Qualys, a provider of cloud-based security and compliance solutions, today announced CertView, a new app framework in the Qualys Cloud Platform that enables customers to discover, assess and manage SSL/TLS certificates on a global scale, helping them prevent downtime and outages, audit and compliance failures, and mitigate risks associated with any expired and/or vulnerable SSL/TLS certificates on their business-critical systems. The first two apps in CertView include Certificate Inventory (CRI) and Certificate Assessment (CRA).
Philippe Courtot, Chairman and CEO at Qualys said, “Thriving in today’s business environment requires constant and secure global communication and collaboration between machines-to-machines and people. Qualys CertView delivers customers added visibility of this critical infrastructure layer as it grows, and allows them to more confidently achieve digital transformation securely – all from a ‘single pane of glass’ view, further consolidating their security and compliance stack in one unified platform and reducing costs.”
Machines rely on X.509 certificates to communicate securely with each other both internally and externally, and this communication creates new attack surfaces — particularly amidst the rise of DevOps and public clouds. In order to stay ahead of this risk, organizations must automate visibility and tracking of their certificate deployments for DevSecOps. Qualys CertView allows them to do so by centralizing visibility of certificate vulnerabilities into their overall continuous view of security and compliance state, and by enabling customers to rapidly see and remediate expired or vulnerable certificates.
“While several offerings exist to discover X.509 certificates, most organizations rely on spreadsheet-based tracking methods and manual processes to keep track of certificates, resulting in many undocumented installations and increased exposure to risks,” said David Anthony Mahdi, Research Director, Gartner. “When using discovery tools, security leaders are often surprised by the amount of unknown certificates, from multiple certificate authorities (CAs) that exist in their environment.”
CertView initially consists of two new apps the Certificate Inventory (CRI) app and the Certificate Assessment (CRA). Qualys CertView will be available in beta starting September 2017, with general availability in Q4. The initial release will include these two apps: CRI and CRA. Qualys is working to add full certificate lifecycle management into the single-pane view of the Qualys Cloud Platform. Future versions of CertView will add new apps to include back-end integration with major CAs and application servers, as well as workflows for policy enforcement.
