SSH Keys have to be properly documented in order to efficiently use, rotate, and delete them – lest they fall victim to key sprawl and proliferation. AppViewX allows for fully transparent automation and management of all SSH keys in the infrastructure.
Discover keys from multi-vendor, hybrid network infrastructures – like servers, ADCs, client devices, cloud instances and VMs– on an on-demand basis. CERT+ allows you to keep your inventory updated every day with an option to sync keys each night. Once the keys are discovered, they are stored in an inventory that gives you centralized visibility of all SSH keys across hybrid and multi-cloud environments. No more logging into each VM or on-prem machine to identify the number of SSH keys present in them – just by clicking “Discover,” CERT+ provides you a full view of the keys.
Unlike SSL certificates, SSH keys do not have expiration dates. When compromised, a malicious user can create permanent backdoors into an enterprise’s critical infrastructure. With CERT+, you can forcefully expire your SSH keys after a set duration. This helps you understand the number of ageing keys in your infrastructure and delete them proactively. The keys associated with departing employees can also be automatically deleted with our advanced integration with your Active Directory systems.
SSH keys continue to provide access to your application unless explicitly removed. Key rotation, i.e., changing every authorized key (and corresponding identity keys) regularly, is an important security measure that prevents hackers from misusing compromised keys. As a best practice, you should rotate all your keys every 60 days, which is almost impossible without proper visibility. With CERT+, you can schedule an automated periodic rotation of your keys. This will ensure all key-trust relationships within the infrastructure are updated with the new key automatically, without hassle.
Having one application to create and manage SSH keys and another application to access your systems can be counter-productive. With CERT+, you can get direct access to all target systems on-premises or in the cloud within the same console to ensure seamless user experience and superior session tracking on all supported devices. You can also monitor all active SSH sessions on a target device and automatically terminate the ones that seem suspicious.
"AppViewX significantly decreased our operational outages due to certificate expiry."
“...We saved 90% time on operations, it really ended up delighting our end users, they’re surprised at how easy it is to request certificates”
Xcel Energy, USA