April 30, 2014 | Leave a Comment
Response is not complete until trust is re-established
By now most organizations have responded to the Heartbleed vulnerability by patching vulnerable systems. Good. The next step must be to replace ALL keys and certificates. Successful private key extraction exploitation in just hours shows keys and certificates must be assumed comprised. The urgency to replace keys and certificates is even more important as details emerge about exploits being used in the wild for months and possibly years. As a result, experts all agree — from Bruce Schneier, to Gartner’s Erik Heidt, to CloudFlare — the message is: replace keys and certificates.
Underestimating our adversaries and taking no action is not an option. Gartner’s advice to enterprise IT security teams is very clear:
“Because this attack enables the recovery of the private key itself, certificate rotation alone will not protect you! New private keys must be generated.”
Following successful private key exploitation in its Heartbleed Challenge, CloudFlare turned from skeptical to genuinely concerned: “Our recommendation based on this finding is that everyone reissue and revoke their private keys.”
Unfortunately, I’ve observed some response teams either 1) assuming that patching is enough 2) patching and reissuing certificates without generating new keys. Unless private keys are replaced, attackers can still spoof websites and decrypt encrypted communication.
CISOs and CIOs should not report to their CEOs, board of directors, and customers that they are safe until they’ve replaced all keys and certificates. Doing so is ill advised as we learn more about new exploits and the likelihood that Heartbleed exploits occurred in 2013 and before.
Furthermore, enterprises must assume, just as they are with userid and passwords, that ALL keys and certificates are compromised, not just those that secured vulnerable Heartbleed systems. Kill Chain Analysis helps us understand that attackers will look to expand their attacks using similar methods and targets as their first intrusion. Further infiltration of networks means that SSL keys and certificate and SSH keys, even though not running vulnerable OpenSSL, should be assumed targets and compromised.
Respond & Remediate Now Before It’s Too Late
- Know where all keys and certificates are located
- Generate new keys and certificates
- Replace new keys and certificates, revoke old ones
- Validate remediation to ensure new key and certificates are in place
To help organizations respond, Venafi has prepared more guidance on remediation steps. Venafi customers have already remediated keys and certificates in hours. And in the last few days, we’ve been helping many new customers start to respond quickly. Please contact Venafi’s Incident Response and Remediation team to help your enterprise.
- Live Webinar: Remediating Heartbleed Vulnerability — Register Now
- Understanding the Heartbleed Vulnerability
- Security Rapid Response Bulletin
By Kevin Bocek
VP, Security Strategy & Threat Intelligence
April 28, 2014 | Leave a Comment
By Krishna Narayanaswamy, Chief Scientist at Netskope
We released the Netskope Cloud Report today. One of the key findings of the report is that 90 percent of cloud app usage is in apps blocked by perimeter technology.
How can this be the case? Are all the firewalls broken?
That usage is the exceptions. Folks in IT and network security know this all too well. These put-upon individuals do all this work to set a very well-intentioned policy blocking a cloud service like Facebook or a storage or cloud backup app in order to protect the network, prevent leakage of sensitive data or corporate IP, or just help keep employees productive.
And that’s when the goat rodeo begins: First, marketing asks for access to the blocked service because they need to post news and product updates. Then the execs get in on the action. Then it’s customer support. And sales. And. And. And. Before you know it, everybody’s using the service, and the exception is now the rule. The sad irony is that the well-intentioned policy is now, in fact, not working.
We are dubbing this “exception sprawl.”
We look at this against policy violations in the Netskope Active Platform. One conspicuously missing policy violation from the top of our list is login (which is our version of blocking the app). Login is only the fifth most common policy violation, behind upload, edit, post, and download. In fact, login policy violations are only about 4 percent of upload violations, so there’s a huge drop-off from people who enforce granular, activity-based policies and straight-up blocking.
This tells us that when IT and security folks have the option to enforce granular policies, they will choose that option. They know all too well what happens when you block a service that breaks business process.
Tell me how you’re solving “exception sprawl” in your organization by commenting on this blog post or on Twitter: @Krishna_Nswamy #exceptionsprawl
April 28, 2014 | Leave a Comment
Time is running out to change keys and certificates or else…
The world appears to be failing to respond to the Heartbleed vulnerability. In fact well under 16% of vulnerable keys and certificates have been replaced. Experts Bruce Schneier, Gartner, Akamai, and CloudFlare all agree about what enterprises must assume and do: Enterprises must assume keys and certificates are compromised. As a result, organizations MUST change ALL keys and certificates to complete remediation: rekey, reissue, and revoke.
