Assessor enables enterprises to quantify their SSL certificate and key populations and qualify associated security, operational and compliance risks—at no cost
Venafi, the inventor of and leader in enterprise key and certificate management (EKCM) solutions, today announced the availability of Venafi Assessor™. Assessor is a downloadable, easy-to-install and cost-free software solution that scans an organization’s network to locate and analyze deployed digital certificates and the associated encryption keys. Assessor produces a series of reports that detail the security, operational and compliance risks derived from the data it collects. Additionally, Assessor provides remediation recommendations based on industry best practices and the aggregate experience of Venafi customers.
Organizations protect critical and often regulated information with certificates and keys, yet 70 percent of companies surveyed have inaccurate or incomplete data about their growing encryption populations. A recent Venafi study found that organizations performing basic inventory assessments often discover three to five times more Secure Socket Layer (SSL) certificates than they expected to find on their network. As a result of these unknown and therefore unmanaged certificates, these organizations are vulnerable to unplanned outages, security compromises and failed audits.
Leading IT research and analyst firm Gartner, Inc. recently indicated that organizations with roughly 200 or more X.509 certificates are high-risk candidates for costly unplanned downtime and brand damage. In the X.509 Certificate Management: Avoiding Downtime and Brand Damage report, published Nov. 4 2011, Gartner analysts Eric Ouellet and Vic Wheatman write, “Organizations are often unaware of the scope or the validity status of their X.509 certificate and key deployments until it is too late. Organizations need to establish formalized plans and, if necessary, leverage available tools to minimize impacts.” Download the full report here.
“Having worked with many of the world’s largest companies, our experience is that enterprises have inaccurate and incomplete data about their certificate and key populations,” said Jeff Hudson, Venafi CEO. “The unquantified and unmanaged risks these security instruments pose is significant. The risks are increasing because certificates are being rapidly deployed within corporate data centers, on cloud-based systems and onto mobile devices. With Assessor, organizations can quantify the extent of their risks, turning assumptions about their certificates and keys into hard data. We are providing this capability to organizations at no cost.”