SAN DIEGO , Sept. 26, 2023 (GLOBE NEWSWIRE) -- TrustFour, the first TLS control plane, announced today the results of its first semi-annual reports of Transport Security Layer (TLS) boundary configuration compliance for the Fortune 500. In its report titled, “State of TLS Boundary Compliance Report,” TrustFour uncovered several trends that make up the “seven deadly sins” of TLS configuration non-compliance against the National Institute of Standards and Technology (NIST) 800-52 R2 standard. NIST 800-52 R2 is the de facto configuration standard that is used by regulators to audit TLS implementation compliance in the finance, utilities, government and healthcare industries, among many others.
“TLS configuration is a mission-critical aspect of reducing the attack surface for any organization, ensuring data-in-transit data integrity and privacy. Frankly we were surprised by several of our findings, when we scanned Fortune 500’s domains and sub-domains North-South boundary against the NIST 800-52R standard,” said Robert Levine, CEO of TrustFour, Inc. “After scanning more than 115,000 domains and sub-domains, we were surprised at the number and types of vulnerabilities. The good news is that these are issues that can mainly be addressed quickly and will significantly lower the organizations’ threat profiles. We will scan the Fortune 500 twice a year and provide the public with the results.”
The Research and Findings
TrustFour’s State of TLS Boundary Compliance Report, analyzed the security and compliance of nearly 120,000 domains across Fortune 500 companies. Inspecting those domains showed a median of 56 subdomains and an average of 1.6 servers per subdomain. TrustFour’s research found 12.5% of those servers still accept connections using TLS 1.0 and 1.1. The IETF deprecated these protocol versions in March 2021, in response to significant security vulnerabilities.
NIST defines standards to guide proper implementation of TLS, including acceptable versions, ciphersuites, key lengths and handshake details. Less than 1% of all Fortune 500 servers are presently NIST compliant, exposing companies to data privacy risk, data integrity vulnerabilities, and man-in-the-middle attacks. Keep in mind, these are the most protected domains on the planet. The biggest risk factors included the use of old versions of TLS, old cipher suites, and incorrect or under configured TLS extensions designed to address known vulnerabilities.
The good news is 80% of the Fortune 500 can achieve NIST compliance with just 7 straight forward configuration changes. TrustFour offers a free service that helps organizations visualize and prioritize configuration changes and boost TLS compliance in just minutes. Simply scan your domains, generate the report, and see your domain’s compliance score at https://www.tlscompliance.com/.