Remediation of ALL keys and certificates is important since the vulnerability may have exposed keys and certificates as a result of continued expansion of attacks beyond the initial infiltration and vulnerability.
Respected security researcher Dan Kaminsky explained the reason behind replacing ALL keys and certificates:
“Find anything moving SSL, particularly your SSL VPNs, prioritizing on open inbound, any TCP port. Cycle your certs if you have them, you’re going to lose them, you may have already, we don’t know.”
The EFF has confirmed Heartbleed exploits in November 2013 and other reports indicate possible exploits go back two years. Therefore, we must assume our adversaries were compromising keys and certificates for long time before Monday, April 7th when the Heartbleed bug was first publically announced.
Until key and certificate replacement remediation occurs, enterprises are vulnerable to spoofing and decryption. As of April 15th, over seven days since the first calls to change keys and certificates began, Netcraft reports that only 16% of certificates known to be used with publicly vulnerable webserver were only revoked.
Less than 16% remediation
And remediation on these systems is likely even lower than 16% of publicly vulnerable systems because new keys were not created in many cases. Some incident response teams are only reissuing certificates without changing keys. Gartner’s Erik Heidt accurately describes the situation in his Heartbleed remediation blog:
“Many organizations perform ‘lazy’ certificate rotations, and do not create new keys! This is a bad practice.“
Gartner concluded, “because this attack [Heartbleed] enables the recovery of the private key itself, certificate rotation alone will not protect you! New private keys must be generated.”
This is the same guidance that once-skeptical, now-converted CloudFlare gave after researchers proved SSL/TLS keys could be stolen using the Heartbleed vulnerability:
“Our recommendation based on this finding is that everyone reissue and revoke their private keys”
Furthermore, there are hundreds of applications from IBM, Juniper, Cisco, and many others that are vulnerable to Heartbleed and use keys and certificates. Many of these operate behind the firewall and some may, incorrectly, assume replacing keys and certificates on these systems is not important. Assuming this would be a terrible mistake since behind-the-firewall attackers would love nothing more than to be able to spoof services like VPNs, security systems, applications servers, and more and decrypt encrypted SSL/TLS traffic.
Take action now while you still can
CISOs should not and cannot tolerate this situation. Some IT security leaders may be told by incident response teams that a full-scale rekey, reissue, and revoke is not necessary. Others may be told that it’s too complicated or time consuming. And there has been a false assumption that patching is all that’s required. Some may be misinformed, possibly by websites that show remediation is complete, but have no awareness of changes to keys and certificates, only to basic patching.
Do CISOs and security teams believe that usernames and passwords should not be changed? No. Therefore, they should not, and cannot, live with a situation where all keys and certificates are not replaced.
Venafi customers are quickly remediating
Venafi customers are speeding through incident response. With Venafi TrustAuthority™, security teams have full visibility into all their keys and certificates, which applications use them, and who owns them. Combined with Venafi TrustForce™, remediation is only a click away: keys and certificates can be changed and securely distributed and installed. All without any intervention from an application owner or system administrator!
Whether you’re a Venafi customer or not, please change ALL of your keys AND certificates. Triage keys and certificates from public vulnerable systems, then internal vulnerable systems, and then the remaining keys and certificates throughout the enterprise. Remediation will be complete and your organization will be secure.
You can learn more about how Venafi can help you quickly respond and remediate to incidents like Heartbleed here.
By Kevin Bocek
VP, Security Strategy & Threat Intelligence
April 25, 2014 | Leave a Comment
By Gavin Hill, Director, Product Marketing and Threat Intelligence, Venafi
When it comes to defending against advanced threats that take advantage of keys and certificates, most organizations have a gaping hole in their security strategy. Cyber criminals on the other hand know all too well how little awareness, or ability to respond, most organizations have to trust-based attacks. They have figured out that they can go undetected for years by using trusted SSL connections, exploiting compromised SSL keys, or stealing SSH keys to gain rogue administrator access to servers and clouds.
