PKI Spotlight updates help enterprises manage their PKI and HSM environments

PKI Solutions announced its latest update of PKI Spotlight, a PKI management solution that provides organizations with real-time monitoring and alerting of the availability, configuration, and security of all of their PKI and Hardware Security Module (HSM) environments – all consolidated into one easy-to-use dashboard.

This latest release of PKI Spotlight introduces new capabilities including a new Best Practices Engine and Is-Alive tests for ADCS Certificate Authorities.

“Organizations everywhere are struggling with the global IT brain drain and there are fewer IT security and PKI experts than ever before. Our latest version of PKI Spotlight, with its new Best Practices Engine, helps companies address this widespread problem of not having enough time or PKI expertise within their organizations to fully implement the important best practices needed to ensure the security of their identity and encryption systems. It’s like having your own virtual PKI Solutions consultant,” said Mark B. Cooper, president and founder of PKI Solutions.

“Our new Is-Alive (not just looks alive) health checks detect failure conditions before they impact an organization’s PKI environment which can potentially prevent millions of dollars in losses as a result of business disruptions. We specifically designed both of these new product features to continue to help organizations solve their most difficult PKI management challenges today even though they don’t always have dedicated resources to manage all their PKI environments.”

Best Practices Engine

With the inclusion of the Best Practices Engine in PKI Spotlight, admins and security architects can automatically implement the best practices needed to keep PKIs and HSMs functional, available and secure. PKI Spotlight’s “Always On” rules engine checks the status of the PKI and HSM configurations and events against practices to ensure compliance. In addition, “Out of the Box” (OOTB) best practices derived from PKI Solutions’ 100+ customer engagements are applied and regular updates for the latest and most relevant best practice checks are performed.

Is-Alive for ADCS Certificate Authorities

PKI Spotlight’s Is-Alive for ADCS Certificate Authorities functionality helps PKI admins keep track of the actual operational status and availability of their ADCS Certificate Authority (CA) and HSMs and indicate whether the Certificate Authority can indeed sign requests digitally. This allows PKI Spotlight to go beyond the basic “is the service running” check. Instead, it detects failure conditions before they impact an organization’s PKI and HSM environments. In fact, PKI Spotlight runs an exhaustive checklist of dependencies to ensure that the Certificate Authority is running and can service requests. This checklist includes monitoring CA Service Status, ICertview, ICertRequest interface availability, the latest CA Certificate trust chain validity, and the latest CA Certificate private key availability and usability.

“Current monitoring tools can give the false status that all CAs and HSMs are operational, while in reality, they are failing. These issues can go undetected for weeks, resulting in outages that are hard to troubleshoot and waste time—consequently introducing high-impact security risks, loss of productivity and revenue,” said Cooper.

“Our new Is-Alive functionality helps PKI admins keep track of the actual operational status and availability of their ADCS Certificate Authority (CA) and HSMs indicating whether the Certificate Authority is truly able to digitally sign requests. For example, if the CA trust chain is broken, the entire PKI is broken and will not be able to verify these certificates. When that happens, services that depend on certificates in the organization stop working, potentially resulting in a denial of service (DDOS) scenario which can be devastating for an organization.”

PKI Spotlight’s new Best Practices Engine and Is-Alive for ADCS Certificate Authorities have been added to the product’s core capabilities which include:

• Real-time PKI and HSM event configuration and roles and aggregation engine
• Unified dashboard with event, configuration, and PKI roles exploration
• Customized alerting and notifications for critical PKI functions, events, activity, and configurations changes
• Email-based integration into Incident Management and Service Management solutions
• Config Explorer for fine-grained visibility into PKI configurations such as CA permissions, revocation, Active Directory, cryptography, and policy modules
• Time-based event filtering and exploration that filter events by source, role, time, and severity with built-in search for message and event ID
• View of all PKI roles, such as Certification Authority, Web Enrollment site, CRL Distribution Point, Authority Information Access (AIA), OCSP Responder, NDES and CES/CEP servers