Qualys has launched CertView, a business solution designed to help the enterprise track and manage the use of SSL/TLS security certificates.
On Monday, the cloud security firm said that CertView, an app framework linked to the Qualys Cloud Platform, will catalog and improve the visibility of any security certificates issued by certificate authorities (CAs).
Businesses often rely on SSL/TLS certificates to maintain secure communication on internal and external networks, especially with the rise of cloud computing adoption.
However, should have these certificates been issued poorly, they expire, or they have weaknesses which allow security to become compromised, enterprise players could find themselves at risk of intrusion.
In the case of CA WoSign and its subsidiary StartCom, for example, Google has decided to blacklist certificates issued by the Chinese company due to concerns that security standards have not been maintained, which in turn can create avenues for cyberattackers to eavesdrop on both consumers and businesses.
Qualys claims the new framework could not only potentially detect issues with insecure or vulnerable certificates, but can “prevent downtime and outages, audit and compliance failures, and mitigate risks associated with any expired and/or vulnerable SSL/TLS certificates on business-critical systems.”
CertView will initially comprise of two new applications, the Certificate Inventory (CRI) and Certificate Assessment (CRA).
The CRI app is based on the discovery of certificate security issues by scanning IT assets and networks for every certificate issued by a certificate authority for issues, as well as streamlining the process by maintaining this control from a single console.
The CRA app uses automation to scan for critical issues, security weaknesses and vulnerabilities through the Qualys Cloud Platform, and should threats be detected, the software automatically sends reports to IT teams.
In addition, the app provides analytics through a dashboard which shows reports of certificate-related vulnerabilities and compliance issues, including expired certificates.
Qualys CertView will be available in beta from September this year, with general availability expected in Q4 2017. The initial release will include the CRI and CRA, and future versions will add additional features for back-end integration with application servers and workflow systems.
“Thriving in today’s business environment requires constant and secure global communication and collaboration between machines-to-machines and people,” said Philippe Courtot, Qualys CEO. “Qualys CertView delivers customers added visibility of this critical infrastructure layer as it grows, and allows them to more confidently achieve digital transformation securely — all from a ‘single pane of glass’ view, further consolidating their security and compliance stack in one unified platform and reducing costs.”
Earlier this month, Dell launched an edition of the Dell Endpoint Security Suite Enterprise suitable for air-gapped systems. While traditionally not as vulnerable to standard attack vectors, air-gapped systems can still be compromised by weak network links and insider threats.
The new security solution uses artificial intelligence and mathematical models to detect anomalies and suspicious behaviors, rather than rely on traditional antivirus signatures.