Every enterprise is exposed to losing up to $400 million over two years from attacks against cryptographic keys and digital certificates—yet few enterprises are managing these critical resources, which are the foundation of trust. The “Cost of Failed Trust” on demand webinar reveals new threats and challenges, and quantifies the costs of key and certificate management security failures.
View the on-demand webinar at http://www.venafi.com/cost-of-failed-trust-webinar/?cid=70150000000noHV
Politician uddhav thackeray biography- Full Details
Ponemon - Cost of Failed Trust: Threats and Attacks
1. Cost
of
Failed
Trust:
Attacks
on
Failed
Key
&
Certificate
Management
30
April
2013
2. Today’s
Learning
Objectives
§ How
is
trust
established?
Why
is
trust
the
perfect
target
of
attack?
§ Are
we
losing
control
over
trust?
§ What
new
attack
methods
are
criminals
exploiting?
§ How
widespread
are
these
attacks?
What
is
the
financial
impact?
§
What
strategies
are
available
to
mitigate
risk?
9. Rise
of
Advanced
Persistent
Threats
§ 100%
of
attacks
involved
compromised
credentials
§ Keys
and
certificates
used
as
poison
-‐ Dozens
of
rogue
certificates
identified
-‐ Untold
number
of
keys
and
certificates
stolen
or
misused
10. Keys
and
Certificates
Poisoned
Encryption
&
Authentication
Key
Pairs
Digital
Certificates
12. APT
Target
Recipe
Lack
of
Visibility
Inability
to
Respond
No
awareness
No
monitoring
No
detection
No
controls
No
response
Digital
certificates
Encryption
&
authentication
key
pairs
SSH
keys
13. 2010-‐2011:
Storm
Clouds
Form
Duqu
&
Stuxnet
proved
misuing
keys
and
certificates
effective
to
enabling
attacks
14. 2011-‐2012:
Dangerous
Waves
Attackers
target
Certificate
Authorities:
✘ Comodo
✘ DigiNotar
✘ DigiCert
✘ TurkTrust
-‐ And
probably
more
not
reported…
15. 2013:
All
out
Attack
Criminal
attacking
trust
at
will:
✘ Buster
banking
malware
on
the
loose
in
Brazil
✘ Texas
certificate
signs
Java
malware
in
Germany
✘ 35+
Korean
developer
certificates
enable
aerospace
attacks
✘ New
attacks
being
reported
every
week
16. Microsoft
Sounds
the
Alarm
“PKI
is
under
attack”
Scott
Charney,
Microsoft
@
RSA2013
17. Are
We
Losing
Control?
How
many
keys
&
certificates?
How
widespread
are
attacks?
What
attacks
do
we
expect?
What’s
the
financial
impact?
What’s
the
most
alarming
attack?
What
strategies
can
help?
19. Failed
Cost
of
Trust
Research
First
ever
primary
research
to
measure
and
quantify
impact
of
attacks
on
failed
key
and
certificate
management
Download
now
@
venafi.com/ponemon
20. About
the
Ponemon
Institute
• Found
in
2002
• Leaders
in
privacy
and
IT
security
research
• Perform
global
primary
research
• Promote
thought
leadership
with
Responsible
Information
Management
Council
Presenting
Cost
of
Failed
Trust
research
at
RSA2013
in
San
Francisco
22. How
Big
Is
the
Challenge?
Average number of server keys and
certificates in a Global 2000 organization
17,807
23. Do
We
Have
Control
Over
Trust?
Don’t know how many keys and certificates are
in use by their organization
51%
24. Investigating
the
Financial
Impact
How
do
you
evaluate
cost
of
a
new
emerging
threat?
Possible
Costs
• Incidence
response
• Lost
productivity
• Lost
revenue
• Brand
damage
Expected
Attack
Rate
How
many
attacks
in
next
24months
X
=
RISK
27. Attack
Rates
Weak
crypto
exploit
Server
key
theft
CA
compromise
SSH
attacks
Attacks
over
last
24
months
1.3
0.4
1.1
0.3
Expected
attacks
in
next
24
months
18%
5%
7%
3%
28. Risk
for
Every
Organization
Weak
crypto
exploit
Server
key
theft
CA
compromise
SSH
attacks
Attacks
over
last
24
months
1.3
0.4
1.1
0.3
Expected
attacks
in
next
24
months
18%
5%
7%
3%
Quantified
risk
over
next
24
months
$22M
$6.7M
$4.8M
$2.0M
29. What
Attack
Is
Most
Alarming?
#1
Most
Alarming
Key
&
Certificate
Management
Threat
SSH
Critical
for
establishing
trust
and
control
in
the
cloud
30. How
Could
We
Do
a
Better
Job?
Getting key and certificate management right
first, solves security, operations, and
compliance problems of using encryption
59%
37. A
Strategy
to
Save
Trust
AUTOMATEREPORT &
AUDIT
ESTABLISH
POLICY
DISCOVER
ASSETS
ANALYZE
FOR INSIGHT
CONNECT
PEOPLE
Gain
Visibility
Reduce
Risk
Establish
Control
38. Suggested
Resources
§ NIST’s
“Preparing
&
Respond
to
CA
Compromise”
venafi.com/NIST
§ “Key
&
Certificate
Management
Best
Practices”
venafi.com/best-‐practices/
39. Failed
Cost
of
Trust
Research
First
ever
primary
research
to
measure
and
quantify
impact
of
attacks
on
failed
key
and
certificate
management
Download
now
@
venafi.com/ponemon