Security Terminology

Mistyped email addresses aimed at the US military frequently are sent to email addresses in Mali instead, to the tune of hundreds of thousands per year.

Certificates are digitally signed documents that enable secure digital communication and authentication. Explore public vs. private certificate roles.

A recent outage in Microsoft Sharepoint was caused by an error in certificate installation. We explain what happened and the lessons to be learned.

Certificate Authorities (CAs) are trusted entities that issue SSL/TLS certificates for secure communication. Explore their role in securing online data.

The UK is attempting to build secret back doors into end-to-end encrypted services. Apple shot back by threatening to remove services from the UK.

Digital certificates ensure secure, encrypted connections between devices, websites and applications. Learn the certificate lifecycle and how to manage it.

In an exciting development for the world of cybersecurity, Sectigo, a global leader in automated Certificate Lifecycle Management (CLM) and digital certificates, has joined hands with Multipoint Group, a leading distributor of IT cyber solutions. This strategic partnership is set to fortify digital security solutions for businesses across the globe, empowering them to take a proactive stance against cyber risks and safeguard their invaluable digital assets.

The collaboration between Sectigo and Multipoint Group is a dynamic response to the ever-evolving threat landscape, where cyber adversaries are constantly devising new ways to exploit vulnerabilities. Together, these two powerhouses are committed to providing businesses with a comprehensive suite of cybersecurity solutions that are not only robust and scalable but also capable of nurturing a safe digital environment, fostering the much-needed digital trust.

Sectigo brings its wealth of expertise in automation, certificate lifecycle management, and public/private digital certificates to the table. With a stellar track record of establishing digital trust for businesses worldwide, Sectigo's top-tier CLM platform automates the lifecycle management of all digital certificates. This approach is instrumental in securing digital identities, devices, and transactions, painting a promising picture of enhanced security for the digital realm.

The crux of this partnership lies in its ability to foster innovation on an ongoing basis. Sectigo and Multipoint Group are geared to stay ahead of emerging threats, crafting security solutions that not only adapt to the ever-evolving digital landscapes but also lay a solid foundation of digital trust. This mutual commitment to innovation is poised to provide a powerful shield against the relentless wave of cyber threats.

What's more, Multipoint Group has exciting news to share: the company is all set to make its presence felt at GITEX DUBAI, one of the Middle East's premier technology conferences, scheduled for October 2023. During this event, Multipoint Group will shine a spotlight on its groundbreaking cybersecurity solutions and showcase its collaborative endeavors with Sectigo in tackling global digital security challenges head-on. Visitors to GITEX Dubai can expect to get an up-close look at Sectigo's innovative solutions designed to counter evolving cyber threats.

Jennifer Binet, Senior Vice President of Enterprise Sales at Sectigo, expressed her enthusiasm about this partnership, stating, "We are thrilled to join forces with Multipoint Group and offer businesses a comprehensive approach to cybersecurity. As the usage of digital certificates continues to surge among enterprises, the necessity for a robust and automated certificate lifecycle management solution has never been more pronounced. Our collaboration with Multipoint Group allows us to combine Sectigo's state-of-the-art management platform with Multipoint's advanced cybersecurity distribution services."

Echoing this sentiment, Ricardo Resnik, CEO of Multipoint Group, emphasized, "Our partnership with Sectigo signifies a significant stride forward in our mission to provide cutting-edge cybersecurity solutions. Together, we are empowering businesses to take proactive steps in risk mitigation and securing their digital assets, thus allowing them to channel their energy into fostering growth and innovation."

In essence, the Sectigo and Multipoint Group alliance sets the stage for a new era of enhanced digital security solutions. Their shared commitment to innovation, comprehensive protection, and fostering digital trust holds the promise of a safer and more resilient digital landscape for businesses worldwide. As cyber threats continue to evolve, the collaboration stands strong as a beacon of cybersecurity excellence. Stay tuned for further updates on this dynamic partnership, and be sure to catch the Multipoint Group's compelling showcase at GITEX DUBAI 2023!

In this follow up to our episode 320, we explain Microsoft's mitigation and new understanding that shows its impact to be broader than originally thought.

Sectigo and Multipoint Group, have announced a strategic partnership aimed at strengthening digital security solutions for businesses worldwide

Together, we will empower businesses to proactively mitigate risks and secure their digital assets, enabling them to focus on driving growth and innovation” - Sectigo, a global leader in automated Certificate Lifecycle Management (CLM), and digital certificates, and Multipoint Group, a leading distributer of IT cyber solutions, have announced a strategic partnership aimed at strengthening digital security solutions for businesses worldwide. The collaboration brings together the expertise and capabilities of both organizations to deliver enhanced protection against cyber threats to foster a safer digital environment.

