AgileSec Analytics
Updated Oct. 21 2021

InfoSec Global and Venafi offer a tightly-integrated solution that incorporates a rich set of machine identity findings into Venafi’s Trust Protection Platform, providing Venafi customers with a comprehensive view of all their known and hard-to-find digital certificates, keys and encryption.
Business Outcomes
  • Minimize outages by discovering and addressing outdated digital certificates

  • Prevent downtime by keeping an up-to-date inventory and status of all your digital certificates

  • Deliver visibility of ALL machine identities at scale in your dynamic infrastructure, scaling up and down, without negatively impacting operations

Integration Features
  • Push findings to the Venafi platform from the hosts through an integration leveraging Venafi APIs

  • Analyze and classify collected machine identities, get relevant reports sets of machine identities directly to Venafi after triage

  • Directly send specified use-cases to central repository; users can leverage existing technology investments without complex changes to network config

Solution Overview

The ever-growing number of web services, software applications, mobile devices, virtual machines, container instances, network devices, and various types of IoT devices, personal computing devices in an organization and their need to be connected and communicate with each other poses a set of new challenges regarding managing and securing the access to organizational data. 

Specific challenges include:

  • Visibility Challenge. While organizations control the machine identities generated through internal processes, they often do not have complete visibility of these machine identities running across their entire infrastructure. This blind spot can lead to substantial damages ranging from unpredictable system downtime, compliance, or data breach. Specific visibility challenges include:
    • Discovering ALL machine identities, including not only SSL/TLS certificates used by web services but also code signing certificates, client authentication certificates, personal computing certificates, SSH keys, and even Certificate Authorities; and making sure they are all compliant, secure, and valid at all times.
    • Finding and verifying unmanaged certificates that are generated through shadow IT, outside of the internal processes and deployed across systems, networks, and applications.
    • Finding and verifying machine identities that are used beyond the network to perform critical cryptographic operations on hosts, virtual machines, containers, cloud infrastructure and business applications. 
  • Scalability Challenge. Organizations require an always-up-to-date inventory of their machine identities and cryptographic assets in a dynamic infrastructure that scales up and down. It is therefore imperative to make sure that visibility of ALL machine identities are delivered at scale without impacting any other normal operations. The key challenges include:
    • Continuously monitoring a highly distributed digital footprint containing a large number of systems (100k+) with minimal operational impact, minimal configurations, no network topology changes and by reusing existing technologies and processes.
    • Avoiding increasing the amount of data collected without having an appropriate remediation process.
    • Leveraging existing investments, technologies, and processes without having to deploy siloed solutions within a digital environment. 

InfoSec Global and Venafi offer a tightly-integrated solution that incorporates a rich set of machine identity findings into Venafi’s Trust Protection Platform, providing Venafi customers with a comprehensive view of all their known and hard-to-find digital certificates, building a complete inventory of assets, analyzing potential vulnerabilities and prioritizing actions based on current threat levels. 

How-it-works
  1. The AgileSec Analytics Server generates the AgileSec Analytics Sensors and makes them available to the customer’s existing deployment tool.
  2. The AgileSec Sensors are deployed across the organization’s digital infrastructure using existing deployment tools, such as Tanium, Puppet and others.
  3. The AgileSec Sensors analyze the different hosts running in a cloud or on-premises infrastructure and builds a local database of cryptographic artefacts.
  4. The AgileSec Sensors send the collected information to Venafi directly without requiring access to the AgileSec Analytics Server. The connection to AgileSec Analytics Server is optional.
  5. Venafi is used as the central repository for all certificates identified and managed by the customer.