Cert'n Key - Discover! Trust!
Compliance, Trustmanagement, Company Security and X.509 Certificates
How does your X.509 Certificate landscape look like now?
Are you facing with unmanaged risks?
Are all your web server certificates up to date and valid?
Are all your communication certificates up to date and valid?
Are all your code signing certificates up to date and valid?
Which one will retire when?
Do you have enough time for exchange?
Which certificates are weak and need to be renewed?
Are all SIEM systems synchronised with your valid certificate landscape?
I will like to exchange all Apache certificates which expires in the net 30 days tomorrow. How many systems are affected?
I would like to remove a specific country from my trusted certificate list, how many programs and computers are affected?
How long do you need to answer all this questions?
With Cert'n Key it is just one mouse-click away!
What is Cert'n Key?
What benefits came along with Cert'n Key?
For non technicians:
Computer (X.509) certificates and keys are the equivalent to your physical keys to your building or cars together with a personal id card. Every person who got them is able to entry every area and use/misuse them. You should be able to decide who is allowed to enter through your door.
How do you handle your real keys?
Do you hand over them to everybody on the street and allow everybody inside your company to duplicate and use them without investigating who´s this person in reality? hopefully not. But companies without Cert'n Key work at this risk level, even if the use many other Security tools. This is a up to now a unattended risk in your company.
Also do you like this within your Computers? In which your research and development is performed or your accounting will be done?
We don´t think so and we help you to care about this with Cert'n Key.
Since certificates regulating the trusts of computers, some implications arise.
The dangers consist in vivid ways and handles about the exploitation of this trust relationships (e.g. Heartbleed, flame, even security companies like DigiNotar, RSA). The uncontrolled expiration of a certificate can disrupt the function within the company such as web pages and services are no longer available.
The uncontrolled use of certificates inside companies support the misuse of Computer / Server / devices (like printers) for several tasks: sending data from your company to the interested other; remote access, remote installation of anything.....
Despite the dangers, the enterprise-wide management of certificates is still the exception. The leaks inside computer Systems makes it necessary to exchange certificates as quick as possible. The last know bug in OpenSSL (Heartbleed) shows how easy software bugs can be expoited and secret informations are shared (your private keys). Usually only portions are controlled and most is unknown.
Here we apply. We offer the complete audit suite to identify your certificates in your network for the first time.
First time you are enabled to manage holistic and in accurance to compliance rules, to carry out your risk management policies (e.g. SOX, ISO 27.00x) and assess the risks to your business.
Also Cert'n Key automates manual and costly activities such as managing (find, control, evaluate and change) certificates. Typically 4 h/a are estimated per managed certificate, thus pays Cert'n Key in a short period. In addition, you gain a considerable progress in your enterprise security and compliance.
Do you think your compliance and security is worth 14€ per client per year (about 20$) or 5 € per scan?
(Pricelist 2014, company rebate, with up to 100k Clients)
This makes about 1.25 ct per audited certificate.
Some further thoughts:
Only with the full knowledge of the trust relationships in your network you are able to decide holistic the risks you are faced. Each not noticed trust may jeopardise the security and compliance, because unknown risks in the company exists. Cert'n Key helps you to protect yourself within your audits (internal/external) to turn off this situation .
Can you answer the following questions with a push of a button?
When and which certificate expires in your network (and how much is the exchange in time, money)?
How many certificates do you have as a whole and in average per client/server?
What trust relations supports your company and is it verified?
Have you identified all IT risks and are you in compliance?
Cert'n Key users does.
So far we have encountered yet no company with the right number of found certificates. After a scan, the numbers were always adapted. Each certificate not found (and managed) can represent a risk for your company. Test Cert'n Key today. All results remain in your company and you are always master of the procedure.
What impact have certificate problems?
- server no longer accessible (offline server)
- loss of connections
- applications will not work
- automated background software installation
- such as flame-virus (MS update service), Heartbleed, OpenSSL- Bug
- Expand of (user-)rights after a successful social engineering attack
- automatic redirection
e.g. Opera hack, French Google certificate (Dec 2013!)
- e.g. NASA hack with users, email data etc. for advanced social engineering, Heartbleed
A scientific study 2014 with 48 million SSL certificates researchers identified that every third editor has never issued a single HTTPS certificate. This sleeper-CAs are considerable security risks, which you could easily mitigate.
This is only an excerpt from real cases. We offer to provide a link collection with background information.