 cartoon by Kaamran Hafeez, wherein both dogs are computer savvy and the first says to the other: "Remember when, on the Internet, nobody knew who you were?"

For a little while, PKI-SSL's ability to establish trusted identities and to encrypt data was enough.

But in the last five years, many cybercriminals have successfully attacked businesses and governments that rely on the second technology pillar to provide trusted identities. And they've done it by using the pillar itself in the form of forged or stolen certificates and keys. You see: certificates and keys are powerful. They authenticate people, in this case the cybercriminals who stole or forged them, and they open the vaults to rich stores of information. They also encrypt data. So authenticated cybercriminals can use them to bring malware in, encrypted so no one can see it, and to send valuable data out, again encrypted. And  the problem is only compounded given that many of Global 5000 organizations blindly trust  the keys and certificates deployed on their networks.

The Solution has to Intelligently Adapt to Change

To fix this problem, we need a third technology pillar: We need a cyber equivalent of the human immune system. Just as the human immune system travels throughout the body using HLA (human leukocyte antigen) markers to identify what is self and what is other, the Internet needs a technology that travels throughout cyber systems and identifies certificates that are forged or stolen—and then automatically neutralizes them, just as the human immune system automatically surrounds and destroys entities that are not self.

In other words, what the Internet needs if it is to have a whole and healthy foundation is the Immune System for the Internet™. Without it, the Internet's foundation will surely crumble.  This is our mission: to provide global organizations with an intelligent, adaptive security solution that works like an immune system to secure the foundational trust that keys and certificates provide.

Check out this video on the Immune System for the Internet.

Like this blog? We think you will love this.
PKI best practices
Featured Blog

Bulletproof PKI: Can You Pass the Quality Test?

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Machine Identity Protection for Dummies

Machine Identity Protection for Dummies

About the author

Jeff Hudson, Venafi CEO
Jeff Hudson, Venafi CEO
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more