Qualys announced CertView, a new app framework in the Qualys Cloud Platform that enables customers to discover, assess and manage SSL/TLS certificates on a global scale, helping them prevent downtime and outages, audit and compliance failures, and mitigate risks associated with any expired and/or vulnerable SSL/TLS certificates on their business-critical systems. The first two apps in CertView include Certificate Inventory (CRI) and Certificate Assessment (CRA).
Machines rely on X.509 certificates to communicate securely with each other both internally and externally, and this communication creates new attack surfaces — particularly amidst the rise of DevOps and public clouds. In order to stay ahead of this risk, organisations must automate visibility and tracking of their certificate deployments for DevSecOps. Qualys CertView allows them to do so by centralising visibility of certificate vulnerabilities into their overall continuous view of security and compliance state, and by enabling customers to rapidly see and remediate expired or vulnerable certificates.
“Thriving in today’s business environment requires constant and secure global communication and collaboration between machines-to-machines and people,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “Qualys CertView delivers customers added visibility of this critical infrastructure layer as it grows, and allows them to more confidently achieve digital transformation securely – all from a ‘single pane of glass’ view, further consolidating their security and compliance stack in one unified platform and reducing costs.”
CertView initially consists of two new apps as follows:
The Certificate Inventory (CRI) app offers:
Discovery: Enabling infosec and other teams to continuously scan global IT assets from the same console to discover every certificate issued from any CA.
- Inventory: Enabling reduced administrative costs by bringing the entire certificate estate under central control with comprehensive visibility of all certificates in use across DevSecOps, InfoSec and IT teams.
The Certificate Assessment (CRA) app offers:
Continuous Monitoring: Automation built into the Qualys Cloud Platform identifies critical issues, weaknesses and vulnerabilities and sends targeted alerts to DeveSecOps, InfoSec IT and IT teams.
- Reports and Dashboards: Dynamic dashboards provide teams with a holistic and contextual view of their certificate estate, and power automatically created downloadable reports of certificate-related vulnerabilities, certificate expirations and non-compliant certificates across global IT assets.
Qualys CertView will be available in beta starting September 2017, with general availability in Q4. The initial release will include these two apps: CRI and CRA. Qualys is working to add full certificate lifecycle management into the single-pane view of the Qualys Cloud Platform. Future versions of CertView will add new apps to include back-end integration with major CAs and application servers, as well as workflows for policy enforcement