As with many security tools, the origin of certificate transparency logs can be traced back to a cyberattack. The attack that can be credited with the creation of CT logs is the 2011 attack on DigiNotar where attackers hacked a publicly trusted Certificate Authority and created SSL certificates impersonating Google, these certificates were then used for man-in-the-middle attacks against google users.
After Google responded to this attack, they realized a gap in the cyber security offered by SSL certificates. The blind trust given to the Certificate Authorities in the trusted root store program did not consider what happened if one of those Certificate Authorities was hacked. To fix this gap, Google came up with certificate transparency logs, cryptographic safe public logs where each certificate that is issued must be logged to be trusted by the browser. Now that all certificates are logged in these logs, organizations like Google can now monitor all certificates issued for their domains and make sure that they were created by their organization.
Since their creation in 2013, and their enforcement in 2018, many organizations such as the United States Department of Homeland Security recommend using certificate transparency log monitors such as EZMonitor to monitor certificate transparency logs and detect attacks before your users are affected. While such a sophisticated attack might not be your number 1 priority, these monitors usually offer other SSL monitoring features such as (view full list here):
If you want to learn more about how certificate transparency logs can help you secure your organization and prevent your next outage, watch our webinar or book a call with our Security experts and protect your organization today!