When ADCS and Non-ADCS PKI misconfigurations and vulnerabilities expose your entire enterprise and your customers data...
You need a better full time employee... You should employ PKI Spotlight 24/7. It never sleeps.
See the Unseen
PKI Spotlight is a revolutionary new cybersecurity monitoring software that gives organizations confidence in their identity and encryption systems.
Overcoming the major challenges of maintaining a Public Key Infrastructure (PKI) with real-time monitoring and alerting of the availability, configuration, and security of all your PKI and HSM environments - consolidated, and at your fingertips.
“Our penetration testers noted that this is the first time they have ever done a pen test and not found any vulnerabilities in the PKI. PKI Spotlight has been instrumental in making that possible.”
Manager of Cloud Services
Killer Features You Really Should Care About
Support For HashiCorp As a Monitored PKI
Provide the required support and best practices to developers without slowing developer velocity and compromising on enterprise security
Real-Time Detection Of PetitPotam (CVE-2021-36942) Vulnerability
PKI Spotlight automatically checks if your MS ADCS environment is vulnerable to the PetitPotam NTLM relay attack (CVE- 2021-36942) which could allow an attacker to completely take over an Active Directory Forest.
Mis-Configuration Best Practice Checks for Certificate Templates
Best Practices to prevent Malicious Users from exploiting ADCS certificates to take full control of Active Directory Forests
Why Customers Love PKI Spotlight
“PKI Spotlight is unique as there is nothing in the market that focuses solely on PKI, and we were able to quickly see the value.
PKI is foundational and a cornerstone technology, and we anticipate that the dependency on PKI services will only increase over time. PKI Spotlight helps us introduce resiliency in our identity and encryption infrastructure and stay ahead of situations that can cause disruption to our business. Now we have a centralized view of status, configurations, and events. With Notifications and alerts, all stakeholders that are dependent on the PKI will have visibility into the operational status. It also frees our team to focus on high-value tasks critical to risk reduction.”
—Senior IT Security Analyst
“PKI Spotlight gives us productivity gains and peace of mind that our PKI systems are available and functional, and any service that relies on our PKI operates smoothly and securely.
Part of our strategy is to work with vendors who are top-notch in their respective areas. With PKI Solutions we get the best-in-class PKI expertise and PKI Spotlight is an important addition to our portfolio of products.
Over time we expect our reliance on the PKI environment to increase and having a product like PKI Spotlight means that we can reliably execute on initiatives that continue to improve our security posture.”
—Scott, Principal Network Engineer at Bayport Credit
PKI Spotlight is actively maintained. We constantly have loads of really great ideas and are always hard at work putting them into code.
Operational Resilience
Operational resilience through improved uptime, availability, and recoverability of your PKI and HSM environments
Detect, prevent, respond to and recover from operational disruptions that may adversely impact your employees, customers and suppliers.
Display All Relevant Data
Consolidated environment overview helps you monitor for signs of unavailability, pre-failure, and failover states.
Real-time Warnings
Configurable real-time, multi-channel alerts, and notifications.
Is Alive tests for Microsoft Network Device Enrollment Service (NDES)
Scheduled and automated 15 granular health checks on NDES and associated IIS servers.
Certificate Revocation List (CRL) Monitoring and pre-failure CRL error detection
Security Posture Management
Maintain the security and integrity of your PKIs with visibility into configurations that can impact identity and encryption systems
Pinpoint configurations issues that affect the permissions, the scope of actions allowed on systems and devices, cryptography standards, and trust levels for applications and code.
Certificate Revocation List (CRL)
Automatically check and alert if CAs are configured to ignore revocation checking failures.
Microsoft NDES settings
Checks for Static and no password settings, Service Principal Names (SPN) and TLS bindings for Microsoft NDES.
Security First
Check configuration of Hardware Security Modules, cryptographic providers, Key Recovery Agents, and more.
Network Protection
Firewall access and modification configurations.
Threat Detection
Quickly spot any abnormal activity in your PKI environments
Identify and get alerted on threats against and of your PKI environments such as attempts to maliciously enroll in certificates, unauthorized changes to Certificate Authority (CA) parameters, use of protected private signing keys, and more.
First Alert
Centralized view to spot unusual behaviors such as CA permission and revocation activities.
Illuminate
Highlight anything out of the ordinary in Active Directory, cryptography, and policy modules
Rapid Notifications
Get notified of configuration changes, PKI related service shutdowns
Best Practices and Governance
By design: review, and refine your PKI operational and configuration practices
Operate all of your PKIs based on industry best practices and organizational standards
Security by Design
Allow security architects and PKI admins to methodically calibrate Identity, access and encryption settings.
ActiveSuggest with the Best Practices Engine
Real-time rules engine that checks against best practices to proactively recommend improvements and remediation.
Out of the Box Recommendations
38 Out of The Box (OOTB) rules to continually check the status of PKI and HSM configurations and events against best practices
Give all your PKIs the attention they need and deserve.
Your Public Key Infrastructure is foundational to the Identity, Access Management and Data Security of your organization: It powers the ”s” in https, ”I” in Identity, the “A” in Access, and the “T” in Trust.
From employee logins, to new devices being issued, to ATMs or Points of Sales communications, to deployment of new micro services to trusting the executable or code that runs on servers and end devices , to ensuring secure communications between execs, suppliers and partners, and more.
With PKI Spotlight you can focus on making sure that your stakeholders and customers can securely and without disruption get their jobs done and take care of business.
Beautiful visualizations. Dynamic notifications.
Collect and evaluate data in real-time from every component of your PKI environments. Get instant notifications when action is required.
Certificate Authority
Supporting Roles
Active Directory
Hardware Security Modules
PKI Spotlight Controller
Aggregates and Evaluates Configuration Data, Events, Roles, and Certificate Data
PKI Spotlight Frontend and Alerting System
Dashboards
Exploration + Filtering
Notifications + Alerting
Get to Know PKI Spotlight!
Schedule a demo with our PKI experts to learn how PKI Spotlight addresses the most common challenges faced by our customers.
By the end of your call, you'll have a clear understanding of how PKI Spotlight will improve your operational resilience, security posture, threat detection, and best-practice capabilities.
Topics we will cover:
- How the real-time aggregation engine works to process information from PKI roles such as CAs, CRL distribution points, Hardware Security Modules, and more.
- How to set up monitoring and alerting rules so that you, your teams, and stakeholders can get notified on changes, failures, and even pre-failure states.
- How to use config explorer to get insights into PKI configurations such as CA permissions, revocations, and crypto modules.
- How you can use time-based filtering to keep track of trends and establish behavioral baselines.