In the face of rapidly evolving threats, the increasing reach of regulations and fast-changing security standards, enterprises must proactively defend the trust their business depends on. The following recommendations can provide a framework for managing and protecting SSL/TLS keys and certificates.
1. Inventory Enterprise Keys and Certificates to Ensure Accountability
Using manual processes to inventory hundreds or thousands of keys is inefficient, costly, and error-prone. To create an accurate inventory, enterprises need an automated solution that rapidly scans the IT infrastructure to identify all keys and certificates issued from multiple CAs using a high-performance discovery engine. The discovery engine will answer the question, “What system does this certificate belong to and who is responsible for maintaining secure SSL access to it?”
2. Profile SSL/TLS Vulnerabilities to Create Baseline
Organizations need increased threat intelligence to create a baseline that helps detect vulnerable keys and certificates, like those with weak encryption schemes or short key lengths. A baseline helps to identify applications served by vulnerable keys and certificates, as well as potentially compromised, unused, or expired certificates that should be revoked or retired.
3. Enforce Policies and Workflows to Reduce Risk
Flexible policy criteria, such as certificate lifetime, authorized CA, ownership assignments, and more, should be enforced through established workflows to deliver and validate certificate issuance, installation, and renewals. With automated workflows, administrators can define certificate policies as mandatory (enforced) or suggested (changeable). They can also configure process parameters such as approved certificate authorities and templates, subject DN contents, certificate contacts and approvers, automatic renewal status, expiration period, and key strength.
In addition, certificates within the security infrastructure should be automatically maintained to conform to the appropriate hierarchical security policies. The solution should also generate reports to spot policy violations for existing certificates in their original states, as well as any newly imported certificates that do not comply. By enforcing policies and workflows, the baseline profile steadily improves and is maintained in a consistent state of security and operational readiness.
4. Automate Infrastructure Refresh to Streamline Security
Strong security practices require that processes be implemented to quickly rotate any or all keys and certificates on a scheduled or as-needed basis. With an automated solution, what was once an enormous, error-prone manual task transforms into a routine part of overall security management.
Although many firms fail to take this critical step, expired or compromised certificates must be explicitly revoked, since all certificates represent trust issued by an organization. An automated solution can revoke certificates individually, in batches, or all at once to remediate major vulnerabilities like Heartbleed on OpenSSL.
Administrators should also have the ability to revoke certificates that have been superseded by new policy rules, and those formerly belonging to devices or applications that are no longer in use. Revoking unneeded certificates limits the attack exposure
5. Automate Management and Security to Deliver Greater Efficiency
Automation is needed across the entire issuance and renewal process to avoid certificate expirations and outages. With automation, you can replace certificates in seconds, integrate with dozens of CAs, and remediate across thousands of certificates in just hours in the event of a CA compromise or new vulnerability such as Heartbleed. This automation should have built-in validation, showing certificates are installed, working, and current.
6. Audit Reporting Enhances Visibility, Verifies Compliance
Audit findings open opportunities for organizations to reconsider how they enforce certificate issuance, renewal, replacement, and authorization. To ensure that audit remediation offers long-standing, repeatable security results is more than a paperwork exercise. It requires complete visibility and automated policy enforcement.
Audit capabilities should include automated reporting on all logged key and certificate events. Audit reports provide visibility into the status of controlled encryption assets. With complete, detailed audit reports, administrators can easily troubleshoot problems, perform operational reviews, verify compliance with corporate policies and regulations, and respond quickly to audit requests.
7. Incident Response Returns Networks to Trusted State
Incident Response (IR) teams are often called on to determine the malware used in an attack—where it is, what data was stolen, and what parts of the network are infected. Ideally, the IR should bring the network back to a good, trusted state. But if the attack used SSL certificates, breaches will still occur until IR teams revoke and replace all keys and certificates.
The ability to quickly respond to certificate-related incidents is essential to regain the trust your company, customers, and partners depend on. By automating the replacement of all keys and certificates, you can mitigate backdoor, surveillance, and spoofing risks, close the window of vulnerability in hours, and ensure your network is secure.
8. Self-Service Portal Prevents Errors, Ensures Compliance
A secure, easy-to-use, web-based self-service portal enables end-users to quickly request certificates for Wi-Fi, VPN, email, browser, or other applications. User certificate issuance must ensure certificates comply with security policies, eliminate guesswork on the part of inexperienced users, and prevent errors.
Once the compliant user certificates are issued, the certificates should become available for manual or automatic download into the user’s environment.