Even though your organization is spending millions in security technology to protect the business and stop adversaries, cybercriminals are still getting away with your data. It’s time to take a long hard look at your security strategy and ask yourself where all the gaps are. One area where most organizations fall short is key and certificate security. I’m not talking about key and certificate management—it doesn’t help mitigate or detect trust-based attacks.
The sad truth is that your organization has probably invested millions of dollars in security solutions but failed to secure keys and certificates. And as a result, the security solutions you have implemented wind-up having diminished effectiveness, because you have a gaping hole in your security strategy in which adversaries are taking advantage. I’m talking about trust-based attacks. In the last 2 years, the attacks on keys and certificates have increased dramatically with enormous impact. There are hundreds of examples, but the more well-known ones, like Snowden, Energetic Bear, Carreto, or Heartbleed, all show just how ineffective the security investments your organization is making are against trust-based attacks.
Time for a change
The perception that basic key management is good enough, either with a key lifecycle management solution or the good old spreadsheet, is like wearing a bikini in a snowstorm—you’re dangerously exposed! So if bad actors have realized the value in stealing, forging, and using keys and certificates in their malicious campaigns to bypass all the new security technology you’ve implemented, why are you still leaving your jacket at home? It’s time to dress for the weather. Take a good long hard look at your security strategy and evaluate your organization is protecting its keys and certificates.
Basic key management is not going to help you identify rogue usage of keys and certificates in the network. Neither is an IDS/IPS, NGFW, Sandboxing, or even an SSL gateway scanning solution. The truth of the matter really is that keys and certificates are blindly trusted. Combatting threats that leverage these trusted assets requires a targeted solution designed to discover their misuse.
Revamping your security strategy
Don’t undermine the millions of dollars your organization has invested in security solutions with a gap in your key and certificate protection. Close this gap to make all of your security solutions more effective. Here are some recommendations on implementing key and certificate security:
Identify vulnerabilities related to keys and certificates and remediate by replacing vulnerable keys and certificates.
Establish a baseline norm of key and certificate usage. In doing so, you will quickly be able to identify any rogue usage of keys and certificates that trigger security events.
Define and enforce centralized policy for all keys and certificates—including SSH keys.
Automate the remediation of trust-based attacks to reduce the overall impact.