it security's dirty little secret
Post on 15-Jan-2015
1.080 Views
Preview:
DESCRIPTION
TRANSCRIPT
SECRETIT dirty little‘s
inform
ation
tech
nology
Research brought to you by:
IT admins are leaving open backdoors–full root access–to
almost every server, virtual machine, and cloud service
within the enterprise.
SSH (Secure Shell) is a cryptographic security protocol used to connect administrators and machines. It is used everyday, in every enterprise network.
SSH provides full administrator access over encrypted sessionsthat bypasses network monitoring, perimeter based security solutions, and advanced threat protection systems. SSH keys are not being properly secured and provide unfettered admin access to valuable and sensitive data and valuable intellectual property.
SSH ??
A single SSH-key related security incidentcan cost U.S. organizations as much as
500,000$
PaymentSystems
HealthcareDatabases
Air TrafficControl Systems
Cloud infrastructure-as-a-service systems
SSHis used to connectto systems such as:
EXP. NEVER!
EXP. 1 YEAR
IT administrators, not IT security, are responsible for securing and protecting their SSH keys.
Unlike digital certificates, SSH keys never expire, leaving backdoors open forever!
have no security controls for SSH that provides would-be hackers unfettered, root access.
3 OUT OF 4 ENTERPRISES
Of organizations are leaving a permanent backdoor open.Never changing SSH keys allows ex-staff and previous attackers to gain access.
46%
Either never change their SSH keys or change them, at best, once every 12 months.
The average IT user changes their password every
60-90 days
***************
YET
82%
(at least the ones that know)
OF ORGANIZATIONS REPORT BREACHES DUETO FAILED SSH SECURITY IN THE LAST 24 MONTHS
ALL OF THIS HAS ALREADY LED TO
51%
2 daysthe average enterprise
takes almostto respond to a SSH compromise if it’s detected
THE LACK OF IT SECURITY CAPABILITIES MEANS
60% OF RESPONDENTS REPORTED THAT THEIR ORGANIZATIONS CANNOT DETECT NEW SSH KEYS INTRODUCED ONTO THEIR NETWORKS;
relying on administrators to report and track themmanually and without oversight.
Only 13% of organizations think IT security should be responsible, continuing the insanity - root administrator access is wide open while IT security is scrambling to stop cybercriminal attacks.
It’s no wonder,
76% of enterprisesreport no systems to secure SSH when using the cloud
IT security can’t tolerate this insanity any more. Root level access and SSH will kill everything
else that IT security has worked to build.
CEOs, CIOs, CISOs are tolerating insanityallowing IT admins to run their SSH security
and expecting to stay secure.
For more information visit: www.venafi.com/Ponemon
top related