Why Monitoring Third-Party SSL Certificates Matters

February 5, 2020 • The Recorded Future Team

This week, Microsoft Teams — a workplace collaboration tool similar to Slack — went down for three hours. Users attempting to log in were met with a message stating that the app failed to establish an HTTPS connection.

The problem? An expired SSL certificate, which normally allows users to ensure a secure connection between a web browser and a web server.

Consequences of Expired SSL Certificates

For many security professionals, SSL certificates are generally thought of as table stakes. Still, major companies let certificates expire all-too-frequently — and sometimes with drastic outcomes. For example, when Ericsson allowed an SSL certificate to lapse in 2018, 32 million of the Swedish phone company’s customers found themselves without cell service. Additionally, the Equifax breach could have been discovered as much as 79 days earlier if a certificate had not expired. The expired certificate there resulted in an internal network traffic monitoring tool failing to notice data exfiltration.

When SSL certificates expire, businesses are exposed to potential disruptions, sometimes resulting in significant costs. It can also leave customers and employees vulnerable to phishing attacks. While you can readily monitor SSL certification for your own company’s assets, keeping track of the ones that your third-party vendors and partners use is significantly more difficult. Yet, doing so is important. Companies that rely on Microsoft Teams as part of their communications infrastructure likely experienced productivity losses, communication slow-downs, missed client meetings, and more.

How to Monitor Third-Party SSL Certificates

In today’s interconnected business world, you’re only as secure as the weakest link in your supply chain. So, having access to real-time security intelligence about the companies in your organization’s ecosystem is more critical than ever. With a third-party risk solution that monitors your third parties’ SSL and TLS certificates, you can protect against the consequences of certificate lapses and much more.

Learn more about how security intelligence from Recorded Future reduces your organization’s overall risk — including risks introduced by third-parties.

New call-to-action

Related Posts

How to Bolster Network Perimeter Defenses With Security Intelligence

How to Bolster Network Perimeter Defenses With Security Intelligence

February 26, 2020 • The Recorded Future Team

Cybercriminals continue to utilize remote code execution attacks that target edge devices as a way...

Why Security Teams Need to Embrace Automation

Why Security Teams Need to Embrace Automation

February 25, 2020 • The Recorded Future Team

Fiction envisions a world taken over by autonomous machines — self-building, self-aware robots...

2020 SANS CTI Survey Says Intelligence Is Critical to Security

2020 SANS CTI Survey Says Intelligence Is Critical to Security

February 20, 2020 • The Recorded Future Team

The 2020 SANS Cyber Threat Intelligence (CTI) Survey explores organizations’ evolving strategies...