Easily Track Expiring Certificates in Cognito Recall

August 20, 2020
Gearóid Ó Fearghaíl
Product Manager
Easily Track Expiring Certificates in Cognito Recall

We’ve all been there. A support ticket pops up asking if your site has been hacked, with a confused customer worrying about the legitimacy of your site, and unwilling to sign up or make purchases. And who can blame them? Their browser warns that your website is unsafe and to get “Back to safety.”

Then there’s a mad rush to figure out who’s in charge of certificates, who updates them, and respond to concerned customers. And you can only respond to a small percentage of customers who actually contacted you. You have no idea how many sales you just lost.

And that’s only the external-facing certificates. Certificates are also widely used for identity and authentication management between many internal services and devices. If they expire you have to figure out who manages the system in question, and they in turn will have to figure out how to request and install a new certificate. Some companies have had to perform full product recalls due to an expired certificate. All of which cause disruption and outages. This is a horribly stressful way of trying to operate and completely avoidable if you have an easy way to track active certificates and their expirations.

Back in December 2018, the Telefonica group’s UK cellular operator O2 and its virtual network operators’ customers all experienced an extended service outage impacting 32 million subscribers because of certificate expiration in some of O2’s service network equipment from telecommunications infrastructure vendor Ericsson. A privacy report of 2,400 businesses by Ponemon Sullivan found that an expired certificate outage costs an average of $11 million in business, and there is a 30% chance of one occurring to a business over the next two years.

The Cognito platform tracks all valid certificates by extracting metadata from all network traffic and enriching it with security insights and context about incident detection and response. This metadata is sent to the Recall investigative workbench for analysis. To make your life easier, we put together a dashboard in Recall that shows you certificates in your network that are actively in use, those that are about to expire and ones that have already expired. The good news is you won’t ever need to worry about old certificates that no one is accessing—only the key certificates that are used daily.

Expiring certificates in the Recall dashboard
Expiring certificate in the Recall dashboard

This will enable you to deliver tangible value to system administrators and service owners by alerting them if widely-used key certificates in your organization will expire soon and helping to prevent easily-avoidable outages.

To see this in action, and to get a closer look at how Recall can find attacker tools and exploits, schedule a demo with Vectra today.