SlideShare une entreprise Scribd logo

Ponemon - Cost of Failed Trust: Threats and Attacks

Venafi
Venafi

Every enterprise is exposed to losing up to $400 million over two years from attacks against cryptographic keys and digital certificates—yet few enterprises are managing these critical resources, which are the foundation of trust. The “Cost of Failed Trust” on demand webinar reveals new threats and challenges, and quantifies the costs of key and certificate management security failures. View the on-demand webinar at http://www.venafi.com/cost-of-failed-trust-webinar/?cid=70150000000noHV

Actualités & Politique
1  sur  41
Télécharger pour lire hors ligne
Cost  of  Failed  Trust:   Attacks  on  Failed  Key  &  Certificate  Management     30  April  2013  
Today’s  Learning  Objectives   §  How  is  trust  established?    Why  is  trust  the  perfect   target  of  attack?     §  Are  we  losing  control  over  trust?     §  What  new  attack  methods  are  criminals  exploiting?     §  How  widespread  are  these  attacks?  What  is  the   financial  impact?     §   What  strategies  are  available  to  mitigate  risk?  
Today’s  Presenters   Jeff  Hudson   CEO     Larry  Ponemon   Chairman  &  Founder  
Jeff  Hudson   Poisoning  Trust  
How  is  Trust  Established?    
Reality  of  Establishing  Trust  Today  
How  Do  We  Establish  Trust?   Encryption  &   Authentication   Key  Pairs   Digital   Certificates  
How  Do  We  Rely  On  Key  &  Certificates?    
Rise  of  Advanced  Persistent  Threats   §  100%  of  attacks  involved   compromised  credentials   §  Keys  and  certificates  used   as  poison   -­‐  Dozens  of  rogue   certificates  identified   -­‐  Untold  number  of  keys   and    certificates  stolen   or  misused  
Keys  and  Certificates  Poisoned   Encryption  &   Authentication   Key  Pairs   Digital   Certificates  
APT  Target  Recipe   Lack  of   Visibility   Inability  to   Respond  
APT  Target  Recipe   Lack  of   Visibility   Inability  to   Respond   No  awareness   No  monitoring   No  detection   No  controls   No  response   Digital   certificates  Encryption  &   authentication   key  pairs   SSH  keys  
2010-­‐2011:  Storm  Clouds  Form   Duqu  &  Stuxnet  proved   misuing  keys  and   certificates  effective  to   enabling  attacks    
2011-­‐2012:  Dangerous  Waves   Attackers  target   Certificate  Authorities:   ✘ Comodo   ✘ DigiNotar   ✘ DigiCert   ✘ TurkTrust   -­‐  And  probably  more  not   reported…    
2013:  All  out  Attack   Criminal  attacking  trust  at   will:   ✘ Buster  banking  malware   on  the  loose  in  Brazil   ✘ Texas  certificate  signs   Java  malware  in  Germany   ✘ 35+  Korean  developer   certificates  enable   aerospace  attacks   ✘  New  attacks  being  reported  every   week    
Microsoft  Sounds  the  Alarm   “PKI  is  under  attack”   Scott  Charney,  Microsoft  @  RSA2013    
Are  We  Losing  Control?   How  many   keys  &   certificates?   How   widespread  are  attacks?     What  attacks   do  we  expect?     What’s  the  financial  impact?   What’s  the  most   alarming  attack?   What   strategies  can   help?    
Dr.  Larry  Ponemon   Cost  of  Failed  Trust  
Failed  Cost  of  Trust  Research   First  ever  primary   research  to  measure  and   quantify  impact  of   attacks  on  failed  key  and   certificate  management     Download  now  @     venafi.com/ponemon    
