U.S. chipmaker Nvidia has confirmed that it is investigating a cyber-incident that has reportedly downed its developer tools and email systems. Nvidia told TechCrunch in a statement that the nature and scope of the incident are still being evaluated, adding that the company’s commercial activities have not been impacted as a result. While Nvidia did not share details about the incident, it appears that its email systems and developer tools faced outages for almost two days following a “malicious network intrusion.”
How can we forget the outage that the Federal Bureau of Investigation (FBI) faced in November 2021? Hackers compromised the FBI email system and sent thousands of emails from an account.
With hyperconnected reality becoming incredibly ubiquitous, security has become the top priority for enterprises riding the digital wave. Public Key Infrastructure (PKI) stands as the first and most crucial layer of defense against attackers for an internet-facing system. However, certificate-related issues still plague businesses, resulting in thousands of dollars worth of losses every single year.
When evading cyberattacks, it all comes down to how well the identities of both humans and machines are managed. From the SolarWinds hack to the Equifax breach to the FBI attack and now the Nvidia cyber incident, almost every episode starts with a threat actor gaining access to the organization’s critical infrastructure by breaking or stealing a device or user’s credentials.
Zero Trust networks are the future.
Identity is the new network perimeter, and verification of digital identities on your network is central to a zero-trust strategy. However, many organizations mistakenly assume that limiting verification to user identities is sufficient. True zero trust implementation relies upon digital certificates and key pairs to strengthen security and ensure device verification in addition to identity verification.
Companies adopting the zero trust model start with segmentation, implementing privilege access management (PAM), multi-factor authentication (MFA), vulnerability and patch management, and security analytics. However, they miss one key area: managing machine identities through digital certificates and keys. It ignores the risk with compromised encryption tunnels while focusing heavily on access controls.
Digital certificates contribute much to a zero-trust architecture. Still, there’s a real need for a managed solution with automation of the certificate lifecycle at its core. Hence implementing a next-gen certificate lifecycle automation solution is a key initiative towards achieving a fully functional zero trust model.
Certificate lifecycle management tools come with modules to manage each aspect of the process. From auto-scanning environments to detecting and maintaining certificate inventory to automatically renewing expired certificates and revoking rogue ones, the entire lifecycle can be centrally managed from the tool’s interface. They are also equipped with functionalities that permit custom workflow definition, dynamic network monitoring, granular access control, policy enforcement, and auditing. With key security and vendor integration capabilities thrown in, they allow administrators to manage their PKI with minimal effort and maximize their return on investment on PKI.
Recommended Best Practices for Certificate Lifecycle Management
Here are some best practices for certificate lifecycle management if you would like a quick overview of the key guiding principles for managing digital identities.
Discover certificates from various devices and applications. Perform unauthenticated network scan and an authenticated scan of devices, certificate authority (CA) accounts, and cloud accounts to discover as many certificates as possible.
Central inventory & analytics
The central inventory provides insights into certificate expiry timelines and crypto standards (e.g., cipher strength, key size, TLS protocol version) and helps avoid application outages with timely renewals.
Protect private keys
Use a central key escrow like an encrypted software vault or a hardware security module (HSM) to ensure maximum protection. Automate certificate lifecycle processes to eliminate the need for human access to the keys and avoid key roaming.
Enable dynamic monitoring
Use your certificate management tool to proactively monitor the status of certificates and keys on your network. Create reports of key metrics (such as approaching renewals expired certificates) that update in real-time to promote quicker response times. Run periodic scans across the network to ensure that your certificate inventory is always up-to-date.
Enforce granular access control
Employ a granular, multi-layer access control approach where access to each functionality in the certificate lifecycle (discovery, monitoring, renewal, issuance, provisioning) can be configured based on a person’s role.
Create an audit trail
Ensure that every change made to the PKI environment is thoroughly documented. Automate this process to reduce human effort in this regard. With an audit trail in place, anomalies can easily be detected, isolated, and resolved, saving teams the effort of scanning the entire ecosystem for issues when a problem is detected.
Automate certificate lifecycle management
A certificate lifecycle management tool integrates with your network to enable full-cycle automation. Minimizing the human effort expended on certificate operations will also reduce the risk of error that comes with it. Set up tasks that will automatically renew certificates when they near expiration or custom workflows that can revoke and reissue all the certificates issued by a particular CA.
AppViewX CERT+ provides extensive visibility into the multi-vendor certificate and encryption key infrastructure to prevent threats. Application, network and security engineers may self-service and initiate automation workflows that deliver compliance and true business agility.