SlideShare une entreprise Scribd logo

SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management

Venafi
Venafi

• Learn how SSL/TLS certificates create trust and impact business when they are misused • Review five new SANS 20 CSC 17 requirements for SSL/TLS management • Discover five steps needed to comply with the new requirements • Understand how to build an immune system for your network that identifies what SSL/TLS keys and certificates are “self” and trusted, and which are not and therefore dangerous

Technologie
1  sur  7
Télécharger pour lire hors ligne
New SANS 20 Requirements for SSL/TLS Security and Management
SSL/TLS is the foundation of online trust — and it’s now threatened SSL/TLS certificates are used for authentication and authorization applications appliances devices cloud services 23,000 OVER keys and certificates per enterprise —up 34% since 201323,000 SSL/TLS SSL/TLS
But cybercriminals are using rogue or fraudulent SSL/TLS keys and certificates to... Heartbleed POODLE FREAK EXAMPLES Snoop on encrypted communications Bypass security controls, like IDS/IPS, DLP, and NGFW Impersonate legitimate websites
Certificates sold for $1000 each on the black market $1000
NIST has declared that SSL is no longer acceptable to protect data New PCI DSS v3.1 requires TLS 1.1 or higher SANS 20 adds key and certificate requirements to CSC 17: Data Protection Organizations need to secure SSL/TLS to regain online trust The greatest threat is the lack of adherence to security standards
An actionable approach is needed to meet new SANS 20 SSL/TLS key and certificate requirements CSC 17-2: Verify configured to use publicly vetted algorithms CSC 17-3: Identify sensitive information that requires encryption CSC 17-10: Only allow approved certificate authorities (CAs) CSC 17-11: Perform an annual review of algorithms and key lengths CSC 17-14: Define roles, responsibilities, and process lifecycle for key management CSC 17-2: CSC 17-3: CSC 17-10: CSC 17-11: CSC 17-14:
Read the new SANS whitepaper Contact Venafi to help customize the action approach for your organization. Venafi.com/CSC17 Implement SSL/TLS Security for Your Organization Venafi.com/Contact *Filkins, Barbara. SANS. New Critical Security Controls Guidelines for SSL/TLS Management. June 2015.

Recommandé

Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss Detection
Digital Shadows
 
Cybersecurity - Keeping Your Business Protected
Cybersecurity - Keeping Your Business ProtectedCybersecurity - Keeping Your Business Protected
Cybersecurity - Keeping Your Business Protected
Robert E Jones
 
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
Digital Shadows
 
Cism certification Alexander Knorr
Cism certification Alexander KnorrCism certification Alexander Knorr
Cism certification Alexander Knorr
Alexander Knorr
 
CISA certification - Alexander Knorr
CISA certification - Alexander KnorrCISA certification - Alexander Knorr
CISA certification - Alexander Knorr
Alexander Knorr
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
Alejandro Correa Bahnsen, PhD
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
Digital Shadows
 

Recommandé

Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss Detection
Digital Shadows
 
Cybersecurity - Keeping Your Business Protected
Cybersecurity - Keeping Your Business ProtectedCybersecurity - Keeping Your Business Protected
Cybersecurity - Keeping Your Business Protected
Robert E Jones
 
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
Digital Shadows
 
Cism certification Alexander Knorr
Cism certification Alexander KnorrCism certification Alexander Knorr
Cism certification Alexander Knorr
Alexander Knorr
 
CISA certification - Alexander Knorr
CISA certification - Alexander KnorrCISA certification - Alexander Knorr
CISA certification - Alexander Knorr
Alexander Knorr
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
Alejandro Correa Bahnsen, PhD
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
Digital Shadows
 
Security Essentials Certification
Security Essentials CertificationSecurity Essentials Certification
Security Essentials Certification
Siva Karthi Kalingaraj
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
Seclore
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365
Arjan Cornelissen
 
cloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinscloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott Jenkins
Cloud Thing
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
Sam Kumarsamy
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
Seclore
 
20181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 36520181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 365
Arjan Cornelissen
 
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)
Alexander Knorr
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
SafeNet
 
Seclore Decrypter For Email
Seclore Decrypter For EmailSeclore Decrypter For Email
Seclore Decrypter For Email
Seclore
 
SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?
Rahul Neel Mani
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA Suite
Kalyana Sundaram
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Venafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
Venafi
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - Infographic
Cheapest SSLs
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
David Martin
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
Venafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Venafi
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farce
Sandra (Sandy) Dunn
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know
TrustArc
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
 
Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
Dr. Ramchandra Mangrulkar
 

Contenu connexe

Tendances

bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
Sam Kumarsamy
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
SafeNet
 

Tendances (12)

Security Essentials Certification
Security Essentials CertificationSecurity Essentials Certification
Security Essentials Certification
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365
 
cloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinscloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott Jenkins
 
