SHHHH… It’s SSH: The Keys to the Enterprise Left Under the Doormat
- Derek Brink, VP and Research Fellow, IT Security, Aberdeen Group
- Kevin Bocek, VP of Security Strategy & Threat Intelligence, Venafi
There’s a secret lurking in almost every enterprise: access to the most sensitive data, servers and clouds using secure shell (SSH) is going unchecked. The keys to the enterprise are exposed and leave organizations vulnerable to attack and data loss. 64% of enterprises surveyed by Aberdeen Group have not established security policies for SSH keys and don’t have proper SSH security controls to protect the root-level, privileged access SSH provides.
Not surprising then, Dell SecureWorks found 45% of all vulnerabilities in Amazon Web Services were SSH-related. As a result, APT adversaries like the Mask group and others have been stealing SSH keys for up to 7 years, gaining rogue, administrative access, and are able to maintain a foothold even after malware is cleaned up.
View this on-demand webinar to understand Aberdeen’s recommendations for mitigating SSH vulnerabilities and learn how to:
- Gain situational awareness of where, how, and who is using SSH
- Enforce policies including SSH key rotation, replacement, and strength
- Monitor and audit SSH to maintain visibility and detect anomalies
View this webinar now. Simply complete the form on the right.
A Harte-Hanks Company
Aberdeen provides fact-based research and insights focused on the global, technology-driven value chain. Aberdeen's benchmarking, market and solution assessments, sales acceleration programs, and conferences support the Global 5,000 value chain and technology executives, along with the solution providers that serve them.
Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity—cryptographic keys and digital certificates—so they can’t be misused by bad guys in attacks. Venafi constantly assesses which SSL/TLS, SSH, WiFi, VPN and mobile keys and certificates are trusted, protects those that should be trusted, and fixes or blocks those that are not. As the market-leading cybersecurity company in Next Generation Trust Protection (NGTP), the Venafi Trust Protection Platform™ protects keys and certificates and eliminates blind spots from threats hidden in encrypted traffic. Venafi customers include the world’s leading Global 5000 companies.