• Learn how SSL/TLS certificates create trust and impact business when they are misused
• Review five new SANS 20 CSC 17 requirements for SSL/TLS management
• Discover five steps needed to comply with the new requirements
• Understand how to build an immune system for your network that identifies what SSL/TLS keys and certificates are “self” and trusted, and which are not and therefore dangerous
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management
1. New SANS 20 Requirements
for SSL/TLS Security and Management
2. SSL/TLS
is the foundation of online trust
— and it’s now threatened
SSL/TLS certificates are used for
authentication and authorization
applications appliances devices cloud
services
23,000
OVER
keys and certificates per enterprise
—up 34% since 201323,000
SSL/TLS
SSL/TLS
3. But cybercriminals are using rogue or fraudulent
SSL/TLS keys and certificates to...
Heartbleed
POODLE
FREAK
EXAMPLES
Snoop on encrypted
communications
Bypass security
controls, like IDS/IPS,
DLP, and NGFW
Impersonate
legitimate websites
5. NIST has declared that SSL is no
longer acceptable to protect data
New PCI DSS v3.1 requires TLS 1.1
or higher
SANS 20 adds key and certificate
requirements to CSC 17: Data
Protection
Organizations need to secure SSL/TLS
to regain online trust
The greatest threat is the lack of adherence
to security standards
6. An actionable approach is needed
to meet new SANS 20 SSL/TLS key and certificate requirements
CSC 17-2: Verify configured to use publicly vetted algorithms
CSC 17-3: Identify sensitive information that requires encryption
CSC 17-10: Only allow approved certificate authorities (CAs)
CSC 17-11: Perform an annual review of algorithms and
key lengths
CSC 17-14: Define roles, responsibilities, and process
lifecycle for key management
CSC 17-2:
CSC 17-3:
CSC 17-10:
CSC 17-11:
CSC 17-14:
7. Read the new SANS whitepaper
Contact Venafi to help customize the action
approach for your organization.
Venafi.com/CSC17
Implement SSL/TLS Security for
Your Organization
Venafi.com/Contact
*Filkins, Barbara. SANS. New Critical Security Controls Guidelines for SSL/TLS Management. June 2015.