Attacks/Breaches
8/21/2013
11:41 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

GlobalSign Auto Enrollment Gateway Provides Automated Certificate Life Cycle Management For Microsoft Active Directory

Solution automates enrollment, provisioning, and management of GlobalSign digital certificates for Windows environments

Boston, MA – August XX, 2013 – GlobalSign, the enterprise SaaS Certificate Authority (CA), today announced availability of the GlobalSign Auto Enrollment Gateway (AEG). AEG integrates with Windows Active Directory, allowing enterprises to automate the enrollment, provisioning and management of GlobalSign digital certificates for Windows environments. By replacing their internal CAs with GlobalSign's proven services, enterprises strengthen security and reduce costs by adding certificate-based solutions such as two-factor authentication and advanced SSL without having to manage their own highly complex and costly internal CA. Because GlobalSign SaaS certificate services provide the latest best practices and highest standards in certificate technology, enterprises using them reduce their risk of falling victim to attacks that take advantage of weak and mismanaged certificates. Eliminating the need to manage a resource-intensive internal CA reduces the total cost of ownership of the public key infrastructure (PKI) as well as the risk of system outages that stall business activities.

Tweet this: @GlobalSign unveils AEG automated #DigitalCertificate management service, integrates with #WindowsAD, reduces TCO and risks #PKISecurity

As noted in research published by Aberdeen Group, a Harte-Hanks Company, certificates have been increasingly targeted by attackers, who are successfully exploiting known vulnerabilities such as untrusted self-signed certificates, certificates configured for weak encryption and unwieldy certificate revocation mechanisms. In addition, attackers have successfully pulled off more sophisticated exploits such as fraudulently issuing certificates from trusted third-party authorities and forging certificates that are relied upon for code-signing.

"Most enterprises are not proactively managing the risks associated with these attacks and are unprepared to respond quickly to a compromise," said Derek E. Brink, vice president and research fellow for IT Security at Aberdeen Group. "By allowing enterprises to place the operational aspects of managing certificates into the hands of experts, while retaining enterprise control over group policies managed in Active Directory, GlobalSign is aiming to accommodate future growth in the use of certificates while addressing the practical issues of security and trust in an efficient, cost-effective deployment model."

The GlobalSign AEG provides multiple security and cost-savings benefits as well as enhanced risk mitigation. Seamless integration with Microsoft AD allows enterprises to automate PKI management as well as certificate provisioning and deployment across Windows-based networks, a capability that strengthens PKIs, establishes internal and external trusted communications, and reduces costs.

The solution offers a number of business benefits:

· Risk mitigation: Certificate management by a public trusted CA protects against vulnerabilities and threats.

· Compliance: Proper management ensures that certificates remain valid and do not cause the enterprise to become noncompliant.

· Cost savings: GlobalSign AEG cuts costs by putting management in the hands of PKI experts, removing the need for resources to manage PKI and preventing breaches that could be devastating to businesses, causing brand damage and loss in revenue.

· Enhanced productivity: Proper PKI management ensures continued uptime, eliminates the interruption of mission-critical operations due to invalid certificates and offers employees remote, secure access to company networks.

Additional features and benefits include:

· Easily deployed Public Key Operation (PKO) solutions: AEG supports a wide range of use cases that require strong two-factor authentication, from client authentication of remote workforces accessing the network through VPNs and WiFi to privileged access of highly sensitive resources and systems via smart-card authentication.

· Scalability: Organizations can easily scale to higher-volume deployments to accommodate growth.

· AD integration: AEG provides seamless, often transparent, certificate life-cycle management, avoiding disruptions and security concerns through immediate detection and replacement of expired certificates.

· SaaS CA: AEG eliminates need for internal CAs, e.g. Microsoft CA, thus reducing management costs and complexity as well as overall PKI TCO.

· Strongest available certificates: 2048-bit encryption ensures protection against even the most advanced certificate- and PKI-based attacks.

· Automated PKI management: This liberates IT to focus on core competencies and business-driving IT projects.

"PKI is under attack, and digital certificates have become a common threat vector employed by cybercriminals. However, that doesn't change the fact that when deployed, managed and used effectively, digital certificates provide the most proven means of defense for enterprise networks," said Lila Kee, GlobalSign chief product and marketing officer. "The AEG allows organizations not only to eliminate costly management burdens but also to get full value and maximum security out of their AD investments."

For more information on GlobalSign's Auto Enrollment Gateway visit: https://www.globalsign.com/auto-enrollment-gateway/.

For more information on GlobalSign visit www.globalsign.com.

To follow GlobalSign on Twitter, click here.

Interact with GlobalSign on Facebook, click here.

About GMO GlobalSign

GlobalSign has been a trust service provider since 1996. Its focus has been, and always will be, on providing convenient and highly productive PKI solutions for organizations of all sizes. Its core Digital Certificate solutions allow its thousands of authenticated customers to conduct SSL secured transactions, data transfer, distribution of tamper-proof code, and protection of online identities for secure email and access control. Vision and commitment to innovation led to GlobalSign being recognized by Frost & Sullivan for the 2011 Product Line Strategy Award. The company has local offices in the US, Europe and throughout Asia. For the latest news on GlobalSign visit www.globalsign.com or follow GlobalSign on Twitter (@globalsign).

GMO Internet Group

GMO Internet Group is a comprehensive provider of industry-leading Internet solutions including domain name registration, cloud-based and traditional hosting, ecommerce, security, and payment processing services that each hold the top share of their respective markets in Japan. Other key business areas for the Group include online securities/FX trading, Internet advertising, search engine marketing and online research. In 2011 a new Social Media & Smartphone Platform segment was established bringing together group initiatives in social apps development, daily deals and Android app distribution. GMO Internet, Inc. (TSE: 9449) is headquartered in Tokyo, Japan. For more information please visit http://www.gmo.jp/en.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web