Only recently are we discovering the true sophistication and breadth of the problem. Take, for example, the Mask APT operation. For more than 7 years it went undiscovered, stealing credentials such as SSL, VPN, and SSH cryptographic keys and digital certificates.
And Operation Windigo—still active—has been in the wild since 2011, compromising over 25,000 Linux and Unix web servers. Cyber criminals use these servers to steal SSH credentials, redirect visitors to malicious websites, and send millions of spam messages per day.
Trojans that steal keys and certificates are nothing new due to the high value of these cryptographic assets. A single stolen certificate is worth U.S. $700 or more on the underground market—much more than any single identity.
The Heartbleed vulnerability that was recently discovered—a free gift to every cyber criminal—enables anyone to use the vulnerability to steal private keys for X.509 certificates without any trace. What’s worse is that the vulnerability has been around since 2011, with confirmed successful exploitation since last year. This vulnerability has been dubbed as catastrophic, impacting at least twenty percent of the world’s web servers. But it’s not just web servers that are impacted, there are hundreds of application vendors that are also impacted, many of which are behind the firewall. Unfortunately, many organizations are failing to remediate adequately, resulting in unfettered access for cyber criminals.
Although perimeter-based and next-generation security solutions provide good protection against advanced threats, they do not address trust-based attacks. When an organization removes malicious code from the network but fails to replace potentially compromised keys and certificates, the organization leaves the enterprise network under the control of the cyber criminals who retain the ability to monitor, impersonate, and access the network.
The featured Gartner research examines the state of enterprises’ strategies for dealing with new SSL cybersecurity threats and vulnerabilities. The report also outlines the legal implications and negative effects when unauthorized parties can decrypt SSL traffic on the enterprise network. Securing SSL keys and certificates, enforcing trust policies, and understanding what is trusted and what is not will be critical to mitigating these escalating attacks.
In addition, the report includes recommendations provided by both Gartner and Venafi. These include suggestions on how to mitigate trust-based attacks with Next-Generation Trust Protection, so that you can secure and protect keys and certificates, while also detecting malicious use of these assets.
April 24, 2014 | Leave a Comment
The Heartbleed vulnerability unequivocally demonstrates the impact a single vulnerability has on all organizations when keys and certificates are exposed. Cyber-criminals have unfettered access to the keys and certificates on vulnerable systems, without any trace. Researchers that identified the vulnerability sum up the impact simply, “any protection given by the encryption and the signatures in the X.509 certificates can be bypassed” (Heartbleed) You must assume all keys and certificates are compromised and immediately replace them to remediate. Unfortunately, most organizations cannot!
The vulnerability is not limited to webservers, it impacts any system running OpenSSL 1.0.1 – 1.0.1f. This includes mail servers, chat servers, VPN’s, network appliance, client software, VOIP phones and more. Hundreds of software applications from security vendors have already confirmed their software as being susceptible to the Heartbleed vulnerability.
Next-Generation Trust Protection for Next-Generation Threats
Venafi Trust Protection Platform provides holistic remediation from the Heartbleed vulnerability. Via TrustAuthority and TrustForce, organizations are able to quickly identify any system susceptible to the Heartbleed vulnerability, regardless if it is a publicly facing web server or on the internal network and remediate.
Venafi TrustAuthority can quickly identify systems impacted by the Heartbleed vulnerability, establish how many keys and certificates are in use, where they are used, and who is responsible for them. Once TrustAuthority defines a comprehensive inventory of all X.509 certificates, they need to be replaced.
Venafi TrustForce uses lightweight agent and agentless technologies to automate complex activities, including rekeying and recertification, for which manual processes might open vulnerabilities. With TrustForce, the remediation of keys and certificates is completely automated and secure.
The following step-by-step process outlines how organizations can automate remediation of the Heartbleed vulnerability using both TrustAuthority and TrustForce with the Vulnerability Remediation Plugin.
Using TrustAuthority, identify any server that may be susceptible to the Heartbleed vulnerability. This can be achieved by scanning both your internal and public networks.
Once vulnerable systems have been identified, patch them by upgrading to OpenSSL 1.0.1g OR recompile the OpenSSL library with the OPENSSL_NO_HEARTBEATS flag
Identify keys and certificates that need to be fixed based on knowledge of vulnerable applications.
