Maintaining the security and integrity of your organization’s PKI environments with visibility into configurations that can impact identity and encryption systems is foundational to managing your organization’s overall security posture. In this blog post, I’m going to talk about how PKI Spotlight, our new product which is the industry’s first and only real-time PKI and HSM monitoring and alerting solution, can help you better manage your organization’s security posture.
It’s important for security professionals and IT teams to manage and control their cybersecurity posture from end-to-end to make sure that your PKI is configured and maintained in accordance with your cybersecurity needs. Security posture is one of the four key pillars of PKI Spotlight and it allows you to very quickly view and monitor this consolidated information about your organization across any of your platforms in one easy-to-use dashboard.
What is Security Posture Management for your PKI?
Security posture management can range from determining how your PKI is configured as well seeing how that configuration has changed. Using PKI Spotlight, you can look at the dashboard to monitor both online and offline agents. You can also track thousands of events happening throughout your overall PKI environment. The system automatically monitors the number of error events which may occur and alerts you so you can identify and fix the problem areas.
Some of the most important areas in your PKI that can be impacted by a security perspective have to do with your configuration of your PKI environment. There are a number of key issues that PKI Spotlight allows you to monitor within your Certificate Authority that are going to impact the security of your PKI and how secure the identity and encryption systems are operating that are relying on your PKI.
Drilling down with PKI Spotlight for visibility
As an example, using PKI Spotlight’s policy module configuration on the dashboard, you can quickly see how all of the servers are configured within the Microsoft ADCS policy module. This defines how certificate requests are followed, what rules are going to be applied, and what types attributes are allowed within a certificate request. You can quickly scroll through your organization’s server configurations and see if they are configured identically.
PKI Spotlight gives you great visibility into your policy module flags and across CAs. It also allows you to do a quick comparison of CRL flags across CAs. This is a great way for you to determine how your CAs are configured.
Drilling down, PKI Spotlight also provides a high-level of visibility into OCSP responder permissions. If you suspect that there may have been malicious activity, you can check to see if the permissions have been changed on any of the services and make sure that they are in accordance with the best practices and base standards for your organization.
You can also double-check permissions and configurations on your web enrollment And, if you’re running Hardware Security Modules (HSM) in your environment, you can monitor how those HSMs are configured as well as see what firmware is in place. Some HSMs have firmware-related vulnerabilities that need to be addressed so this is where you can determine which versions are in place to ensure that all of your organization’s HSMs are in compliance.
Active Directory is another important area that should be carefully monitored. With PKI Spotlight, you can determine which CAs in your environment are trusted for authentication regardless of whether it’s on VPN, WiFi, or Smartcards. By being able to understand which CAs are trusted, you can determine which CAs are going to be used in the environment. You can also determine is some bad actor has maliciously added a CA that is going to allow an external certificate to be used to authenticate and enter the environment. This is particularly important in the case of protecting your organization against hackers and other cyberattacks.
At the Root CA level, you will be able to easily identify trusted Root CAs and take appropriate action as needed. If someone has a malicious code signing certificate, Smartcard or other user authentication you will be able to identify that problem using PKI Solutions’ Root CA monitoring.
One of the most powerful, things that you can do within your PKI environment with PKI Spotlight is to monitor for any changes to the Directory Services Certificate template. Pinpointing changes to your certificate templates in Active Directory is a key way to identify security vulnerabilities. You can also create custom CA security subscription alerts to send an alerts the moment that anything changes with your CA permissions, OCSP permissions or CA template properties.
Notification and Alerting
As I mentioned in other blog posts, we support real-time alerting through our email notification system that we built into PKI Spotlight which enables you to set up email alerts to be sent out the moment that there is an event that is impacting the Security Posture of your PKIs or HSMs. In the future, we will be supporting common helpdesk, ITSM, SIEM, and incident management platforms directly. But for now, we create a standardized email format that can easily be parsed and consumed into the ticketing platform of your choice.
After reading this, you’re probably thinking: It’s time to check our organization’s security posture … NOW! You should also check out our latest PKI Spotlight demo about Security Posture.
Your organization’s security posture is important to monitor and we would like to help you out with that. If you request a demo of PKI Spotlight by Friday, April 15, 2022, we will provide you with a free Security Posture Assessment Snapshot Report after the demo and you will also receive promotional pricing when you purchase PKI Spotlight. You can request a demo at pkispotlight.com.