Automated Vulnerability Remediation. Scale Quickly and Securely.

Analyst Coverage

“Cybercriminals are known to steal SSH keys or manipulate which keys are trusted to gain access to source code and other valuable intellectual property” Read More

“Advanced threat detection provides an important layer of protection but is not a substitute for securing keys and certificates that can provide an attacker trusted status that evades detection.” Read More

"Basically, the enterprise is a sitting duck."

"PKi is under attack...Advanced and persistent adversaries go for keys" Read More

"When there are many hundreds of certificates from a variety of certificate authorities, the only ecumenical [universal], nonproprietary provider of a certificate management solution is Venafi. Other CA management systems are biased toward the particular CA by, for example, only supporting renewals from that specific CA." Read More

"No CISO could consider having tens of thousands of unknown network ports open and have no way to control them. But that’s the alarming reality today with regards the trust established by keys and certificates..." Read More

"Organizations with roughly 200 or more documented X.509 certificates in use are high-risk candidates for unplanned expiry and having certificates that have been purchased but not deployed." Read More

"Technology critical to cloud computing is in clear and present danger...attacks on Secure Shell (SSH) keys present the most alarming threat arising from failure to control trust." Read More

“Certificates can no longer be blindly trusted” Read More

“Just because something is digitally signed doesn't mean it can be trusted.”

“Enterprise awareness of attacks on keys and certificates is in its infancy; most don’t understand how to detect or respond to an attack.” Read More

TrustForce SSL

Organizations rely on Secure Sockets Layer (SSL) certificates to establish trust for countless business activities. However, the very trust that certificates establish has become a source of attack. Criminals can successfully steal corporate data while remaining undetected for months or even years. These certificate-based vulnerabilities lead to significant security risks that require immediate action. Venafi TrustForce, part of Venafi Trust Protection Platform, automates responses to trust-based attacks as well as remediates SSL certificate vulnerabilities before they cause problems. TrustForce secures and protects the entire key and certificate lifecycle, automatically remediating anomalies by replacing the vulnerable key or certificate. With automated integration across hundreds of applications, devices, services, and Certificate Authorities (CAs), TrustForce ensures the remediation process occurs seamlessly. In addition, TrustForce enables organizations to scale their cryptographic resources more quickly and securely. Its automated key and certificate operations and intelligent application-specific integration let enterprises scale to hundreds of thousands of encryption keys and certificates—more quickly and securely than before.

  • Recover faster from security incidents
  • Automate vulnerability remediation
  • Scale cryptographic resources faster to meet demands for service
  • Eliminate downtime and improve operational efficiency

What It Does

TrustForce uses lightweight agent and agentless technologies to automate complex activities, including rekeying and recertification, for which manual processes might open vulnerabilities. TrustForce establishes and enforces enterprise certificate whitelists to eliminate unnecessary risk from digital certificates signed by untrusted CAs. With TrustForce, organizations can remediate key and certificate vulnerabilities by replacing the vulnerable key or certificate automatically.

Automated Key and Certificate Enforcement

TrustForce provides powerful, fully automated key and certificate control, eliminating the vulnerabilities that can arise from error-prone manual processes—errors such as accidentally copying keys or deleting certificates. TrustForce enables systems administrators to easily and quickly replace compromised keys and certificates and respond rapidly to a breach. TrustForce enables organizations to scale new encryption-dependent applications quickly by rapidly deploying keys and certificates to them.

Automated Key and Certificate Remediation

TrustForce enables lights-out automation with full, end-to-end provisioning and lifecycle control of complex, load-balanced encryption environments. It also provides root certificate automation. Systems administrators can automate a wide variety of provisioning processes, including key generation, certificate signing request (CSR) generation, CSR submission, CA approval, issued certificate retrieval, certificate installation, private key backup, and certificate renewal.

Fully Automated Workflows and Tracking

With TrustForce, system administrators can define automated workflows to remediate key and certificate vulnerabilities. TrustForce applies granular workflow processes at every stage of the certificate lifecycle and enforces reviews and approvals for critical security operations. Through automated workflows and application programming interface (API) integration with third-party enterprise workflow systems, TrustForce establishes a separation of duties among administrators while furnishing a full audit log of all important events and operations. Support for Multiple CAs, Applications, and Platforms TrustForce integrates directly with leading industry applications and CAs, ensuring seamless, automated certificate requests, installations, enrollments, renewals, and validations.

Why It’s Important

TrustForce helps organizations automatically respond to and remediate certificate anomalies so that errors and oversights don’t become vulnerabilities that can be exploited by key and certificate-based attacks. TrustForce delivers powerful, automated security and enables organizations to securely scale their cryptographic resources to meet elastic demands for services.

Recover Faster from Security Incidents

According to the Ponemon Institute 2013 Cost of Cyber Crime Study: United States, the average time to respond to a cyber attack is 32 days. And once organizations respond, most take weeks or months to rotate keys and certificates manually. When a company invests in TrustForce, it seamlessly replaces compromised CA certificates across the entire network in minutes rather than days.

Automated Vulnerability Remediation

With full certificate lifecycle control, TrustForce provides clear insight into any key and certificate across the entire enterprise. Robust policy enforcement ensures that systems administrators configure keys and certificates according to secure standards.

Scale Faster to Meet Elastic Demands for Services

As the demands for your services grow, you expect your corporate infrastructure and network to grow and scale just as fast. But the need to laboriously deploy keys and certificates to secure network resources can slow growth. TrustForce removes that roadblock. For example, organizations that have adopted Infrastructure-as-a-Service (IaaS) or other cloud services can rapidly migrate and provision thousands of certificates, ensuring services comply with security standards as they scale up and down.

How It Works

Establish and Enforce Certificate Whitelists

TrustForce enables organizations to identify and report on root certificates in use and update CAs that are trusted by relying parties within the enterprise. With TrustForce, organizations can generate reports of all root certificates, identify them as trusted or untrusted, and immediately remediate untrusted CAs. TrustForce quickly identifies CAs that should not be trusted on mission-critical systems and ensures whitelisted certificates are included in trust stores and blacklisted certificates are excluded. Organizations can then prevent attacks that leverage certificates from blacklisted CAs.

Automatically Replace Vulnerable Keys and Certificates

TrustForce provides powerful automation with full, end-to-end provisioning and lifecycle control of complex, load-balanced encryption environments. Systems administrators can automate a wide variety of manual processes, including key and CSR generation, CSR submission, CA approval, issued certificate retrieval, certificate installation, private key backup, and certificate renewal.

The Immune System for the Internet