As you review results from various search types, you can select certificates individually or in groups.
The generation of keys and X.509 certificates is automated via the Work Queue. However, prior to initiating a Work Queue, it is critical to make sure that a new private key is generated to remediate further compromise as a result of the private key being stolen via the Heartbleed vulnerability.
From within the Policy tree under a policy object or certificate object ensure that your certificate does not have the “Reuse Private key” option selected.
Step 4 – 5:
Using TrustAuthority and TrustForce together, the new private key generation, CSR, secure distribution, installation and revocation process for certificates is all performed automatically via the Work Queue. For organizations that only have TrustAuthority, the secure distribution and installation is manual.
Step 6 – 8:
Once all publicly facing servers susceptible to the Heartbleed vulnerability are remediated by patching OpenSSL and replacing the private key and certificates, steps 1 – 5 should be repeated for all internal servers impacted by the vulnerability.
Validation of the Heartbleed remediation is critical to success. For this you should validate all keys and certificates are replaced, detect anomalies and alert the organization on any related security events at least every 24 hours.
Contact Venafi to help accelerate your Heartbleed remediation.
By Gavin Hill
Director, Product Marketing and Threat Intelligence
April 23, 2014 | Leave a Comment
Here at Dropbox, keeping your stuff safe isn’t just part of our mission; it’s our top priority. As part of that, we’ve been engaging with the Cloud Security Alliance (CSA), a not-for-profit organization that promotes and provides education around cloud security best practices. Today, we’re excited to announce that we’ve officially joined as a member!
The partnership is already off to a great start — we enjoyed participating in CSA’s most recent conference, SecureCloud 2014, held in Amsterdam earlier this month. It featured keynotes by some well-respected security folks, like Neelie Kroes, Vice President of the European Commission, and Prof. Udo Helmbrecht, Executive Director of ENISA. Some of the best discussions we took part in were around the maturity of cloud security certifications, the evolution from periodic audits to continuous compliance monitoring, the harmonization of data protection legal frameworks in Europe, and the simplification of the due diligence process of cloud services.
We look forward to working with other CSA members to promote trust in cloud services and to share best practices for protecting users’ privacy and security. Stay tuned!
April 22, 2014 | Leave a Comment
Organizations—from service providers, banks, and retailers to government agencies—were recently blindsided by the Heartbleed bug, a critical vulnerability in the OpenSSL cryptographic software library, which underlies trust for secure transactions worldwide. Attackers wasted no time exploiting the vulnerability, which allows them to extract private Secure Socket Layer (SSL) keys with absolute ease. They can read any of the sensitive information that customers have entrusted to the organization’s now-compromised security. To protect their data and their customers, organizations had to respond even more quickly than attackers. They had to assess their vulnerability, determine which systems were using OpenSSL certificates, and then take the steps necessary to re-establish trust, including updating OpenSSL, replacing certificates, and generating new keys.
Unfortunately, most organizations are ill-equipped to respond to trust-based vulnerabilities and threats—especially in such an abbreviated timeframe. As noted in a study by the Ponemon Institute, most enterprises have as many as 17,000 certificates but few control and secure those certificates, making it difficult for their IT security teams to find and replace vulnerable certificates. As a Chief Information Security Officer (CISO) with over 25 years’ experience in IT security, compliance and identity management; with many of those years as an executive leader, I have spent a lot of time analyzing why companies aren’t protecting their precious cryptographic assets and how they can improve their security practices.
The oversight, I think, stems mainly from lack of awareness. Most organizations simply do not realize the extreme danger trust-based attacks pose. For many years, organizations have focused almost entirely on defense in-depth as a way of ensuring confidentiality, integrity, and availability (CIA). They rely heavily on Intrusion Detection System (IDS)/Intrusions Protection System (IPS) solutions to protect their systems and data from attacks. As effective as IDS/IPS solutions can be in mitigating attacks, many of these solutions cannot see into encrypted traffic, making it difficult, if not impossible, for them to detect attacks that exploit certificates and keys.
Many organizations also fail to understand the importance of protecting their SSH keys—leaving them open to the same type of abuse Edward Snowden used to breach security at the U.S. National Security Agency (NSA). SSH keys are a particularly easy target because SSH keys don’t expire and most enterprises don’t rotate their SSH keys. Further compounding their vulnerability, many organizations fail to track who has access to SSH keys. When administrators leave the company, they all too often take SSH keys with them, giving them ongoing privileged access to the organization’s systems.