About  the  Ponemon  Institute   •  Found  in  2002   •  Leaders  in  privacy  and  IT  security   research   •  Perform  global  primary  research   •  Promote  thought  leadership  with   Responsible  Information   Management  Council   Presenting  Cost  of  Failed  Trust  research  at   RSA2013  in  San  Francisco  
A  Global  Perspective   67%  from  organizations  with  over  10,000  employees  
How  Big  Is  the  Challenge?   Average number of server keys and certificates in a Global 2000 organization 17,807
Do  We  Have  Control  Over  Trust?   Don’t know how many keys and certificates are in use by their organization 51%
Investigating  the  Financial  Impact   How  do  you  evaluate  cost  of  a  new  emerging  threat?     Possible  Costs   •  Incidence  response   •  Lost  productivity   •  Lost  revenue   •  Brand  damage   Expected   Attack  Rate     How  many   attacks  in  next   24months   X   =   RISK  
Trust  Exploits  Investigated   CA compromise SSH attacks Key theftWeak crypto
What’s  the  Size  of  The  Problem?  
Attack  Rates   Weak  crypto   exploit   Server  key   theft   CA   compromise     SSH  attacks   Attacks  over   last  24  months   1.3   0.4   1.1   0.3   Expected   attacks  in  next   24  months   18%   5%   7%   3%  
Risk  for  Every  Organization   Weak  crypto   exploit   Server  key   theft   CA   compromise     SSH  attacks   Attacks  over  last   24  months   1.3   0.4   1.1   0.3   Expected   attacks  in  next   24  months   18%   5%   7%   3%   Quantified  risk   over  next  24   months   $22M   $6.7M   $4.8M   $2.0M  
What  Attack  Is  Most  Alarming?   #1 Most  Alarming   Key  &  Certificate   Management   Threat   SSH Critical  for   establishing  trust   and  control  in  the   cloud  
How  Could  We  Do  a  Better  Job?   Getting key and certificate management right first, solves security, operations, and compliance problems of using encryption 59%
Jeff  Hudson   Saving  Trust  
Would  You  Allow  this  Today?     No  Visibility   17,000+   open  ports,   but  not   sure   No  Control   Can’t  set   policies,   respond  to   attacks  
Poison  on  Your  Network?   No  Visibility   17,000+   keys  and   certificates,   but  not  sure   No  Control   Can’t  set   policies,   respond  to   attacks  
Would  You  Allow  this  Today?     No  Visibility   17,000+   userids  and   passwords,   but  not   sure   No  Control   Can’t  set   policies,   respond  to   attacks  
Poison  on  Your  Network?   No  Visibility   17,000+   userids  and   passwords,   but  not  sure   No  Control   Can’t  set   policies,   respond  to   attacks  
Strategies  to  Regain  Control  
A  Strategy  to  Save  Trust   AUTOMATEREPORT & AUDIT ESTABLISH POLICY DISCOVER ASSETS ANALYZE FOR INSIGHT CONNECT PEOPLE Gain  Visibility   Reduce  Risk   Establish  Control  
Suggested  Resources   §  NIST’s  “Preparing  &  Respond   to  CA  Compromise”     venafi.com/NIST   §  “Key  &  Certificate   Management  Best  Practices”   venafi.com/best-­‐practices/        
Failed  Cost  of  Trust  Research   First  ever  primary   research  to  measure  and   quantify  impact  of   attacks  on  failed  key  and   certificate  management     Download  now  @     venafi.com/ponemon    
Q&A  
Download  your  copy  of  Cost  of  Failed  Trust   research  at  venafi.com/ponemon   Thank  You  

