The average large enterprise can have

ONE MILLION SSH keys in their environment.

No way to know who has access to what systems
No tools to remove unused or unauthorized keys
No methods to restrict access to private keys
No visibility into user activity during SSH sessions
Manual setups + maintenance costly errors
have not established security
policies for SSH keys
51%
have suffered SSH
key-related compromises
53%
have no centralized control
over SSH keys
never change or rotate
SSH keys and they
never expire
allow administrators to
independently control
and manage SSH keys
Its time to SSHut the Door
on SSH Key Attacks.
64%
have no way to detect new keys
introduced in the organization
60%
46%
10%
of all SSH keys provide
root access
The Cost of Doing Nothing
$398MM
per incident
Trust-based attacks, such as
those targeting SSH keys, can
cost an enterprise up to
Sources:
Thats one million opportunities to steal your sensitive data
Security for the Heart of the Enterprise
www.aberdeen.com/research/9166/RR-SSH.aspx/content.aspx
www.computerworld.com/artcle/2488012/malware-vulnerabilites/poorly-managed-ssh-keys-pose-serious-risks-for-most-companies.html
www.datacenterjournal.com/it/data-centers-secure-primer-secure-shell-key-mismanagement-risks/
www.isaca.org/Educaton/Conferences/Documents/NAISRM-2013-Presentatons/244.pdf
www.securityweek.com/trust-based-atacks-against-ssh-ssl-cost-rms-big-money-report
Learn more at
www.cyberark.com/SSH
Start treating SSH keys like the privileged
credentials they truly are
H
S
S
74%
The Enterprise SSH-ituation
PROTECT PRIVILEGED ACCOUNTS
LOGIN TO REMOTE SYSTEMS
SECURE FILE TRANSFERS
SECURE COMMAND EXECUTIONS ON A REMOTE HOST
SECURE BACKUP AND COPY
TUNNEL APPLICATIONS AND NETWORK TRAFFIC
FACILITATE MACHINE-TO-MACHINE ACCESS
SSH Keys:
The Powerful, Unprotected Privileged Credentials
Though they fly under the radar, most companies use SSH keys every day to:
DEAR ATTACKERS,
STOP BY ANYTIME AND
USE MY KEYS