We have just finished a new punctual monitoring campaign on the perimeter of our clients, this time focused on possible insecure web accesses. And once again the great importance that our customers give to safety is demonstrated.
This process is harmless to the client since it is carried out remotely and non-intrusively, for which we use our own and/or third-party technology.
We wanted to carry out a campaign combining known vulnerabilities, such as insecure web access, with our LEET benchmark. To do this, we have focused on identifying if they have a valid and secure digital certificate.
The objective of this campaign is that all web connections are secure and trustworthy, protecting the confidentiality of data. To this end, we have analyzed 3 parameters: if you have a certificate from a recognized CA (Certificate Authority), if it is valid, and what is the encryption algorithm used.
Around 25,000 IPs have been monitored, in which the following have been located:
9 IPs with self-signed certificates or from an unrecognized CA
112 IPs with expired certificates
1111 IP with a weak encryption algorithm
These findings may have a direct reflection on the customer's LEET Security rating, by failing to comply with one of the controls of "Domain 9: Network Controls": "Maintaining confidentiality on public networks", applicable from the B rating.
These data indicate the great importance that our clients give to security because, in the majority of cases (95%), we have found that confidential information is correctly protected in open transmissions.
This monitoring system, which combines specific campaigns and periodic digital monitoring, extends the usefulness of the rating to discover one's own strengths and weaknesses, which is the first step for effective protection.
For this reason, the LEET Security rating is the most exhaustive, rigorous and reliable method to determine the level of cybersecurity of a service of any type of organization.
Suscribe to our newsletter here
You can follow us on twitter.com/leet_security