Recommandé

Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
Expanding your Blue Team by Creating Security Culture
Expanding your Blue Team by Creating Security CultureExpanding your Blue Team by Creating Security Culture
Expanding your Blue Team by Creating Security Culture
Priyanka Aash
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Berezha Security Group
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Berezha Security Group
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cyber Solutions
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber Data
Phil Huggins FBCS CITP
 

Recommandé

Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
Expanding your Blue Team by Creating Security Culture
Expanding your Blue Team by Creating Security CultureExpanding your Blue Team by Creating Security Culture
Expanding your Blue Team by Creating Security Culture
Priyanka Aash
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
Ransomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your CompanyRansomware Has Evolved And So Should Your Company
Ransomware Has Evolved And So Should Your Company
Veriato
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Berezha Security Group
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Berezha Security Group
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost AlertsHexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
Hexis Cyber Solutions
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber Data
Phil Huggins FBCS CITP
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
Yasser Mohammed
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
 
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based AttacksESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
Proofpoint
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
Brendon Macaraeg
 
Blue Coat Infographic: Proactive Incident response
Blue Coat Infographic: Proactive Incident response Blue Coat Infographic: Proactive Incident response
Blue Coat Infographic: Proactive Incident response
Meriann Muraoka
 
Incident response
Incident responseIncident response
Incident response
bluecoatss
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Proofpoint
 
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned.
Proofpoint
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
Phil Huggins FBCS CITP
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationReinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Proofpoint
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
Morane Decriem
 
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
CMR WORLD TECH
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the Headlines
Duo Security
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?
PECB
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
The July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeThe July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk Landscape
Craig McGill
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
Shawn Tuma
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
David Martin
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Venafi
 

Contenu connexe

Tendances

EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
Yasser Mohammed
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
 
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based AttacksESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
Proofpoint
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
Brendon Macaraeg
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
CrowdStrike
 
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned.
Proofpoint
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
TechWell
 
CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?
PECB
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 

Tendances (20)

EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based AttacksESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks
 
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident ResponseCrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
CrowdStrike Webinar: Taking Dwell-Time Out of Incident Response
 
Blue Coat Infographic: Proactive Incident response
Blue Coat Infographic: Proactive Incident response Blue Coat Infographic: Proactive Incident response
Blue Coat Infographic: Proactive Incident response
 
Incident response
Incident responseIncident response
Incident response
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
 
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned. Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned.
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test Professionals
 
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital TransformationReinforcing the Revolution: The Promise and Perils of Digital Transformation
Reinforcing the Revolution: The Promise and Perils of Digital Transformation
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
DDOS OCTOBER 2015 NEUSTAR DDOS ATTACKS & PROTECTION REPORT: NORTH AMERICA & E...
 
Security Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the HeadlinesSecurity Fact & Fiction: Three Lessons from the Headlines
Security Fact & Fiction: Three Lessons from the Headlines
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?CASE STUDY: How to Defend the Compromised Network?
CASE STUDY: How to Defend the Compromised Network?
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
The July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeThe July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk Landscape
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 

En vedette

Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
David Martin
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
Venafi
 
Trojans
TrojansTrojans
Trojans
Saurabh Giratkar
 
Certificate authorities under attack :A
Certificate authorities under attack :ACertificate authorities under attack :A
Certificate authorities under attack :A
Saurabh Giratkar
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
centralohioissa
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
Frank Lesniak
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
Svetlin Nakov
 

En vedette (20)

Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - Infographic
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farce
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
 
Trojans
TrojansTrojans
Trojans
 
Certificate authorities under attack :A
Certificate authorities under attack :ACertificate authorities under attack :A
Certificate authorities under attack :A
 
Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?Kent King - PKI: Do You Know Your Exposure?
Kent King - PKI: Do You Know Your Exposure?
 
HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)HẠ TẦNG KHÓA CÔNG KHAI(PKI)
HẠ TẦNG KHÓA CÔNG KHAI(PKI)
 
Tutorial membuat Public Key Infrastructure
Tutorial membuat Public Key InfrastructureTutorial membuat Public Key Infrastructure
Tutorial membuat Public Key Infrastructure
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Securing your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security BaselinesSecuring your Windows Network with the Microsoft Security Baselines
Securing your Windows Network with the Microsoft Security Baselines
 
Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2Implementing a Secure and Effective PKI on Windows Server 2012 R2
Implementing a Secure and Effective PKI on Windows Server 2012 R2
 