The partnership between Sectigo and Multipoint Group aims to address the growing challenges posed by the ever-evolving threat landscape, where cybercriminals constantly seek new ways to exploit vulnerabilities. Together, Sectigo and Multipoint Group will provide businesses with robust, scalable, and comprehensive cybersecurity solutions to secure their critical assets and digital infrastructure while establishing digital trust.

Sectigo brings its deep expertise in automation, CA agnostic certificate lifecycle management, and public and private digital certificates to the partnership. With a proven track record of establishing digital trust to businesses around the world, Sectigo’s best-in-class CLM platform automates the lifecycles of all digital certificates, securing digital identities, devices, and transactions.

The partnership will foster continuous innovation, enabling both companies to stay ahead of emerging threats and deliver future-proof security solutions that adapt to evolving digital landscapes, and achieve a strong foundation of digital trust.

Furthermore, Multipoint Group is pleased to announce its participation in GITEX DUBAI with Sectigo. GITEX is one of the largest technology conferences in the Middle East, taking place in October 2023. During the event, Multipoint Group will highlight its innovative cybersecurity solutions and demonstrate its collaborative efforts with Sectigo in addressing the digital security challenges faced by businesses around the globe. At GITEX Dubai, visitors can learn more about Sectigo and observe firsthand the innovative solution designed to protect against evolving cyber threats.

Commenting on the partnership, Jennifer Binet, Senior Vice President, Enterprise Sales, Sectigo, said, "We are excited to partner with Multipoint Group to offer businesses a holistic approach to cybersecurity. As the number of digital certificates used by the average enterprise continues to grow, the need for a robust and automated certificate lifecycle management solution has never been more pressing. We’re thrilled to be able to formalize our partnership with Multipoint by combining Sectigo's best-in-class management platform with Multipoint Group's advanced cybersecurity distributer services.”

Ricardo Resnik, CEO of Multipoint Group, added, "Our partnership with Sectigo represents a significant step forward in our mission to deliver cutting-edge cybersecurity solutions. Together, we will empower businesses to proactively mitigate risks and secure their digital assets, enabling them to focus on driving growth and innovation."

About Sectigo

Sectigo is a leading provider of automated Certificate Lifecycle Management (CLM) solutions and digital certificates - trusted by the world’s largest brands. Its cloud-based, CA agnostic CLM platform issues and manages the lifecycles of digital certificates issued by Sectigo and other Certificate Authorities (CAs) to secure every human and machine identity across the enterprise. With over 20 years establishing digital trust, Sectigo is one of the longest-standing and largest CAs with more than 700,000 customers.
For more information, visit www.sectigo.com

About Multipoint Group

Multipoint Group, a leading distributor of cyber security solutions, provides reliable and innovative solutions that enable businesses to operate securely and efficiently. Providing cutting-edge technologies and IT cyber solutions, the company helps its customers maintain a competitive edge in today's dynamic business environment.
Multipoint Group has established a strong international presence with offices in Greece, Cyprus, the United Arab Emirates, Romania, Poland, Singapore, and Turkey.
The Multipoint Group has successfully distributed various cyber companies worldwide since its establishment in 2009, under the leadership of Ricardo Resnik, CEO of Multipoint Group.

For more information, visit https://multipoint-group.com/

Automation plays a crucial role in ensuring the smooth implementation of the 90-day TLS protocol. Find out more in this 90-day TLS infographic.

In July famous security researcher Kevin Mitnick passed away. We briefly pay tribute to Kevin and talk about his contributions to white hat hacking.

Establishing trust online is a crucial component of collaboration in the digital age. From using a third-party vendor to shopping online to communicating via email, companies and individuals rely on this trust to do business. How can they know they are communicating with the right person and not an actor behind a phishing scheme?

A certificate authority (CA) plays a vital role in making this happen. CAs follow strict industry standards, verify identities, and issue digital certificates. Here is your guide to what a CA is, why it matters, and the different types of CAs available today.

What Is a Certificate Authority (CA)?

Certificates ensure a system is who they say they are, but the system must also be assured that the certificate itself is genuine. This is where trusted third parties come into play. Certificate authorities are independent bodies that issue and vouch for certificates.

As a vital component of the public key infrastructure (PKI), CAs create digital certificates that cryptographically link public keys with the owners’ identities. The CA is responsible for validating the identity of the entity associated with a given public key and issuing the digital certificates that attest to this identity. The CA follows specific protocols to verify the requester's identity before issuing the certificate. This protocol involves checking official documentation or performing a background check.

CAs also have mechanisms for revoking certificates. Revocation happens when a key associated with a certificate is compromised or if the entity that was issued a certificate no longer exists.

Importance of Certificate Authorities

CAs play a crucial role in ensuring internet security. Certificates can secure digital signatures and establish secure network connections via protocols such as HTTPS. 

Here are some of the top reasons why CAs are critical in the digital world:

• Establishing trust. CAs provide the foundation of trust on the internet. For example, when users connect to a website, their browser trusts the website if it has a valid certificate issued by a trusted CA. Without this mechanism, it’s hard to establish trust between two parties that have never interacted.

