New threats target the trust provided by keys and certificates, and allow bad guys to look legitimate so they can surveil networks, stay undetected, steal data and bypass other security systems. Attacks using SSL/TLS to bypass critical controls is increasing, for instance. Gartner expects that by 2017, more than 50% of network attacks will use encrypted SSL/TLS. The ability to quickly decrypt and inspect SSL traffic in real time and detect threats is imperative Trust-based attacks range from exploits of accidental vulnerabilities, like Heartbleed, to APTs designed to circumvent and misuse keys and certificates like Mask, Crouching Yeti, and APT18?to name a few. It?s becoming mission critical to have visibility into and control of key and certificate inventories, enterprise wide, especially given most other IT security technologies depend on the trust they provide.

Back to GrrCON 2016 video list