Why Monitoring Third-Party SSL Certificates Matters

February 5, 2020 • The Recorded Future Team

This week, Microsoft Teams — a workplace collaboration tool similar to Slack — went down for three hours. Users attempting to log in were met with a message stating that the app failed to establish an HTTPS connection.

The problem? An expired SSL certificate, which normally allows users to ensure a secure connection between a web browser and a web server.

Consequences of Expired SSL Certificates

For many security professionals, SSL certificates are generally thought of as table stakes. Still, major companies let certificates expire all-too-frequently — and sometimes with drastic outcomes. For example, when Ericsson allowed an SSL certificate to lapse in 2018, 32 million of the Swedish phone company’s customers found themselves without cell service. Additionally, the Equifax breach could have been discovered as much as 79 days earlier if a certificate had not expired. The expired certificate there resulted in an internal network traffic monitoring tool failing to notice data exfiltration.

When SSL certificates expire, businesses are exposed to potential disruptions, sometimes resulting in significant costs. It can also leave customers and employees vulnerable to phishing attacks. While you can readily monitor SSL certification for your own company’s assets, keeping track of the ones that your third-party vendors and partners use is significantly more difficult. Yet, doing so is important. Companies that rely on Microsoft Teams as part of their communications infrastructure likely experienced productivity losses, communication slow-downs, missed client meetings, and more.

How to Monitor Third-Party SSL Certificates

In today’s interconnected business world, you’re only as secure as the weakest link in your supply chain. So, having access to real-time security intelligence about the companies in your organization’s ecosystem is more critical than ever. With a third-party risk solution that monitors your third parties’ SSL and TLS certificates, you can protect against the consequences of certificate lapses and much more.

Learn more about how security intelligence from Recorded Future reduces your organization’s overall risk — including risks introduced by third-parties.

Related Posts

2020 SANS CTI Survey Says Intelligence Is Critical to Security

2020 SANS CTI Survey Says Intelligence Is Critical to Security

February 20, 2020 • The Recorded Future Team

The 2020 SANS Cyber Threat Intelligence (CTI) Survey explores organizations’ evolving strategies...

Automating Security With Recorded Future

Automating Security With Recorded Future

February 11, 2020 • The Recorded Future Team

Companies of all sizes and across all industries — from retail, to manufacturing, to financial...

Protecting the Hospitality Sector With Security Intelligence

Protecting the Hospitality Sector With Security Intelligence

January 29, 2020 • The Recorded Future Team

The hospitality sector has always been a popular target for cyberattacks For the past decade,...