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1ebcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
bcs_sb_TechPartner_SSLVisibility_Venafi_EN_v1e
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
20181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 36520181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 365
 
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Systems Auditor (CISA)
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
 
Seclore Decrypter For Email
Seclore Decrypter For EmailSeclore Decrypter For Email
Seclore Decrypter For Email
 
SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?SafeNet: Don't Leave It to Luck: What am I Not Doing?
SafeNet: Don't Leave It to Luck: What am I Not Doing?
 
eMCA Suite
eMCA SuiteeMCA Suite
eMCA Suite
 

En vedette

Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
Venafi
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
David Martin
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know
TrustArc
 

En vedette (9)

Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 
Business Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - InfographicBusiness Critical SSL Certificate Management - Infographic
Business Critical SSL Certificate Management - Infographic
 
Symantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate ManagementSymantec Infogrphic - SSL Certificate Management
Symantec Infogrphic - SSL Certificate Management
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
 
Presentation2 certificate farce
Presentation2 certificate farcePresentation2 certificate farce
Presentation2 certificate farce
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 

Similaire à SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management

PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 

Similaire à SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management (20)

Lecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security BreachLecture #22 : Web Privacy & Security Breach
Lecture #22 : Web Privacy & Security Breach
 
Secure sockets layer, ssl presentation
Secure sockets layer, ssl presentationSecure sockets layer, ssl presentation
Secure sockets layer, ssl presentation
 
Lecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLSLecture #21: HTTPS , SSL & TLS
Lecture #21: HTTPS , SSL & TLS
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
 
computer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentationcomputer-security-and-cryptography-a-simple-presentation
computer-security-and-cryptography-a-simple-presentation
 
White paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSLWhite paper - Full SSL automation with OneClickSSL
White paper - Full SSL automation with OneClickSSL
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
The Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesThe Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL Certificates
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates
 
Ssl certificate in internet world
Ssl certificate in internet worldSsl certificate in internet world
Ssl certificate in internet world
 
Top SSL Certificate Providers for Your Business
Top SSL Certificate Providers for Your BusinessTop SSL Certificate Providers for Your Business
Top SSL Certificate Providers for Your Business
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Impact of digital certificate in network security
Impact of digital certificate in network securityImpact of digital certificate in network security
Impact of digital certificate in network security
 
Details about the SSL Certificate
Details about the SSL CertificateDetails about the SSL Certificate
Details about the SSL Certificate
 
How to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted ThreatsHow to Gain Visibility into Encrypted Threats
How to Gain Visibility into Encrypted Threats
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Web Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket LayerWeb Security and SSL - Secure Socket Layer
Web Security and SSL - Secure Socket Layer
 
3441355 ln motileng_ssl_report
3441355 ln motileng_ssl_report3441355 ln motileng_ssl_report
3441355 ln motileng_ssl_report
 

Plus de Venafi

How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
Venafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
Venafi
 

Plus de Venafi (9)

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking Point
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
RSAC2013 CME Group case study
RSAC2013 CME Group case studyRSAC2013 CME Group case study
RSAC2013 CME Group case study
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflame
 

Dernier

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Management

  • 1. New SANS 20 Requirements for SSL/TLS Security and Management
  • 2. SSL/TLS is the foundation of online trust — and it’s now threatened SSL/TLS certificates are used for authentication and authorization applications appliances devices cloud services 23,000 OVER keys and certificates per enterprise —up 34% since 201323,000 SSL/TLS SSL/TLS
  • 3. But cybercriminals are using rogue or fraudulent SSL/TLS keys and certificates to... Heartbleed POODLE FREAK EXAMPLES Snoop on encrypted communications Bypass security controls, like IDS/IPS, DLP, and NGFW Impersonate legitimate websites
  • 4. Certificates sold for $1000 each on the black market $1000
  • 5. NIST has declared that SSL is no longer acceptable to protect data New PCI DSS v3.1 requires TLS 1.1 or higher SANS 20 adds key and certificate requirements to CSC 17: Data Protection Organizations need to secure SSL/TLS to regain online trust The greatest threat is the lack of adherence to security standards
  • 6. An actionable approach is needed to meet new SANS 20 SSL/TLS key and certificate requirements CSC 17-2: Verify configured to use publicly vetted algorithms CSC 17-3: Identify sensitive information that requires encryption CSC 17-10: Only allow approved certificate authorities (CAs) CSC 17-11: Perform an annual review of algorithms and key lengths CSC 17-14: Define roles, responsibilities, and process lifecycle for key management CSC 17-2: CSC 17-3: CSC 17-10: CSC 17-11: CSC 17-14:
  • 7. Read the new SANS whitepaper Contact Venafi to help customize the action approach for your organization. Venafi.com/CSC17 Implement SSL/TLS Security for Your Organization Venafi.com/Contact *Filkins, Barbara. SANS. New Critical Security Controls Guidelines for SSL/TLS Management. June 2015.