Symantec cloud service seeks out ‘rogue certificates’
FRAMINGHAM, Mass. — Symantec Corp. says it will release what it calls the Symantec Certificate Intelligence Center, a cloud-based service that works with an on-premises software component to keep track of SSL server certificates used by an organization.

“Every SSL certificate comes with a shelf life, as they expire in one, two or three years,” says Amar Doshi, Symantec’s senior manager of product management. Certificate Intelligence Center lets IT managers track both public Web-facing and internally-used certificates in order to act before these certificates expire. The service is similar to one offered by competitor Venafi, he says.

In addition, Symantec’s cloud-based service, working in conjunction with the on-premises component, which is available based on Red Hat Linux or VMware-based virtual appliance, can scan to detect so-called “rogue certificates,” Doshi says.

Rogue certificates have been discovered in corporate networks because someone at a company went and got them from a certificate authority that was not the usual source, or sometimes this has even been done maliciously. The bottom line is the certificate isn’t officially recorded as in use by the business. The certificate-scanning service would be able to seek them out and report back on them, he says.

Symantec [Nasdaq: SYMC] last year acquired the VeriSign trust services group for over US$1 billion. The Symantec Certificate Intelligence Center service, now in beta, is the first new major product/service roll-out since the time of the acquisition.

(From Network World U.S.)

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now