SlideShare a Scribd company logo

SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management

Venafi
Venafi

• Learn how SSL/TLS certificates create trust and impact business when they are misused • Review five new SANS 20 CSC 17 requirements for SSL/TLS management • Discover five steps needed to comply with the new requirements • Understand how to build an immune system for your network that identifies what SSL/TLS keys and certificates are “self” and trusted, and which are not and therefore dangerous

Technology
1 of 7
Download to read offline
New SANS 20 Requirements for SSL/TLS Security and Management
SSL/TLS is the foundation of online trust — and it’s now threatened SSL/TLS certificates are used for authentication and authorization applications appliances devices cloud services 23,000 OVER keys and certificates per enterprise —up 34% since 201323,000 SSL/TLS SSL/TLS
But cybercriminals are using rogue or fraudulent SSL/TLS keys and certificates to... Heartbleed POODLE FREAK EXAMPLES Snoop on encrypted communications Bypass security controls, like IDS/IPS, DLP, and NGFW Impersonate legitimate websites
Certificates sold for $1000 each on the black market $1000
NIST has declared that SSL is no longer acceptable to protect data New PCI DSS v3.1 requires TLS 1.1 or higher SANS 20 adds key and certificate requirements to CSC 17: Data Protection Organizations need to secure SSL/TLS to regain online trust The greatest threat is the lack of adherence to security standards
An actionable approach is needed to meet new SANS 20 SSL/TLS key and certificate requirements CSC 17-2: Verify configured to use publicly vetted algorithms CSC 17-3: Identify sensitive information that requires encryption CSC 17-10: Only allow approved certificate authorities (CAs) CSC 17-11: Perform an annual review of algorithms and key lengths CSC 17-14: Define roles, responsibilities, and process lifecycle for key management CSC 17-2: CSC 17-3: CSC 17-10: CSC 17-11: CSC 17-14:
Read the new SANS whitepaper Contact Venafi to help customize the action approach for your organization. Venafi.com/CSC17 Implement SSL/TLS Security for Your Organization Venafi.com/Contact *Filkins, Barbara. SANS. New Critical Security Controls Guidelines for SSL/TLS Management. June 2015.

Recommended

Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss DetectionDigital Shadows
 
Cybersecurity - Keeping Your Business Protected
Cybersecurity - Keeping Your Business ProtectedCybersecurity - Keeping Your Business Protected
Cybersecurity - Keeping Your Business ProtectedRobert E Jones
 
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows
 
Cism certification Alexander Knorr
Cism certification Alexander KnorrCism certification Alexander Knorr
Cism certification Alexander KnorrAlexander Knorr
 
CISA certification - Alexander Knorr
CISA certification - Alexander KnorrCISA certification - Alexander Knorr
CISA certification - Alexander KnorrAlexander Knorr
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?Alejandro Correa Bahnsen, PhD
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk ProtectionDigital Shadows
 

Recommended

Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss DetectionDigital Shadows
 
Cybersecurity - Keeping Your Business Protected
Cybersecurity - Keeping Your Business ProtectedCybersecurity - Keeping Your Business Protected
Cybersecurity - Keeping Your Business ProtectedRobert E Jones
 
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows
 
Cism certification Alexander Knorr
Cism certification Alexander KnorrCism certification Alexander Knorr
Cism certification Alexander KnorrAlexander Knorr
 
CISA certification - Alexander Knorr
CISA certification - Alexander KnorrCISA certification - Alexander Knorr
CISA certification - Alexander KnorrAlexander Knorr
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?Alejandro Correa Bahnsen, PhD
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk ProtectionDigital Shadows
 
Security Essentials Certification
Security Essentials CertificationSecurity Essentials Certification
Security Essentials CertificationSiva Karthi Kalingaraj
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365Arjan Cornelissen
 
cloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinscloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinsCloud Thing
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1eSam Kumarsamy
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
20181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 36520181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 365Arjan Cornelissen
 
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)Alexander Knorr
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Seclore Decrypter For Email
Seclore Decrypter For EmailSeclore Decrypter For Email
Seclore Decrypter For EmailSeclore
 
SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?Rahul Neel Mani
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA SuiteKalyana Sundaram
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersVenafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersVenafi
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicCheapest SSLs
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementDavid Martin
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farceSandra (Sandy) Dunn
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to KnowTrustArc
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL PracticesBrian A. McHenry
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachDr. Ramchandra Mangrulkar
 

