Venafi is The Immune System for the Internet® that protects the foundation of all cybersecurity—keys and certificates—so they can’t be misused by bad guys in attacks. Venafi constantly assesses which keys and certificates are trusted, protects those that should be trusted, and fixes or blocks those that are not.
We hope you agree that maintaining secure communications for your organization is of paramount importance, and we are glad you sought more information on how Venafi is working to protect organizations like yours.
You have probably been directed to this page because one of your endpoints was contacted by the Venafi TrustNet global certificate reputation service we maintain to help ensure electronic communications remain secure for every organization that puts their trust in the global public key infrastructure (PKI) model. To that end, the certificate reputation service makes non-invasive HTTPS connections to every public IP address on the internet to build a global certificate repository that we make available to the public.
Note: the metadata we collect on certificates through the reputation service is public information that does not include sensitive or private data of the certificate owner.
We are providing a public certificate reputation service. The system of trust for privacy in electronic communications is based on a proven model of the effective exchange digital certificates, and we, along with our research and industry partners have seen a growing trend of criminal activity around stolen certificates to undermine this global system of trust. Because certificates are used to authenticate users, systems, and devices with each other and to encrypt communications between them, cybercriminals are getting increasingly clever at stealing them to impersonate users and devices.
Managing an updated repository of public certificates across the globe and scoring their “trustworthiness” is how we help maintain the integrity of the global system of trust we all rely on for secure communications. Our aim is to create the world’s largest public certificate repository, so organizations like yours have a resource available to help determine which credentials should be trusted and which should not.
In addition to populating our certificate reputation service with publicly-available certificates from most endpoint devices connected to the internet, we also collect certificates from publicly available resources, such as the University of Michigan, Google CT, and Project Sonar at Rapid7 Labs. This helps in achieving our objectives of establishing the most accurate and updated global repository of public certificates in use today.
You can benefit in two ways. First, you can integrate the Venafi TrustNet certificate reputation service with your own application through an API we make available to the service to query the score of your public certificates. If you are interested in a sample query, please contact us at [email protected].
You can also benefit from the service by deploying a web security appliance that uses the certificate reputation service feed to block employee access to websites created with suspicious certificates that might not be trustworthy. If you would like more information on the benefits of the Venafi TrustNet certificate reputation service, please visit us at venafi.com/products/trust-net.
We hope this information has been helpful in educating you about the importance of maintaining the global integrity of the digital certificates we all use to secure electronic communications across the internet and the certificate reputation service we maintain at Venafi. If you have additional questions or do not want your server to be included in the certificate reputation service, please contact us at [email protected].