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
B.Noviansyah - “National Public Key Infrastructure: Friend or Foe?"
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
Introduction To PKI Technology
Introduction To PKI TechnologyIntroduction To PKI Technology
Introduction To PKI Technology
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Pki for dummies
Pki for dummiesPki for dummies
Pki for dummies
 

Similaire à Ponemon - Cost of Failed Trust: Threats and Attacks

How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
BeyondTrust
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Qualys
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
Melbourne IT
 

Similaire à Ponemon - Cost of Failed Trust: Threats and Attacks (20)

Quantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal DataQuantifying Cyber Risk, Insurance and The Value of Personal Data
Quantifying Cyber Risk, Insurance and The Value of Personal Data
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022100+ Cyber Security Interview Questions and Answers in 2022
100+ Cyber Security Interview Questions and Answers in 2022
 
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveySecurity Whack-a-Mole: SANS 2017 Threat Landscape Survey
Security Whack-a-Mole: SANS 2017 Threat Landscape Survey
 
Learn Why to Hire Certified Ethical Hackers USA.pptx
Learn Why to Hire Certified Ethical Hackers USA.pptxLearn Why to Hire Certified Ethical Hackers USA.pptx
Learn Why to Hire Certified Ethical Hackers USA.pptx
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
Combating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdfCombating Cyber Crimes Proactively.pdf
Combating Cyber Crimes Proactively.pdf
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Strengthening Caribbean Business against Cyber Attacks May 18.pdf
Strengthening Caribbean Business against Cyber Attacks May 18.pdfStrengthening Caribbean Business against Cyber Attacks May 18.pdf
Strengthening Caribbean Business against Cyber Attacks May 18.pdf
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
"Navigate the MDR Marketplace Like a Pro!"
"Navigate the MDR Marketplace Like a Pro!" "Navigate the MDR Marketplace Like a Pro!"
"Navigate the MDR Marketplace Like a Pro!"
 
Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
securityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdfsecurityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdf
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 

Plus de Venafi

How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
Venafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
Venafi
 

Plus de Venafi (10)

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking Point
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case study
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
 

Dernier

Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Delhi Call girls
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 48 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 48 (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 48 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 48 (Gurgaon)
Delhi Call girls
 
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
PsychicRuben LoveSpells
 
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
Delhi Call girls
 
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
Andy (Avraham) Blumenthal
 
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
Faga1939
 
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
hyt3577
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Palam Vihar (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Palam Vihar (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Palam Vihar (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Palam Vihar (Gurgaon)
Delhi Call girls
 

Dernier (20)

05052024_First India Newspaper Jaipur.pdf
05052024_First India Newspaper Jaipur.pdf05052024_First India Newspaper Jaipur.pdf
05052024_First India Newspaper Jaipur.pdf
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 46 (Gurgaon)
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 48 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 48 (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 48 (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Gurgaon Sector 48 (Gurgaon)
 
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's DevelopmentNara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
 
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
 
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...
KING VISHNU BHAGWANON KA BHAGWAN PARAMATMONKA PARATOMIC PARAMANU KASARVAMANVA...
 
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...
*Navigating Electoral Terrain: TDP's Performance under N Chandrababu Naidu's ...
 
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Phoenix, AZ (310) 882-6330 Bring Back Lost Lover
 
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Chaura Sector 22 ( Noida)
 
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
America Is the Target; Israel Is the Front Line _ Andy Blumenthal _ The Blogs...
 
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
THE OBSTACLES THAT IMPEDE THE DEVELOPMENT OF BRAZIL IN THE CONTEMPORARY ERA A...
 
China's soft power in 21st century .pptx
China's soft power in 21st century .pptxChina's soft power in 21st century .pptx
China's soft power in 21st century .pptx
 
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
{Qatar{^🚀^(+971558539980**}})Abortion Pills for Sale in Dubai. .abu dhabi, sh...
 
