TMCnet News
New Venafi Survey Reveals IT Security Pros Acknowledge Risks from Untrusted Certificates But Take No ActionSALT LAKE CITY, Sept. 9, 2015 /PRNewswire/ -- Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, today released the results of its 2015 Black Hat USA survey, gathered from over 300 IT security professionals during the week of August 3rd in Las Vegas, NV. The survey data reveals that most IT security professionals understand and acknowledge the risks associated with untrustworthy certificates and keys, which act as the foundation of all cybersecurity, but take no action. The survey also reveals that some information security pros don't understand what security services certificate authorities (CAs) do and do not provide. By design, cryptographic keys and digital certificates are natively trusted by servers and other security applications to provide authentication and authorization for everything that is IP-based today, including servers, clouds, applications, and Internet of Things (IoT) devices. Yet this blind trust is being misused against organizations by cybercriminals so they can monitor and impersonate their targets to steal data. Recent examples include the General Motors (GM) RemoteLink application hack where lack of SSL/TLS validation facilitated the hack and The Federal Reserve Bank of St. Louis, whose inconsistent use SSL/TLS and multiple CAs (including GoDaddy) made it easy for attackers to setup fake websites, redirect visitors, and target Fed users. There are hundreds of CAs issuing digital trust across the globe and the average organization has over 23,000 keys and certificates, according to Ponemon Institute research. When a major CA is breached, or when a CA fraudulently issues unauthorized certificates for an organization, attackers can impersonate, surveil, and monitor their organizational targets as well as decrypt traffic and impersonate websites, code, or administrators. Unsecured keys and certificates provide the attackers trusted access to the target's networks and allow them to remain undetected for long periods of time. Venafi's 2015 Black Hat USA survey revealed:
Added Bocek, "Ultimately, if what our survey data says is true, and IT security professionals do understand the risks of untrusted CAs like CNNIC but do nothing about them, we will continue to see more and more MITM attacks and certificate-related breaches. Unfortunately, we live in a world without trust today because there is no immune system to detect keys and certificates that do not belong and are being misused as the bad guys accelerate their attacks. As a whole, global organizations and IT security and operations teams need to wake up and take the steps necessary to secure their keys and certificates and realize that the CAs just can't help with that. As billions of devices come online and more IoT devices are widely adopted, it will become all the more critical to protect the keys and certificates that are used for authentication, validation, and privileged access control." A full copy of Venafi's 2015 Black Hat survey report is available at Venafi.com/BH2015. About Venafi As the market-leading cybersecurity company in Next Generation Trust Protection (NGTP) and a Gartner-recognized Cool Vendor, Venafi delivered the first Trust Protection Platform™ to protect keys and certificates and eliminate blind spots from threats hidden in encrypted traffic. As part of any enterprise infrastructure protection strategy, Venafi TrustAuthority™, Venafi TrustForce™, and Venafi TrustNet™ help organizations regain control over keys and certificates by establishing what is self and trusted on mobile devices, applications, virtual machines and network devices and out in the cloud. Venafi protects Any Key. Any Certificate. Anywhere™. From stopping certificate-based outages to enabling SSL inspection, Venafi creates an ever-evolving, intelligent response that protects your network, your business, and your brand. Venafi Threat Center also provides primary research and threat intelligence for attacks on keys and certificates. Venafi customers are among the world's most demanding, security-conscious Global 5000 organizations in financial services, retail, insurance, healthcare, telecommunications, aerospace, manufacturing, and high tech. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners, and Origin Partners. For more information, visit www.venafi.com. To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/new-venafi-survey-reveals-it-security-pros-acknowledge-risks-from-untrusted-certificates-but-take-no-action-300139725.html SOURCE Venafi |