With the sharp increase in trust-based attacks, organizations must modify their traditional CIA security models to include securing their certificates and keys. After all, certificates and keys are used to ensure confidentiality, permitting only authorized recipients to view protected data. If an attacker compromises a certificate or key, that confidentiality is no longer assured. And any IT security professional charged with ensuring availability must understand: controlling the keys and certificates on which systems rely prevents costly outages.
Organizations must take into account the critical role cryptographic assets play in ensuring confidentiality and availability because they can no longer afford to be blindsided by trust-based attacks. In my years as an IT security professional, I have assembled best practices for securing certificates and keys–practices that ensure that the trust organizations and their customers place in these vital assets is well-founded. Organizations must inventory their certificates and keys so that when a vulnerability is discovered, they can accurately assess their risk exposure. They must have policies and automated solutions for rotating keys so that they can quickly close the vulnerability. They must also be able to monitor the use of SSL and SSH keys so that they can detect suspicious behavior that flies under the radar of traditional IDS/IPS solutions.
In future blogs, I’ll give you in-depth insight into each of these practices, keep you up-to-date on the latest trust-based exploits, and help you discover the best ways to protect yourself. In addition, I will throw in some blogs on leadership, competency focus areas and ideas on staffing security roles—which I know is always a challenge!
I am looking forward to having you join me each month!
Tammy Moskites, Venafi CISO
April 17, 2014 | Leave a Comment
The Tie Between Cloud App Enterprise-Readiness Score and Heartbleed Remediation: 7 Steps You Need to Take Now
April 17, 2014 | Leave a Comment
Krishna Narayanaswamy, Netskope Chief Scientist
The Heartbleed Bug is a serious vulnerability for websites around the world. Many enterprise cloud and SaaS apps were also impacted. While most app vendors have remediated their systems, some remain vulnerable.
Netskope researchers have been scanning more than 4,500 such apps throughout the past week and maintaining a daily countdown to remediation.
One observation we have made in the course of this analysis is the connection between remediation status and enterprise-readiness in the Netskope Cloud Confidence Index (CCI). The CCI is an index and measure of cloud apps’ enterprise-readiness based on 34 objective criteria in the areas of security, auditability, and business continuity adapted from the Cloud Security Alliance. We assign each app a 0-100 score, and then group scored apps into levels: “Excellent,” “High,” “Medium,” “Low,” and “Poor.”
The Tie Between Quality and Remediation
After six days of reporting on the remediation status of the apps in the CCI, our observation is that high-scoring apps remediate their systems to a greater degree than low-scoring ones. On day one of our analysis (April 10), all of the affected apps that are rated “Excellent” had already been remediated, and only a handful of “Highs” were left to go. At that time, the lower you looked on the enterprise-readiness scale, the greater the portion of apps were vulnerable. Over the six days, apps of all enterprise-readiness levels remediated their systems, but at the end of six days, nearly all of the enterprise-ready apps have been remediated, while the non-enterprise-ready apps have not remediated to the same degree.
Looking at it another way, at day six, more than half of the enterprise cloud apps that remediated in the first six days were considered enterprise-ready (rated “High” or “Excellent” in the CCI). In contrast, 88 percent of the remaining vulnerable apps are not enterprise-ready.
Why Does This Matter?
It’s a bit of a no-brainer that higher-quality apps should remediate their systems more quickly than lower-quality ones. So why are we pointing this out? Here’s why: If organizations knew all of the apps they had running in their environments, this wouldn’t be a big deal. They could curtail usage, educate their users, and approach the vendors in question.
However, our data tell us that organizations have between 400-500 enterprise cloud apps running, only about 10 percent of which they know about. Anecdotally, the ones they know about are typically of higher quality, such as Box, Salesforce, and Okta, which are sanctioned by IT. So if vulnerable apps tend to be low on the enterprise-readiness scale, and IT doesn’t know which low-quality apps are running, then the organization can’t take measures to remediate Heartbleed, much less protect against future vulnerabilities. And that’s a problem.
What Should You Do?
