Skip to content

Take Control of Your SSL/TLS Servers to Avoid Security Breaches and Public Outages

It is critical that enterprises audit their SSL/TLS servers as part of a regular security hygiene assessment process. Failure to do so can lead to security breaches and service outages.

Every year we see very public examples of companies that have suffered outages due to certificate expiration. Last week’s headlines about significant outages in Europe and Japan underscore that expired certificates can have a massive impact on a business. If technology stops running, the business will, too – with potentially disastrous consequences for sales, customer confidence, and brand equity, not to mention productivity.

Since its creation by Netscape in 1994, the SSL/TLS protocol has suffered a number of significant attacks. Over time, standards and compliance bodies like PCI-DSS, NIST, CIS and the IETF have published guidelines on which SSL/TLS protocols and cipher suites should be used in order to avoid becoming victims of attacks such as DROWN, POODLE, BEAST, CRIME and ROBOT.

Taking steps to ensure compliance-readiness

These guidelines are continuously revised, and the latest version of the PCI-DSS standard no longer considers the SSL 2.0, SSL 3.0, and TLS 1.0 protocols secure. While TLS 1.1 is still acceptable, the 1.2 version of the TLS protocol is considered best practice as it includes support for modern AEAD cipher suites. As of June 2018, the use of anything other than TLS 1.1 or TLS 1.2 will cause a business to fail PCI compliance.

Business resilience starts with good security hygiene and total visibility of your environment. Auditing an environment to ensure you’re compliance-ready can be very difficult, but by using Tanium, you can immediately show:

  • Every server in your environment that offers only TLS 1.1 and TLS 1.2 and therefore meets PCI-DSS compliance requirements
  • Certificates that are soon to expire
  • If an SSL server offers TLS 1.2, the strongest version of the TLS protocol that is readily available
  • Servers that offer SSL 2.0, SSL 3.0, and TLS 1.0, and thus put you at risk for noncompliance – and a breach

Business resilience is more than prevention. It’s more than recovery. It’s a shared practice that unites IT, operations, and security teams to ensure strong security fundamentals are embedded across the entire company network. Only then can organizations act – and react – in real-time to threats and outages.

Read about how compliance and security hygiene go hand in hand


Interested in seeing Tanium in action? Schedule a one-to-one demo or attend our weekly webinar. Talk to our Tanium experts at our upcoming events.

Tanium Staff

Tanium’s village of experts co-writes as Tanium Staff, sharing their lens on security, IT operations, and other relevant topics across the business and cybersphere.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.

SUBSCRIBE NOW