Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Secure Websites Are Now the Norm: Is Yours Trusted?

Trust is difficult to quantify. While it is a word we are all familiar with and use practically every day, the internet provides many challenges for those of us looking to trust where we can disclose our personal information and fully understand with whom we are communicating to give that trust. Welcome to the world of certificate authorities (CAs) and internet browsers.

Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Edge are the most well-known browsers we use to make purchases, view health records, pay taxes and so much more. What many users do not know is there is a system in place in which browsers trust CAs and include them in their products. This enables encrypted web connections.

Perhaps you have noticed the green lock icon in the address bar while surfing the internet. This is possible because a CA has issued a certificate to the entity controlling the website and that CA is trusted by the browser. Some degree of technical magic takes place behind the scenes where this trust is confirmed, and the lock is displayed.

Merchants need to secure their domain or site in order to collect sensitive data (payment card information or personally identifiable information) - and this is also required for compliance with key compliance mandates, such as the Payment Card Industry Data Security Standard or the General Data Protection Regulation.

How does a CA become trusted by a browser? Each browser maintains a root store policy that is publicly available on its respective company web pages. These policies outline the requirements a CA must complete to gain and maintain trust. Generally, an independent, third-party audit must be completed to confirm all the requirements have been met. Once the audit is complete without issues, the CA must apply to each browser's root store, per the inclusion requirements. Yearly audits continue to maintain trust. From the start of the process as a new CA until ultimately being added to the browser root store can take years. Trust is not easily attained. It is, however, quickly lost without diligence.

The importance of digital certificates continues to grow, as Google helps lead the push for a fully encrypted internet. Beginning this summer, the Google Chrome browser will show websites without certificates to be "Not Secure" in the address bar. If you have a website, be sure to get a digital certificate to avoid it displaying this message and likely losing trust from your users.

CAs must maintain trust with other parties as well. A community of security researchers and interested parties regularly discuss CA activities. And there are public discussion groups which address topics such as mis-issued certs, policy updates and best practices. The Mozilla Dev Security Policy group is a notable example. Through policies, browser manufacturers require that CAs follow these discussions to maintain trust. They are also required to report issues and confer about remediation steps/schedules for issues that have been identified.

The Trustwave CA story is one with a long history. It has been a trusted CA for more than 10 years. Trustwave is Webtrust audited every year. It is a founding member of the Certificate Authority/Browser (CA/B) Forum and is an active participant in industry best practice discussions.

Learn more about Trustwave digital certificates.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More