Why Monitoring Third-Party SSL Certificates Matters
February 5, 2020 • The Recorded Future Team
This week, Microsoft Teams — a workplace collaboration tool similar to Slack — went down for three hours. Users attempting to log in were met with a message stating that the app failed to establish an HTTPS connection.
The problem? An expired SSL certificate, which normally allows users to ensure a secure connection between a web browser and a web server.
Consequences of Expired SSL Certificates
For many security professionals, SSL certificates are generally thought of as table stakes. Still, major companies let certificates expire all-too-frequently — and sometimes with drastic outcomes. For example, when Ericsson allowed an SSL certificate to lapse in 2018, 32 million of the Swedish phone company’s customers found themselves without cell service. Additionally, the Equifax breach could have been discovered as much as 79 days earlier if a certificate had not expired. The expired certificate there resulted in an internal network traffic monitoring tool failing to notice data exfiltration.
When SSL certificates expire, businesses are exposed to potential disruptions, sometimes resulting in significant costs. It can also leave customers and employees vulnerable to phishing attacks. While you can readily monitor SSL certification for your own company’s assets, keeping track of the ones that your third-party vendors and partners use is significantly more difficult. Yet, doing so is important. Companies that rely on Microsoft Teams as part of their communications infrastructure likely experienced productivity losses, communication slow-downs, missed client meetings, and more.
How to Monitor Third-Party SSL Certificates
In today’s interconnected business world, you’re only as secure as the weakest link in your supply chain. So, having access to real-time security intelligence about the companies in your organization’s ecosystem is more critical than ever. With a third-party risk solution that monitors your third parties’ SSL and TLS certificates, you can protect against the consequences of certificate lapses and much more.