Enjoy Night ≽ 8448380779 ≼ Call Girls In Palam Vihar (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Palam Vihar (Gurgaon)Enjoy Night ≽ 8448380779 ≼ Call Girls In Palam Vihar (Gurgaon)
Enjoy Night ≽ 8448380779 ≼ Call Girls In Palam Vihar (Gurgaon)
 
06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdf06052024_First India Newspaper Jaipur.pdf
06052024_First India Newspaper Jaipur.pdf
 
422524114-Patriarchy-Kamla-Bhasin gg.pdf
422524114-Patriarchy-Kamla-Bhasin gg.pdf422524114-Patriarchy-Kamla-Bhasin gg.pdf
422524114-Patriarchy-Kamla-Bhasin gg.pdf
 
Group_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the tradeGroup_5_US-China Trade War to understand the trade
Group_5_US-China Trade War to understand the trade
 
Politician uddhav thackeray biography- Full Details
Politician uddhav thackeray biography- Full DetailsPolitician uddhav thackeray biography- Full Details
Politician uddhav thackeray biography- Full Details
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
 

Ponemon - Cost of Failed Trust: Threats and Attacks

  • 1. Cost  of  Failed  Trust:   Attacks  on  Failed  Key  &  Certificate  Management     30  April  2013  
  • 2. Today’s  Learning  Objectives   §  How  is  trust  established?    Why  is  trust  the  perfect   target  of  attack?     §  Are  we  losing  control  over  trust?     §  What  new  attack  methods  are  criminals  exploiting?     §  How  widespread  are  these  attacks?  What  is  the   financial  impact?     §   What  strategies  are  available  to  mitigate  risk?  
  • 3. Today’s  Presenters   Jeff  Hudson   CEO     Larry  Ponemon   Chairman  &  Founder  
  • 5. How  is  Trust  Established?    
  • 6. Reality  of  Establishing  Trust  Today  
  • 7. How  Do  We  Establish  Trust?   Encryption  &   Authentication   Key  Pairs   Digital   Certificates  
  • 8. How  Do  We  Rely  On  Key  &  Certificates?    
  • 9. Rise  of  Advanced  Persistent  Threats   §  100%  of  attacks  involved   compromised  credentials   §  Keys  and  certificates  used   as  poison   -­‐  Dozens  of  rogue   certificates  identified   -­‐  Untold  number  of  keys   and    certificates  stolen   or  misused  
  • 10. Keys  and  Certificates  Poisoned   Encryption  &   Authentication   Key  Pairs   Digital   Certificates  
  • 11. APT  Target  Recipe   Lack  of   Visibility   Inability  to   Respond  
  • 12. APT  Target  Recipe   Lack  of   Visibility   Inability  to   Respond   No  awareness   No  monitoring   No  detection   No  controls   No  response   Digital   certificates  Encryption  &   authentication   key  pairs   SSH  keys  
  • 13. 2010-­‐2011:  Storm  Clouds  Form   Duqu  &  Stuxnet  proved   misuing  keys  and   certificates  effective  to   enabling  attacks    
  • 14. 2011-­‐2012:  Dangerous  Waves   Attackers  target   Certificate  Authorities:   ✘ Comodo   ✘ DigiNotar   ✘ DigiCert   ✘ TurkTrust   -­‐  And  probably  more  not   reported…    
  • 15. 2013:  All  out  Attack   Criminal  attacking  trust  at   will:   ✘ Buster  banking  malware   on  the  loose  in  Brazil   ✘ Texas  certificate  signs   Java  malware  in  Germany   ✘ 35+  Korean  developer   certificates  enable   aerospace  attacks   ✘  New  attacks  being  reported  every   week    
  • 16. Microsoft  Sounds  the  Alarm   “PKI  is  under  attack”   Scott  Charney,  Microsoft  @  RSA2013    
  • 17. Are  We  Losing  Control?   How  many   keys  &   certificates?   How   widespread  are  attacks?     What  attacks   do  we  expect?     What’s  the  financial  impact?   What’s  the  most   alarming  attack?   What   strategies  can   help?    
  • 18. Dr.  Larry  Ponemon   Cost  of  Failed  Trust  
