ANNOUNCING:
Venafi Trust Protection Platform 15.3
===========
What's New
=============
TrustAuthority
SSL/TLS
-------
Custom Reports & Analytics
Delivers custom reporting with customizable filtering criteria for certificates. Certificate information is extracted from the Venafi platform to generate custom-created reports within Aperture. Administrators can select fields and criteria for a custom report, view reports on demand, or schedule report delivery on a daily, weekly, or monthly basis.
Enhanced SSL/TLS Validation
Ensures the correct certificate is being used, that it is installed on the server which is hosting the SSL/TLS service, and that it has not expired. This release provides SSL/TLS protocol detection to identify which servers are using non-compliant protocols. This ensures organizations are compliant with the new PCI DSS version 3.1 requirements. The enhanced chain validation verifies the servers hosting the certificates are providing the necessary information for clients to establish a trust relationship. This release also improves usability for configuring Validation via Aperture and provides a consolidated view of Validation results to ensure that a certificate is available and securely presented.
CA Driver—GeoTrust TrueFlex, Entrust Security Manager
Supports new external CA GeoTrust TrueFlex for automatic certificate requests and enhancements to Entrust Security Manager CA driver.
SSH
Agentless Key Discovery
Uses remote SSH sessions to discover SSH keys without installing agents on target machines. Parameters such as frequency of discovery and locations to scan are configurable. Accounts with sudo privileges enables enables advanced discovery configuration without the need for root access. Supports Linux, Solaris, AIX and HP-UX systems out-of-the-box.
Key Usage Audit
Detects unused keys by providing visibility into keys which have not been used for an extended period of time. This release also detects unauthorized access by revealing instances of authorized keys accessed from unknown clients. In addition, TrustAuthority SSH detects unknown keys that are not tracked in Trust Protection Platform. By correlating log records from TrustAuthority SSH with SSH server logs, organizations gain full visibility into all SSH key usage, detect anomalies, and quickly remediate them.
TrustForce
SSL/TLS
Agent-based Certificate Installation (Provisioning)
Installs certificate keystores without the need to gather system credentials, greatly reducing time and effort to provision certificates and providing end-to-end automation and security to all devices. Supports PEM, Apache, and Java Key Stores.
Self-service Configuration for Certificate Installation in Aperture
Provides Self-service Configuration for Certificate Installation (Provisioning) in Aperture making it easier for application owners to deploy certificates on their systems.
SSH
Agentless Key Remediation
Uses remote SSH sessions to enable adding, removing, editing, and rotating SSH keys without agents installed on target machines.
Key Rotation Rollback
Restores keys to their previous versions, enabling administrators to quickly resume SSH access in case of emergency by initiating rotation rollback in Aperture.
Enterprise Mobility
-------------------
TrustForce Enterprise Mobility is a new addition to the Venafi TrustForce product family, and delivers automated certificate requests, issuance, and installation for Windows environments. It utilizes the Enterprise Mobility Agent to provide organizations the ability to scale enterprise-wide email/SMIME certificates. In addition to email encryption, TrustForce Enterprise Mobility will extend support to other certificate-based authentication from email signing, device authentication, and browser authentication to client authentication of remote workforces accessing the network through WiFi and VPNs.
Trust Protection Platform Features
----------------------------------
Sudo Support for Agentless Certificate and SSH Key Management
Supports elevation of privileges for agentless certificate and SSH key management operations without the need to log in as a root, which is often prohibited by most organizations.
Permissions Setting and Reading REST APIs
Enables permissions to be configured and read programmatically on objects (e.g., policies, certificates, devices) via the TPP REST API.
IMPORTANT! Starting with the 15.2 release the Urgent and Pending buckets have been eliminated in the Aperture UI. Use the status 'Renewing' to see those certificates in these states.
Comments