PKI Spotlight - Realtime PKI Monitoring and Alerting

See the Unseen

PKI Spotlight is a revolutionary new cybersecurity monitoring software that gives organizations confidence in their identity and encryption systems.

Overcoming the major challenges of maintaining a Public Key Infrastructure (PKI) with real-time monitoring and alerting of the availability, configuration, and security of all your PKI and HSM environments - consolidated, and at your fingertips.


“Our penetration testers noted that this is the first time they have ever done a pen test and not found any vulnerabilities in the PKI. PKI Spotlight has been instrumental in making that possible.

-Manager of Cloud Services

International Law Firm

“Our penetration testers noted that it is the first time that they have done a pen test on an organization and not found any vulnerabilities in their PKI. PKI Spotlight has been instrumental in making that possible.

- Manager of Cloud Services

PKI Spotlight helps you focus on outcomes that matter:

Operational Resilience

Improve the uptime, availability, and recoverability of your PKIs and Hardware Security Modules (HSM) environments.

Security Posture Management

Maintain the security and integrity of your PKIs with visibility into configurations that can impact identity and encryption systems.

Threat Detection

Quickly spot any abnormal activity in your PKI environments.

Best Practices & Governance

Review and refine your PKI operational and configuration practices

Why Customers Love PKI Spotlight

PKI Spotlight is unique as there is nothing in the market that focuses solely on PKI, and we were able to quickly see the value.

PKI is foundational and a cornerstone technology, and we anticipate that the dependency on PKI services will only increase over time. PKI Spotlight helps us introduce resiliency in our identity and encryption infrastructure and stay ahead of situations that can cause disruption to our business.  Now we have a centralized view of status, configurations, and events. With Notifications and alerts, all stakeholders that are dependent on the PKI will have visibility into the operational status. It also frees our team to focus on high-value tasks critical to risk reduction.”

—Senior IT Security Analyst

PKI Spotlight gives us productivity gains and peace of mind that our PKI systems are available and functional, and any service that relies on our PKI operates smoothly and securely.

Part of our strategy is to work with vendors who are top-notch in their respective areas. With PKI Solutions we get the best-in-class PKI expertise and PKI Spotlight is an important addition to our portfolio of products.

Over time we expect our reliance on the PKI environment to increase and having a product like PKI Spotlight means that we can reliably execute on initiatives that continue to improve our security posture.”

—Scott, Principal Network Engineer at Bayport Credit

Operational Resilience

Operational resilience through improved uptime, availability, and recoverability of your PKI and HSM environments

PKI Spotlight - Realtime PKI Monitoring and Alerting

Detect, prevent, respond to and recover from operational disruptions that may adversely impact your employees, customers and suppliers.

  • Display All Relevant Data

    Consolidated environment overview helps you monitor for signs of unavailability, pre-failure, and failover states.

  • Real-time Warnings

    Configurable real-time, multi-channel alerts, and notifications.

  • Certificate Authority Is-Alive Testing

    Continuous tracking of a CA's ability to sign requests via an exhaustive suite of automated checks and continuous monitoring of your ADCS CAs and HSMs.

  • Is Alive tests for Microsoft Network Device Enrollment Service (NDES)

    Scheduled and automated 15 granular health checks on NDES and associated IIS servers.

  • Certificate Revocation List (CRL) Monitoring and pre-failure CRL error detection

Security Posture Management

Maintain the security and integrity of your PKIs with visibility into configurations that can impact identity and encryption systems

PKI Spotlight - Realtime PKI Monitoring and Alerting

Pinpoint configurations issues that affect the permissions, the scope of actions allowed on systems and devices, cryptography standards, and trust levels for applications and code.

  • Certificate Revocation List (CRL)

    Automatically check and alert if CAs are configured to ignore revocation checking failures.

  • Microsoft NDES settings

    Checks for Static and no password settings, Service Principal Names (SPN) and TLS bindings for Microsoft NDES.

  • Security First

    Check configuration of Hardware Security Modules, cryptographic providers, Key Recovery Agents, and more.

  • Network Protection

    Firewall access and modification configurations.

Threat Detection

Quickly spot any abnormal activity in your PKI environments

PKI Spotlight - Realtime PKI Monitoring and Alerting

Identify and get alerted on threats against and of your PKI environments such as attempts to maliciously enroll in certificates, unauthorized changes to Certificate Authority (CA) parameters, use of protected private signing keys, and more.

  • First Alert

    Centralized view to spot unusual behaviors such as CA permission and revocation activities.

  • Illuminate

    Highlight anything out of the ordinary in Active Directory, cryptography, and policy modules

  • Rapid Notifications

    Get notified of configuration changes, PKI related service shutdowns

Best Practices and Governance

By design: review, and refine your PKI operational and configuration practices

PKI Spotlight - Realtime PKI Monitoring and Alerting

Operate all of your PKIs based on industry best practices and organizational standards

  • Security by Design

    Allow security architects and PKI admins to methodically calibrate Identity, access and encryption settings.

  • ActiveSuggest with the Best Practices Engine

    Real-time rules engine that checks against best practices to proactively recommend improvements and remediation.

  • Out of the Box Recommendations

    38 Out of The Box (OOTB) rules to continually check the status of PKI and HSM configurations and events against best practices

Give all your PKIs the attention they need and deserve.

Your Public Key Infrastructure is foundational to the Identity, Access Management and Data Security of your organization: It powers the ”s” in https, ”I” in Identity, the “A” in Access, and the “T” in Trust.

From employee logins to new devices being issued, to ATMs or Points of Sales communications, to the deployment of new microservices to trusting the executable or code that runs on servers and end devices, to ensuring secure communications between execs, suppliers, and partners, and more.

With PKI Spotlight you can focus on making sure that your stakeholders and customers can securely and without disruption get their jobs done and take care of business.

Beautiful visualizations. Dynamic notifications.

Collect and evaluate data in real-time from every component of your PKI environments. Get instant notifications when action is required.

PKI Spotlight - CA Monitoring Agent

Certificate Authority

PKI Spotlight - ADCS Monitoring Agent

Supporting Roles

PKI Spotlight - Marchitecture Diagram

Active Directory

PKI Spotlight - HSM Monitoring Agent

Hardware Security Modules

PKI Spotlight Controller

PKI Spotlight Marchitecture - Console Component

Aggregates and Evaluates Configuration Data, Events, Roles, and Certificate Data

PKI Spotlight Frontend and Alerting System


PKI Spotlight dashboard

Exploration + Filtering

PKI Spotlight dashboard

Notifications + Alerting

PKI Spotlight dashboard

Get to Know PKI Spotlight!

Schedule a demo with our PKI experts to learn how PKI Spotlight addresses the most common challenges faced by our customers. 

By the end of your call, you'll have a clear understanding of how PKI Spotlight will improve your operational resilience, security posture, threat detection, and best-practice capabilities.

Topics we will cover:

  • How the real-time aggregation engine works to process information from PKI roles such as CAs, CRL distribution points, Hardware Security Modules, and more.
  • How to set up monitoring and alerting rules so that you, your teams, and stakeholders can get notified on changes, failures, and even pre-failure states.
  • How to use config explorer to get insights into PKI configurations such as CA permissions, revocations, and crypto modules.
  • How you can use time-based filtering to keep track of trends and establish behavioral baselines.