• Verifying identity. Certificate issuance requires verifying the requester’s identity. This ensures that the entity requesting a certificate is who it claims to be.
• Preventing data theft. Secure connections established using certificates help prevent unauthorized data access. When data is sent over a secure connection, encryption makes it unreadable even if bad actors successfully intercept it.
• Protecting against scams. CAs help protect users against phishing attacks and other scams. When users navigate websites, they can be confident the site is legitimate and is not a malicious imitation built to steal personal information if it has a valid certificate.
• Revoking certificates. If a certificate is issued incorrectly or the private key is compromised, the CA can revoke the certificate and prevent further use.

The Different Types of Certificate Authorities

Each type of CA and the certificates they issue offer pros and cons. Organizations need to consider which is best depending on their goals, industry regulations, and the level of trust required. 

Below, we separated the types of CAs based on function, authority, products, and hierarchy to more clearly explain the advantages and drawbacks of each type of certificate.

Types by Function

• Domain validated (DV) CAs. DV certificates are simpler and require less rigorous checking. DV CAs issue certificates after validating only the ownership or control over the domain for the requested certificate. DV certificates are usually cheaper and easier to obtain but provide lower trust because they don’t include the identity of the organization that owns the domain.
• Organization validated (OV) CAs. OV CAs go a step beyond DV CAs by verifying organizational details such as name, legal existence, and physical location in addition to domain ownership. OV certificates offer a higher level of trust than DV certificates because they associate the domain with a specific organization. However, they are more expensive and take longer to issue.

• Self-signed CAs. A self-signed certificate is not issued by a recognized CA. Instead, the entity that will be using it generates and signs it, which means there is no external verification of the certificate information. As a result, self-signed certificates are typically not trusted by web browsers or other software, and they generate a warning when users encounter them. While they are useful in testing or internal use cases, they’re not suitable for secure public internet communications.
• Extended validation (EV) CAs. EV certificates require the most stringent verification process. In addition to verifying domain ownership and organizational details, the EV CA verifies the organization's physical and operational existence, the requester’s identity and authority, and the organization’s policy and procedures for requesting an EV certificate. EV certificates have the highest level of trust and are often used by enterprises and financial institutions. While they are the most expensive and time-consuming to obtain, they are valuable for entities that want to establish the highest level of trust with their users.

Types by Authority

• Public CAs. Public CAs, also called root CAs, issue digital certificates for public-facing software and servers, which are used for secure communication on the internet. Public CAs are trusted by browser and operating system vendors, and their root certificates are embedded in web browsers and operating systems. They follow stringent protocols and regulations to verify the entity identity, depending on the type of certificate requested.
• Private/internal CAs. Private or internal CAs are used within an organization to issue certificates for internal use. They are typically not trusted outside the organization.

Types by Product

• Government CAs. Government agencies usually establish government CAs to issue certificates for government entities and, in some cases, citizens and businesses within a country. They often adhere to strict identity validation procedures and policies mandated by relevant government regulations. One example is the U.S. Federal Public Key Infrastructure (FPKI).
• Commercial CAs. Commercial CAs offer certificate services to the public. They provide a variety of certificate types, including DV, OV, and EV certificates, to secure websites, enable secure email communication, authenticate users, and more. Commercial CAs like Sectigo offer robust customer support, various wildcard and multi-domain certificates, and a longer certificate lifespan.
• Open-source CAs. Open-source CAs provide certificates using open-source software and principles. Often, their basic services are free to use, and their underlying software is open-source, which the public can inspect and contribute to. The most notable example is Let’s Encrypt, a nonprofit CA run by the Internet Security Research Group. However, they only offer DV certificates, which have a lower level of trust and typically have a shorter lifespan.

Hierarchy CAs

• Issuing CAs. The authenticity of issuing CAs isn’t directly recognized by an operating system but is instead validated by an intermediate CA. Any certificate provided by issuing CAs is deemed reliable if the intermediate CA can successfully authenticate it.
• Intermediate CAs. Intermediate CAs sit between the root (or public) CA and the issuing CA in a hierarchical PKI. They are issued a certificate by the root CA, and they can then use that certificate to issue certificates to intermediate CAs or end entities directly.

Establishing Trust in the Digital World

Certificate authorities play a fundamental role in establishing the security and integrity of digital communications. They help validate identities, issue digital certificates, and build trust among users and entities. CAs also offer different types of certificates to meet organizational needs and circumstances.

If you need a robust, proven certificate authority to secure your website, authenticate users, and facilitate secure email communications, Sectigo can help. As one of the world’s largest commercial CA, Sectigo offers a variety of certificate types to fit your needs, backed by comprehensive customer support. 

Contact Sectigo today and explore our suite of digital certificate solutions.