Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:34 PM
Dark Reading
Dark Reading
Products and Releases

SSH Communications Security Unveils SSH User Key Management Solution

Solution is first new extension of its SSH Information Integrity Platform

London, UK – April 24th, 2012: SSH Communications Security, known the world over as the inventors of the SSH protocol, unveiled today at Infosec 2012, London the first new extension of its SSH Information Integrity Platform, SSH User Key Management. The module will serve to provide enterprises the ability to identify, organise and maintain trust relationships of applications, user and service accounts to their respective target SSH and OpenSSH servers through the management of public and private keys.

In a separate announcement, SSH Communications has appointed HANDD, the International Security and Compliance specialist, as its distribution partner in Europe, Middle East and Asia. HANDD will operate an SSH centre of excellence that provides 24/7 global support to over 50 enterprise customers, including four of the UK’s largest banks.

“Enterprises most critical data and applications are often transported and housed on SSH and OpenSSH servers. Those enterprises using public key authentication to manage access to those servers are faced with a significant challenge today in terms of knowing who and what may access those servers. This is not only a major security and compliance risk, however it is also a cost issue, whereas many organisations manage this function manually with little or no oversight,” states Tatu Ylönen, CEO of SSH Communications Security.

The Universal SSH Key Manager will function as an extension of SSH’s ability to control and manage another facet of the SSH infrastructure already prevalent in today’s enterprises. SSH already has the ability to centrally manage configurations, deployments, policies and host keys for its own commercial Tectia SSH variant as well as OpenSSH.

“We are excited to work closely with our key customer pilots to ensure that we address the primary problems they face today in managing their SSH environment. We have approached solving this problem from the perspective that any solution we provide must improve process, decrease operational costs, mitigate the current risks they face in managing their SSH user keys and finally ensure that they are compliant under PCI-DSS, SOX and HIPAA standards,” summarised Matthew McKenna, Head of Sales and Marketing.

On the SSH Communications and HANDD partnership, Anthony Hodges, CEO HANDD commented: “Today SSH is one of the most widely used security protocols in the world with over 3000 global organisations using the data-in-transit solution for moving information. While organisations have enjoyed a robust security solution preventing both internal and external data losses, managing the SSH key overhead has become a colossal task.”

Continued Hodges: “Enterprises are facing huge manpower and cost implications as auditors demand regular host SSH key rotation as part of their security policy and a FTSE company is estimated to typically spends over $2 million a year managing this overhead. The arrival of SSH in the market will provide enterprises with a solution to manage the SSH overhead and significantly mitigate security risks.”

For further information visit: http://www.handd.co.uk/solutions/ssh-key-management

- end –

SSH Communications Security

Founded in 1995, SSH Communications is the company that invented the SSH protocol - the gold standard protocol for data-in-transit security solutions. Today, over 3,000 customers across the globe, including 7 of the Fortune 10, trust our Information Integrity Platform to secure the path to their information assets. We enable and enhance business for thousands of customers in multiple industries in the private and public sectors around the world. We operate in the Americas, Europe, and APAC regions, with headquarters located in Helsinki, Finland. The company holds 15 patents and its shares are quoted on the NASDAQ OMX Helsinki.

For more information on SSH Communications Security please visit www.ssh.com

HANDD Business Solutions

HANDD are Independent Experts in the Provision of Data Centric Security and Compliance Solutions for some of the largest public and private sector companies across Europe, Middle East and Asia.

In partnership, with the world’s leading MFT software vendors HANDD offers its customers optimum visibility and control of their data exchanges and the best solution to meet business requirements. HANDD has a team of Data Security experts that provide design and installation project management, training, professional services and 24/7 technical support.

For more information on HANDD please visit http://www.handd.co.uk/

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: What Virtual Reality phishing attacks will look like in 2030.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
PUBLISHED: 2021-05-11
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
PUBLISHED: 2021-05-11
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
PUBLISHED: 2021-05-11
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.