To protect yourself from Heartbleed and future vulnerabilities, you should:
1. Discover all of the cloud apps running in your environment.
2. Measure the apps’ enterprise-readiness against an objective yardstick (CSA’s Cloud Controls Matrix is a great starting point, and there are also vendors, including Netskope, who perform this service free of charge).
3. Compare the discovered apps against the list of remaining vulnerable apps and take steps to curtail usage or introduce countermeasures.
4. Beyond the apps affected by Heartbleed, review all of the low-scoring apps and determine whether they’re business-critical.
5. For non-critical apps, help users migrate to more appropriate apps.
6. For critical apps, work with your app vendor to introduce enterprise capabilities and develop a plan to remediate vulnerabilities.
7. Adopt a process to continuously discover and gain visibility into the cloud apps in your environment, including the unsanctioned ones, as they change frequently.
Netskope™ is the leader in cloud app analytics and policy enforcement. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps. The Netskope Active PlatformTM performs deep analytics and lets decision-makers create policies in a few clicks that prevent the loss of sensitive data and optimize cloud app usage in real-time and at scale, whether IT manages the app or not. With Netskope, people get their favorite cloud apps and the business can move fast, with confidence.
2014 Netskope, Inc. All rights reserved. Netskope is a registered trademarks and Netskope Active, Netskope Discovery, Cloud Confidence Index, and SkopeSights are a trademarks of Netskope, Inc. All other trademarks are trademarks of their respective holders. 04/14 RS-19-1
April 15, 2014 | Leave a Comment
By Zulfikar Ramzan, CTO, Elastica
The entire internet security community was up in arms on Monday as a devastating new bug, Heartbleed was discovered in OpenSSL, the most widely deployed cryptographic function on the web. Google’s security team discovered the malicious bug. Since then OpenSSL has released a patch for it and issued a security advisory.
So how does Heartbleed operate? Elastica’s CTO Dr Zulfikar Ramzan explains. Click here to watch a video on Heartbleed.
Heartbleed takes advantage of a subtle, yet highly critical programming mistake in OpenSSL versions 1.01 and 1.02 beta. Systems running these vulnerable versions of OpenSSL can be easily attacked and your confidential data can be accessed.
What is Heartbeat?
Heartbeat is an extension to the TLS protocol. It allows you to keep a TLS session up and running even though no real data has gone through it in a while. It does so by sending a simple message called a Heartbeat request. This request basically helps keep a session alive between a client and a server even if there is no real activity. The Heartbeat request is sent by one computer to another with some request data that includes a payload and the size of that payload. The computer responding to a Heartbeat request will contain the same payload information.
How the Attacker Can Steal Confidential Data
The attacker will craft a special Heartbeat request with a little bit of data and information about how much data is in the request. The attacker can craft this request in a very malicious fashion. The attacker could send a payload that is very short, say just 1 byte. But instead of saying it’s just 1 byte, the attacker will lie and say it has 65,536 bytes. The code that handles the Heartbeat extension within the OpenSSL library will copy this payload that the attacker provided into its memory. As part of the response it will copy the data back out from its memory and send back a Heartbeat response to the attacker.
However, rather than checking the actual size of the payload the Heartbeat code just uses the value specified in the request. And this is a mistake. Instead of verifying if the actual size is consistent with what the requester put in, OpenSSL blindly uses the value that was included in the request. But this value could be bogus. It could be completely wrong. So what happens in this case? OpenSSL locates the starting location where it stored the payload in its memory and then copies the next 65,536 bytes as part of the response. The first byte is the actual payload that the attacker specified in his request. The remaining 65,535 bytes are the bytes that were stored in the memory of OpenSSL. And these bytes are returned to the attacker. Now suddenly the attacker sees an additional 65,535 bytes that were stored in the memory of OpenSSL, which should not have been sent to him.
What Makes the Attack Extra Potent?
Keep in mind that OpenSSL is meant to provide security for sensitive data. So the attacker has access to confidential data, passwords, or even the keys that SSL uses to encrypt and decrypt data going back and forth to you. And if an attacker has these keys he can not only decipher any further traffic, but also potentially read any past traffic that he may have recorded.
What makes this attack particularly potent is that it can be done without leaving a trace and it can be done multiple times to get different sets of data from OpenSSL’s memory. It is entirely possible that someone may have implemented this attack all along, but we just didn’t know about it!