The Evolving Threat Landscape and the New Best Practices for SSLby Dan Sullivan
Threats to information security are becoming more sophisticated, targeted, and persistent. As new protective measures are developed and deployed, attackers seek out alternative means of compromising your systems. This history of cybercrime and the evolution of malware demonstrate there is no single way to attack a system—there are many. Not surprisingly, there are many defensive measures you can put into place. Anti-malware, email filtering, and vulnerability scanning are just three commonly used methods to address the risk of attack.
One measure is fundamental to many others: encryption. Encryption is such an effective and widely applicable tool, malware developers have used encryption to help avoid detection. SSL is a set of protocols that enable encryption to protect data privacy and authentication of servers and applications to promote trust. SSL certificates are a crucial component for implementing SSL and other security controls. This guide will examine the constantly evolving threat landscape and examine best practice methods for using SSL and choosing the right types of SSL certificates for your organization’s needs.
Chapter 1: Threats to Enterprise Information Systems and the Need for Ubiquitous SSL
Businesses and organizations face constant, sophisticated threats to their information infrastructure and digital assets. It is imperative for businesses to implement best practices to protect valuable information assets. Encryption is a fundamental technology that provides both the first and last lines of defense. In fact, encryption is such an effective and widely applicable tool, malware developers have used encryption to help avoid detection. However, having encryption standards and employing encryption in high-risk applications is no longer protection enough. Any application, including fairly unsophisticated Web applications, can become a rung on the ladder of attack that ultimately leads to a data breach or compromised system. Businesses need to protect their data as it moves between servers and other devices on the Internet. Securing a backend database is certainly a reasonable and expected course of action, but we are now realizing that other components in the application stack must also be secured. This chapter explores the threats you face as well as the need for ubiquitous protection to meet those threats.
Chapter 2: Deploying SSL in the Enterprise
More business applications are using distributed architectures to deliver new services, take advantage of existing applications, and control costs. The benefits of distributed systems also come with risks. Data is spread across multiple devices and databases. Even with sound network and server security practices, breaches can occur. SSL technologies deployed throughout the IT infrastructure can help meet business objectives while protecting the confidentiality, integrity, and availability of your systems and data. This chapter first examines the variety of infrastructure components that need SSL, then turns the focus to discuss the business drivers behind comprehensive SSL deployments in the enterprise.
Chapter 3: Preparing for Tomorrow: Future Considerations and Risks
The future of cybercrime and security risks is not looking favorable for those trying to do business with and on the Internet. Security experts may rightly leave many in business wondering whether their networks are sufficiently protected and, of particular interest, can comprehensive use of SSL help avoid some of the worst impacts of a breach? Clearly, there is no panacea and the threat landscape appears to becoming more, not less, dangerous. In spite of these dismal projections, there are practices that can be put in place that help business to function while providing protections for their systems and data.