Reputation Protection for a Leading Worldwide Bank
Before Venafi: Stolen certificate found on phishing site; ~100 servers / tens of millions of records accessed in attack; business and brand damage.
After Venafi: Global certificate reputation that flags misuse across the Internet; immediate whitelisting and blacklisting of certificates; protection of business and brand.
This large, North American energy company uses mobile devices across its workforce and secures these devices using certificates. This enables its ten-thousand employees to safely transport, generate, and distribute energy. Many workers require multiple certificates across various devices. At its current size and growth, manual certificate management and security processes were unsustainable.
Banks are a popular target of phishing scams. Bad guys work to steal or forge certificates that will make their phishing sites look more legitimate and increase the success of their attacks. Most organizations don’t have visibility into the misuse of their certificates or into certificate reputation to better identify stolen or forged certificates that are abusing their brand.
For this leading worldwide bank, the bad guys were able to use a stolen SSL private key and certificate to conduct a very effective phishing campaign that remained undetected for months. These cybercriminals were able to access almost 100 servers and tens of millions of customer records. After this attack the organization struggled with repairing their damaged brand and rebuilding customer confidence. They turned to Venafi for help with remediation efforts and security that would protect the company against the next attack.
The Venafi Difference
The bank is now using Venafi TrustNet to get global certificate reputation information for its domain. This reputation information flags the misuse of certificates across the Internet. And when misuse is identified, the bank can immediately remediate by blacklisting rogue certificate authorities (CAs) and illegitimate certificates, and then address the vulnerability as time allows.
With Venafi, the bank has been able to restore real trust in its digital certificates and ensure continued customer confidence in its business and brand.