  • 19. Failed  Cost  of  Trust  Research   First  ever  primary   research  to  measure  and   quantify  impact  of   attacks  on  failed  key  and   certificate  management     Download  now  @     venafi.com/ponemon    
  • 20. About  the  Ponemon  Institute   •  Found  in  2002   •  Leaders  in  privacy  and  IT  security   research   •  Perform  global  primary  research   •  Promote  thought  leadership  with   Responsible  Information   Management  Council   Presenting  Cost  of  Failed  Trust  research  at   RSA2013  in  San  Francisco  
  • 21. A  Global  Perspective   67%  from  organizations  with  over  10,000  employees  
  • 22. How  Big  Is  the  Challenge?   Average number of server keys and certificates in a Global 2000 organization 17,807
  • 23. Do  We  Have  Control  Over  Trust?   Don’t know how many keys and certificates are in use by their organization 51%
  • 24. Investigating  the  Financial  Impact   How  do  you  evaluate  cost  of  a  new  emerging  threat?     Possible  Costs   •  Incidence  response   •  Lost  productivity   •  Lost  revenue   •  Brand  damage   Expected   Attack  Rate     How  many   attacks  in  next   24months   X   =   RISK  
  • 25. Trust  Exploits  Investigated   CA compromise SSH attacks Key theftWeak crypto
  • 26. What’s  the  Size  of  The  Problem?  
  • 27. Attack  Rates   Weak  crypto   exploit   Server  key   theft   CA   compromise     SSH  attacks   Attacks  over   last  24  months   1.3   0.4   1.1   0.3   Expected   attacks  in  next   24  months   18%   5%   7%   3%  
  • 28. Risk  for  Every  Organization   Weak  crypto   exploit   Server  key   theft   CA   compromise     SSH  attacks   Attacks  over  last   24  months   1.3   0.4   1.1   0.3   Expected   attacks  in  next   24  months   18%   5%   7%   3%   Quantified  risk   over  next  24   months   $22M   $6.7M   $4.8M   $2.0M  
  • 29. What  Attack  Is  Most  Alarming?   #1 Most  Alarming   Key  &  Certificate   Management   Threat   SSH Critical  for   establishing  trust   and  control  in  the   cloud  
  • 30. How  Could  We  Do  a  Better  Job?   Getting key and certificate management right first, solves security, operations, and compliance problems of using encryption 59%
  • 32. Would  You  Allow  this  Today?     No  Visibility   17,000+   open  ports,   but  not   sure   No  Control   Can’t  set   policies,   respond  to   attacks  
  • 33. Poison  on  Your  Network?   No  Visibility   17,000+   keys  and   certificates,   but  not  sure   No  Control   Can’t  set   policies,   respond  to   attacks  
  • 34. Would  You  Allow  this  Today?     No  Visibility   17,000+   userids  and   passwords,   but  not   sure   No  Control   Can’t  set   policies,   respond  to   attacks  
  • 35. Poison  on  Your  Network?   No  Visibility   17,000+   userids  and   passwords,   but  not  sure   No  Control   Can’t  set   policies,   respond  to   attacks  
  • 36. Strategies  to  Regain  Control  
  • 37. A  Strategy  to  Save  Trust   AUTOMATEREPORT & AUDIT ESTABLISH POLICY DISCOVER ASSETS ANALYZE FOR INSIGHT CONNECT PEOPLE Gain  Visibility   Reduce  Risk   Establish  Control  
  • 38. Suggested  Resources   §  NIST’s  “Preparing  &  Respond   to  CA  Compromise”     venafi.com/NIST   §  “Key  &  Certificate   Management  Best  Practices”   venafi.com/best-­‐practices/        
  • 39. Failed  Cost  of  Trust  Research   First  ever  primary   research  to  measure  and   quantify  impact  of   attacks  on  failed  key  and   certificate  management     Download  now  @     venafi.com/ponemon    
  • 41. Download  your  copy  of  Cost  of  Failed  Trust   research  at  venafi.com/ponemon   Thank  You