IT Security's Dirty Little Secret

1,748 views

Published on

In most cases the average business takes 2 days to respond to an SSH compromise once it's detected; 60% cannot detect new SSH keys introduced onto their networks.

This exclusive new Slideshare provides you with the analysis needed to understand the breach and how it could impact you and your organization.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,748
On SlideShare
0
From Embeds
0
Number of Embeds
324
Actions
Shares
0
Downloads
44
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

IT Security's Dirty Little Secret

  1. 1. Research brought to you by: technology information IT ‘s dirty little SECRET
  2. 2. IT admins are leaving open backdoors–full root access–to almost every server, virtual machine, and cloud service within the enterprise.
  3. 3. SSH ? ? SSH (Secure Shell) is a cryptographic security protocol used to connect administrators and machines. It is used everyday, in every enterprise network. SSH provides full administrator access over encrypted sessions that bypasses network monitoring, perimeter based security solutions, and advanced threat protection systems. SSH keys are not being properly secured and provide unfettered admin access to valuable and sensitive data and valuable intellectual property.
  4. 4. A single SSH-key related security incident can cost U.S. organizations as much as $ 500,000
  5. 5. Payment Systems SSH Healthcare Databases is used to connect to systems such as: Air Traffic Control Systems Cloud infrastructureas-a-service systems
  6. 6. 3 OUT OF 4 ENTERPRISES have no security controls for SSH that provides would-be hackers unfettered, root access. EXP. 1 YEAR EXP. NEVER! IT administrators, not IT security, are responsible for securing and protecting their SSH keys. Unlike digital certificates, SSH keys never expire, leaving backdoors open forever!
  7. 7. 46 % Of organizations are leaving a permanent backdoor open. Never changing SSH keys allows ex-staff and previous attackers to gain access. ***** ***** ***** 60-90 days The average IT user changes their password every 82% YET Either never change their SSH keys or change them, at best, once every 12 months.
  8. 8. ALL OF THIS HAS ALREADY LED TO 51% OF ORGANIZATIONS REPORT BREACHES DUE TO FAILED SSH SECURITY IN THE LAST 24 MONTHS (at least the ones that know)
  9. 9. THE LACK OF IT SECURITY CAPABILITIES MEANS the average enterprise takes almost 2 days to respond to a SSH compromise if it’s detected 60% OF RESPONDENTS REPORTED THAT THEIR ORGANIZATIONS CANNOT DETECT NEW SSH KEYS INTRODUCED ONTO THEIR NETWORKS; relying on administrators to report and track them manually and without oversight.
  10. 10. Only 13% of organizations think IT security should be responsible, continuing the insanity - root administrator access is wide open while IT security is scrambling to stop cybercriminal attacks. It’s no wonder, 76%no systems to secure SSH of enterprises report when using the cloud
  11. 11. IT security can’t tolerate this insanity any more. Root level access and SSH will kill everything else that IT security has worked to build.
  12. 12. CEOs, CIOs, CISOs are tolerating insanity allowing IT admins to run their SSH security and expecting to stay secure.
  13. 13. For more information visit: www.venafi.com/Ponemon

×