TMCnet News
Venafi Co-Authors New NIST Report on Managing & Securing SSH KeysSALT LAKE CITY, Dec. 1, 2015 /PRNewswire/ -- Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, announced today the publication of a new National Institute on Standards and Technology (NIST) report entitled, "Security of Interactive and Automated Access Management Using Secure Shell (SSH)." NIST partnered with Venafi and others to coauthor the report to raise awareness of the major vulnerabilities associated with SSH user key management and to provide concrete steps for securing and protecting SSH systems and environments. "A compromised cryptographic secure shell or SSH key is by far one of the worst case breach scenarios for any enterprise. Once an attacker has root-level or privileged access, they have the keys to the kingdom to completely take over an entire network or system and compromise it however they want," said Kevin Bocek, Vice President of Security Strategy & Threat Intelligence at Venafi. "At Venafi, we've been educating our customers for the past decade on the importance of securing and protecting their SSH keys. We're therefore pleased to contribute to this valuable report that will help educate security professionals about the risks associated with unsecured SSH keys and give them proper guidance on what steps they should take to best protect their systems." "Because SSH plays such an important role in securing administrative and automated access to a wide variety of systems across organizations of all sizes, it is critical to have a comprehensive set of policies, processes, and technical security controls in place for the proper management and oversight of SSH keys and configuration," says Matthew Scholl, chief of the National Institute of Standards and Technology's computer security division. Research from Venafi and The Ponemon Institute found that 3 out of 4 Global 2000 organizations have no security system for SSH, leaving the door open for rogue, root-level access and data compromises, and nearly half of all enterprises never rotate or change SSH keys. This makes their networks, servers, and cloud systems completely owned by malicious actors when SSH keys are stolen and misused. Notable SSH compromises in the past few years include:
The NIST publication describes several SSH vulnerability areas commonly found in enterprises, including:
Added Bocek, "Most IT and security professionals don't realize that SSH keys can provide root-level access and don't expire—ever. So once an attacker has stolen an SSH key, they will likely have perpetual backdoor access. That's why it's critically important that enterprises take action now to protect their SSH keys and review this NIST guideline." To view a full copy of the NIST report, please visit: http://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.7966.pdf About Venafi As the market-leading cybersecurity company in Next Generation Trust Protection (NGTP) and a Gartner-recognized Cool Vendor, the Venafi Trust Protection Platform™ protects keys and certificates and eliminates blind spots from threats hidden in encrypted traffic. As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™, Venafi TrustForce™, and Venafi TrustNet™ help organizations know what's trusted and "self" in order to regain control over keys and certificates on mobile devices, applications, virtual machines and network devices and out in the cloud. From stopping certificate-based outages to enabling SSL inspection, Venafi creates an ever-evolving, intelligent response that protects your network, business, and brand. Venafi Threat Center also provides primary research and threat intelligence for attacks on keys and certificates. Venafi is the market leading cybersecurity company in Next Generation Trust Protection (NGTP). As a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to secure cryptographic keys and digital certificates that every business and government depends on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures and unplanned outages. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, retail, insurance, healthcare, telecommunications, aerospace, manufacturing, and high tech. Today Venafi protects four of the top five U.S. banks, eight of the top U.S. 10 health insurance companies and four of the top seven U.S. retailers. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Intel Capital, Origin Partners, Pelion Venture Partners, QuestMark Partners, and Silver Lake Partners. For more information, visit www.venafi.com. To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/venafi-co-authors-new-nist-report-on-managing--securing-ssh-keys-300186014.html SOURCE Venafi |