Automated Vulnerability Remediation. Scale Quickly and Securely.

Analyst Coverage

“Cybercriminals are known to steal SSH keys or manipulate which keys are trusted to gain access to source code and other valuable intellectual property” Read More

“Advanced threat detection provides an important layer of protection but is not a substitute for securing keys and certificates that can provide an attacker trusted status that evades detection.” Read More

"Basically, the enterprise is a sitting duck."

"PKi is under attack...Advanced and persistent adversaries go for keys" Read More

"When there are many hundreds of certificates from a variety of certificate authorities, the only ecumenical [universal], nonproprietary provider of a certificate management solution is Venafi. Other CA management systems are biased toward the particular CA by, for example, only supporting renewals from that specific CA." Read More

"No CISO could consider having tens of thousands of unknown network ports open and have no way to control them. But that’s the alarming reality today with regards the trust established by keys and certificates..." Read More

"Organizations with roughly 200 or more documented X.509 certificates in use are high-risk candidates for unplanned expiry and having certificates that have been purchased but not deployed." Read More

"Technology critical to cloud computing is in clear and present danger...attacks on Secure Shell (SSH) keys present the most alarming threat arising from failure to control trust." Read More

“Certificates can no longer be blindly trusted” Read More

“Just because something is digitally signed doesn't mean it can be trusted.”

“Enterprise awareness of attacks on keys and certificates is in its infancy; most don’t understand how to detect or respond to an attack.” Read More


Organizations rely on cryptographic keys and certificates to establish trust for countless business activities from online payments to cloud services. However, the very trust that keys and certificates establish has become a target of attack. When organizations blindly trust keys and certificates, cyber-criminals can turn compromised keys and certificates against those organizations. Worse, organizations often have limited visibility into their vulnerabilities and a limited ability to respond to breaches. Criminals can successfully steal organizations’ data while remaining undetected for months or even years. These key and certificate vulnerabilities create significant security risks that require immediate action.

Venafi TrustForce automates responses to trust-based attacks as well as remediates vulnerabilities before they cause problems. TrustForce secures and protects the entire key and certificate lifecycle, automatically remediating anomalies by replacing the vulnerable key or certificate. With automated integration across hundreds of applications, devices, services, and Certificate Authorities (CAs), TrustForce ensures the remediation process occurs seamlessly. In addition, TrustForce enables organizations to scale their cryptographic resources more quickly and securely. Its automated key and certificate operations and intelligent application-specific integration let enterprises scale to hundreds of thousands of encryption keys and certificates—more quickly and securely than before.

As part of Venafi Trust Protection Platform, TrustForce uses lightweight agent and agentless technologies to automate complex activities, including rekeying and recertification, for which manual processes might open vulnerabilities. TrustForce enforces enterprise certificate whitelists to eliminate unnecessary risk from digital certificates signed by untrusted CAs. To prevent the misuse of Secure Shell (SSH) keys in the datacenter and the cloud, TrustForce responds automatically to suspicious anomalies such as the reconfiguration of an authorized key list. By deploying TrustForce in conjunction with Venafi TrustAuthority, enterprises gain complete visibility into their cryptographic resources, detect and report on anomalies, enforce enterprise policies, automatically remediate key and certificate vulnerabilities, and integrate with multiple analytics and Security Information and Event Management (SIEM) systems

TrustForce allows organizations to:

  • Recover faster from security incidents
  • Automate vulnerability remediation
  • Scale cryptographic resources faster to meet demands for service
  • Eliminate downtime and improve operational efficiency


> What it does