More Related Content

What's hot

Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365Arjan Cornelissen
 
cloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinscloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinsCloud Thing
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1eSam Kumarsamy
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
20181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 36520181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 365Arjan Cornelissen
 
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)Alexander Knorr
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Seclore Decrypter For Email
Seclore Decrypter For EmailSeclore Decrypter For Email
Seclore Decrypter For EmailSeclore
 
SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?Rahul Neel Mani
 

What's hot (12)

Security Essentials Certification
Security Essentials CertificationSecurity Essentials Certification
Security Essentials Certification
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365
 
cloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinscloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott Jenkins
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
20181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 36520181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 365
 
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
 
Seclore Decrypter For Email
Seclore Decrypter For EmailSeclore Decrypter For Email
Seclore Decrypter For Email
 
SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA Suite
 

Viewers also liked

Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersVenafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersVenafi
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicCheapest SSLs
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementDavid Martin
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to KnowTrustArc
 

Viewers also liked (9)

Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - Infographic
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farce
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 

Similar to SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management

Secure sockets layer, ssl presentation
Secure sockets layer, ssl presentationSecure sockets layer, ssl presentation
Secure sockets layer, ssl presentationAmjad Bhutto
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateRapidSSLOnline.com
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationAlex Punnen
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLGlobalSign
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates RapidSSLOnline.com
 
The Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesThe Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesCheapSSLsecurity
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet worldjamesbarns729
 
Top SSL Certificate Providers for Your Business
Top SSL Certificate Providers for Your BusinessTop SSL Certificate Providers for Your Business
Top SSL Certificate Providers for Your BusinessClickSSL
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network securityrhassan84
 
Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL CertificateCheapSSLUSA
 
How to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted ThreatsHow to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted ThreatsShain Singh
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerAkhil Nadh PC
 

Similar to SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management (20)

Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
 
Secure sockets layer, ssl presentation
Secure sockets layer, ssl presentationSecure sockets layer, ssl presentation
Secure sockets layer, ssl presentation
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates
 
The Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesThe Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL Certificates
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet world
 
Top SSL Certificate Providers for Your Business
Top SSL Certificate Providers for Your BusinessTop SSL Certificate Providers for Your Business
Top SSL Certificate Providers for Your Business
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL Certificate
 
How to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted ThreatsHow to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted Threats
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
 
3441355 ln motileng_ssl_report
3441355 ln motileng_ssl_report3441355 ln motileng_ssl_report
3441355 ln motileng_ssl_report
 

More from Venafi

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking PointVenafi
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsVenafi
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA GraphicVenafi
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSAVenafi
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case studyVenafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflameVenafi
 

More from Venafi (9)

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking Point
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case study
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 

SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management

  • 1. New SANS 20 Requirements for SSL/TLS Security and Management
  • 2. SSL/TLS is the foundation of online trust — and it’s now threatened SSL/TLS certificates are used for authentication and authorization applications appliances devices cloud services 23,000 OVER keys and certificates per enterprise —up 34% since 201323,000 SSL/TLS SSL/TLS
  • 3. But cybercriminals are using rogue or fraudulent SSL/TLS keys and certificates to... Heartbleed POODLE FREAK EXAMPLES Snoop on encrypted communications Bypass security controls, like IDS/IPS, DLP, and NGFW Impersonate legitimate websites
  • 4. Certificates sold for $1000 each on the black market $1000
  • 5. NIST has declared that SSL is no longer acceptable to protect data New PCI DSS v3.1 requires TLS 1.1 or higher SANS 20 adds key and certificate requirements to CSC 17: Data Protection Organizations need to secure SSL/TLS to regain online trust The greatest threat is the lack of adherence to security standards
  • 6. An actionable approach is needed to meet new SANS 20 SSL/TLS key and certificate requirements CSC 17-2: Verify configured to use publicly vetted algorithms CSC 17-3: Identify sensitive information that requires encryption CSC 17-10: Only allow approved certificate authorities (CAs) CSC 17-11: Perform an annual review of algorithms and key lengths CSC 17-14: Define roles, responsibilities, and process lifecycle for key management CSC 17-2: CSC 17-3: CSC 17-10: CSC 17-11: CSC 17-14:
  • 7. Read the new SANS whitepaper Contact Venafi to help customize the action approach for your organization. Venafi.com/CSC17 Implement SSL/TLS Security for Your Organization Venafi.com/Contact *Filkins, Barbara. SANS. New Critical Security Controls Guidelines for SSL/TLS Management. June 2015.