Organizations rely on Secure Sockets Layer (SSL) certificates to establish trust for countless business activities. However, the very trust that certificates establish has become a source of attack. Criminals can successfully steal corporate data while remaining undetected for months or even years. These certificate-based vulnerabilities lead to significant security risks that require immediate action. Venafi TrustForce, part of Venafi Trust Protection Platform, automates responses to trust-based attacks as well as remediates SSL certificate vulnerabilities before they cause problems. TrustForce secures and protects the entire key and certificate lifecycle, automatically remediating anomalies by replacing the vulnerable key or certificate. With automated integration across hundreds of applications, devices, services, and Certificate Authorities (CAs), TrustForce ensures the remediation process occurs seamlessly. In addition, TrustForce enables organizations to scale their cryptographic resources more quickly and securely. Its automated key and certificate operations and intelligent application-specific integration let enterprises scale to hundreds of thousands of encryption keys and certificates—more quickly and securely than before.
- Recover faster from security incidents
- Automate vulnerability remediation
- Scale cryptographic resources faster to meet demands for service
- Eliminate downtime and improve operational efficiency
What It Does
TrustForce uses lightweight agent and agentless technologies to automate complex activities, including rekeying and recertification, for which manual processes might open vulnerabilities. TrustForce establishes and enforces enterprise certificate whitelists to eliminate unnecessary risk from digital certificates signed by untrusted CAs. With TrustForce, organizations can remediate key and certificate vulnerabilities by replacing the vulnerable key or certificate automatically.
Automated Key and Certificate Enforcement
TrustForce provides powerful, fully automated key and certificate control, eliminating the vulnerabilities that can arise from error-prone manual processes—errors such as accidentally copying keys or deleting certificates. TrustForce enables systems administrators to easily and quickly replace compromised keys and certificates and respond rapidly to a breach. TrustForce enables organizations to scale new encryption-dependent applications quickly by rapidly deploying keys and certificates to them.
Automated Key and Certificate Remediation
TrustForce enables lights-out automation with full, end-to-end provisioning and lifecycle control of complex, load-balanced encryption environments. It also provides root certificate automation. Systems administrators can automate a wide variety of provisioning processes, including key generation, certificate signing request (CSR) generation, CSR submission, CA approval, issued certificate retrieval, certificate installation, private key backup, and certificate renewal.
Fully Automated Workflows and Tracking
With TrustForce, system administrators can define automated workflows to remediate key and certificate vulnerabilities. TrustForce applies granular workflow processes at every stage of the certificate lifecycle and enforces reviews and approvals for critical security operations. Through automated workflows and application programming interface (API) integration with third-party enterprise workflow systems, TrustForce establishes a separation of duties among administrators while furnishing a full audit log of all important events and operations. Support for Multiple CAs, Applications, and Platforms TrustForce integrates directly with leading industry applications and CAs, ensuring seamless, automated certificate requests, installations, enrollments, renewals, and validations.
Why It’s Important
TrustForce helps organizations automatically respond to and remediate certificate anomalies so that errors and oversights don’t become vulnerabilities that can be exploited by key and certificate-based attacks. TrustForce delivers powerful, automated security and enables organizations to securely scale their cryptographic resources to meet elastic demands for services.
Recover Faster from Security Incidents
According to the Ponemon Institute 2013 Cost of Cyber Crime Study: United States, the average time to respond to a cyber attack is 32 days. And once organizations respond, most take weeks or months to rotate keys and certificates manually. When a company invests in TrustForce, it seamlessly replaces compromised CA certificates across the entire network in minutes rather than days.
Automated Vulnerability Remediation
With full certificate lifecycle control, TrustForce provides clear insight into any key and certificate across the entire enterprise. Robust policy enforcement ensures that systems administrators configure keys and certificates according to secure standards.
Scale Faster to Meet Elastic Demands for Services
As the demands for your services grow, you expect your corporate infrastructure and network to grow and scale just as fast. But the need to laboriously deploy keys and certificates to secure network resources can slow growth. TrustForce removes that roadblock. For example, organizations that have adopted Infrastructure-as-a-Service (IaaS) or other cloud services can rapidly migrate and provision thousands of certificates, ensuring services comply with security standards as they scale up and down.
How It Works
Establish and Enforce Certificate Whitelists
TrustForce enables organizations to identify and report on root certificates in use and update CAs that are trusted by relying parties within the enterprise. With TrustForce, organizations can generate reports of all root certificates, identify them as trusted or untrusted, and immediately remediate untrusted CAs. TrustForce quickly identifies CAs that should not be trusted on mission-critical systems and ensures whitelisted certificates are included in trust stores and blacklisted certificates are excluded. Organizations can then prevent attacks that leverage certificates from blacklisted CAs.
Automatically Replace Vulnerable Keys and Certificates
TrustForce provides powerful automation with full, end-to-end provisioning and lifecycle control of complex, load-balanced encryption environments. Systems administrators can automate a wide variety of manual processes, including key and CSR generation, CSR submission, CA approval, issued certificate retrieval, certificate installation, private key backup, and certificate renewal.