How to fix keys and certificates after a data breach
Fri, 21/10/2022 – 12:50
Quick action is required when resolving an attack. Trust-based attacks are some of the worst because the adversary has trusted status on the network and can set up backdoors for consistent access. The next generation Protection of trust helps organizations deal with trust-based attacks faster than other techniques, reducing the overall impact on the organization.
Identify the impact
When resolving a breach, it is essential to understand which systems were affected. For example, if the breach is confirmed to be exploiting SSH, any system accessible via SSH and all SSH keys should be counted in the network. By establishing a comprehensible understanding of SSH usage in the enterprise, the process of identifying impact is greatly improved. This is true for all types of key and certificate compromises, including those used for SSL, SSH, mobile, and authentication. This is only possible with full visibility and a full inventory of all machine identities on your network, which a machine identity control plan can help you achieve.
Take immediate action
Once an infraction is confirmed, the countdown begins. Adversaries assume they will be discovered quickly and constantly take countermeasures to avoid being denied access to the environment. With a trust-based attack, this would involve inserting rogue keys and certificates that allow future access. As with the rotation of user passwords, keys and certificates must also be replaced and fake ones removed in an expedited manner, and this must be done faster than an adversary can add new ones.
Validate the correction
Once the remediation of a breach is complete and credentials such as keys and certificates have been replaced, it is critical to validate that the remediation process was successful. A compromised credential can lead to a continuous breach because the adversary still has access to it. By cross-referencing the breach report with the remediation report, organizations can be confident that their remediation process was successful.
While these are the best steps you can take to restore your organization’s security after a data breach, why wait for a catastrophic event to take protecting your machine identities seriously! The Venafi control plane for machine identities reduces the complexity of managing all machine identities across your enterprise. Complete network visibility is just one of the many benefits of this platform. Want to see for yourself? Click below for a 30-day free trial and start your digital transformation today!
Did you know that over 65% of Global 2000 organizations take one or more days to respond to a trust-based attack that has infiltrated the corporate network? When it comes to remediating an attack on the business, the longer it takes to fix the flaw, the more time cybercriminals will have to set up backdoors and steal more data, which means that the damage will be even worse!
In the unfortunate event of a data breach, there are 3 steps to follow immediately until a full fix is achieved:
Reducing the time required to identify all systems impacted by a breach is paramount
Fixing a Breach Quickly Requires Quick Action
Fix includes validation that the adversary still does not have network access
Even when detected, it is often very difficult to remove an adversary’s access from the network. They thrive on the fact that most Global 2000 organizations lack a clear understanding of key and certificate security. Heartbleed is a good example.
Months after the discovery of the vulnerability, the majority of Global 2000 organizations had only partially remedied Heartbleed. Why? Because they haven’t fully understood the consequences of not replacing all keys and certificates, as recommended by industry experts. The results were catastrophic. Organizations need to be able to immediately respond to all breaches that affect keys and certificates, as this is the only way to ensure the security of their business.
*** This is a syndicated blog from the Security Bloggers Network of Blog RSS Written by Alexa Cardenas. Read the original post at: https://www.venafi.com/blog/how-remediate-keys-and-certificates-after-data-breach