Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


    0 0

    ISTR 23 針對 2017 年資安主要事件提供嶄新的觀點。

    続きを読む

    0 0

    恶意软件启用基于网页的加密货币挖矿器,且没有使用浏览器的任何迹象。

    続きを読む

    0 0

    表示上ではブラウザが使われているとわからないまま、ブラウザベースの暗号通貨マイナーを起動するマルウェアが登場しました。

    続きを読む

    0 0

    Publish to Facebook: 
    No

    This is the first part of a four-part series covering twelve fundamentals for choosing a managed PKI solution, and questions to ask in the buying process.

    The purpose of this blog is to make you aware that not all Managed PKI providers are the same. In fact, there are some pretty significant differences between DigiCert’s offerings relative to the competition that you wouldn’t see by comparing data sheets. DigiCert’s key advantage is that the Symantec Managed PKI was designed as a service from the ground up as opposed to the competition, that have built their service from legacy on premise software. While the data sheets might look similar, over the next few weeks, we will highlight some of the fundamental advantages of Symantec Managed PKI.

    When it comes to Public Key Infrastructure (PKI), organizations have two deployment options: 1) they can opt for an in-house on-premise solution, or 2) a cloud-based service like Symantec Managed PKI*. There are many benefits to a Managed PKI Service, including faster time to deployment, lower total cost of ownership, and leveraging operational excellence.

    On Premise vs Managed PKI

    1. Shared vs. Dedicated customer PKI roots

    DigiCert performs an independent 3rd party audited Root Key Generation Ceremony (RKGC) for every customer we bring on to the service. In fact, DigiCert performs over 1000 key signing ceremonies every year; more than any other Managed PKI provider in the world. Some providers will “partition” their PKI, and host multiple customers under the same Root. The Root CA is your trust anchor; and it shouldn’t be shared.

    2.Timeliness

    One of the key benefits of a Managed Service is that your Certificate Authority (CA) can be operational much faster than trying to set one up on premise. DigiCert can bring a new customer on to our Managed Service in as few as 10 days from the processing of your Purchase Order. Under special circumstances, we can have it operational even sooner. Competing service providers are typically operational in 8-12 weeks, and don’t always meet that deadline.

    3. Access to Public trust

    In addition to your own private root of trust, DigiCert’s standard offering also provides you with access to a public root, and an Adobe Approved Trust List (AATL) , all accessible and managed from the same web based Administrative portal.  Access to these additional roots enables organizations to meet a variety of additional Enterprise use cases that require external trust. For example, trusted e-mail digital signatures, Adobe document signing, etc. Competing solutions typically only offer private roots of trust, or require you to issue publicly trusted user certificates from a separate portal.

    4. Broad revocation support

    DigiCert supports both Online Certificate Status Protocol (OCSP) and traditional Certificate Revocation Lists (CRL) as part of our standard service. Some of the competing solutions will only offer CRL based checking, and charge extra for OCSP.

    Questions to Ask

    Here are some questions to ask your potential Managed PKI service provider:

    •Do you offer you a shared “partitioned” PKI root, or do you only offer dedicated PKI roots?

    •Do you perform a root key generation ceremony for every customer you bring on to your service?

    •How quickly is the service operational from the time you process my purchase order?

    •Do you have a proven track record of meeting your stated timelines?

    •Can you offer me different roots of trust for all of my Enterprise use cases from a single Administrative portal?

    •Do you include both OCSP and CRL based revocation checking capabilities as part of your service, or is it an additional charge?

    Part 2 in this series will cover some of the DigiCert advantages around Administration and Deployment. Would you need to open a support ticket every time you make an Administrative change to the CA?  I'll cover this and two other fundamentals for choosing a PKI provider in the next post.

    *On October 31, 2017, DigiCert, Inc. acquired from Symantec Corporation the business of providing and supporting Symantec’s Website Security and PKI products and services.


    0 0

    ISTR 23 では、2017 年の情報セキュリティで起きた主な出来事を鋭敏な洞察力で見通しています。

    続きを読む

    0 0

    ISTR 23, 2017년 정보 보안 주요 사건들을 새로운 각도로 조명

    続きを読む

    0 0

    Publish to Facebook: 
    No

    This is the second part of a four-part series covering twelve fundamentals for choosing a managed PKI solution, and questions to ask in the buying process.

    In Part 1, we shared four key differences between managed public key infrastructure (PKI) providers. This week, we will discuss three features of Symantec Managed PKI Service, Powered by DigiCert®[1], that provide your organization with the ability to easily administer and deploy your managed PKI while keeping costs low. Whenever an organization deploys a technology like PKI, the total cost of ownership must be considered. The Symantec Managed PKI Service offers customers tools and features to maximize the use of the PKI and minimize the total cost of ownership.

    5. System Management

    While most managed PKI offerings provide customers with a baseline set of features, it’s important to review them and their potential impact on your business. Some providers, like DigiCert, give the user complete control of the system and allow you to use the certificate authority to meet current and future use cases. The system is designed to let your organization adapt the service to any situation in your enterprise.

    Other providers take a different approach and only offer you a limited set of functionalities determined at the time the certificate authority is created. If your organization needs to make a change to the functionality or features, then you must work through a support organization and potentially pay additional fees. This leads to an increase in overall cost, delays in deployment, and a general frustration with certificate based technology.

    6. System Administration

    When administering a managed PKI solution, you need a streamlined and user-friendly web interface that provides a simple yet powerful workflow for managing certificates. Symantec Managed PKI offers customer a broad set of base certificate templates to address many use cases. DigiCert includes certificate templates for users, devices, Mobile Device Management (MDMs), and many other use cases. These templates can be used in their default state or customized through a web interface that provides instructions, recommendations, and error-checking. 

    All of this results in easy administration and rapid certificate deployment. These features take the complexity out of PKI deployments and allow the customer to focus on meeting their use cases. Other managed PKI vendors do not have such an easy-to-use interface. Often, these other systems require you to have extensive PKI knowledge to know how to use the system and implement basic certificate types to meet standard use cases. These organizations require expensive PKI personnel with specialized knowledge to operate the system which increases the total cost of ownership.

    7. Ease of Deployment

    Once an organization is set up to use a managed PKI service, they need to deploy certificates in a timely and efficient manner. Symantec Managed PKI provides you with multiple types of user registration methods that are built into the system. No custom coding or special systems required by the end user. User registration and authentication features are built into the DigiCert workflow.

    In addition, Symantec Managed PKI offers an easy-to-deploy auto-enrollment server that can seamlessly enroll Windows domain users and computers for certificates. Often this server is deployed by the customer in a short amount of time and without issue. Many other managed PKI vendors do not offer tools to ease deployment. For example, one of our major competitors does not provide built-in workflows for all certificate types, supports limited authentication options, and you cannot install the auto-enrollment server - it requires a professional services engagement which increases cost and delays deployment time.

    Questions to Ask

    When selecting a managed PKI, here are some questions you might want to ask your managed PKI provider regarding administration and certificate deployment:

    1.What certificate templates are included with the CA?

    2.How do I enable new features on the CA?  Does it require Support or can a customer do it?

    3.Is there built-in certificate creation workflows?

    4.What types of certificate registration options are supported?

    5.How do you support auto enrollment in a Windows environment?

    Our next post, Part 3, in this series will cover how DigiCert provides usability and ease of use for end users with its managed PKI service.

    [1] *On October 31, 2017, DigiCert, Inc. acquired from Symantec Corporation the business of providing and supporting Symantec’s Website Security and PKI products and services.


    0 0

    網路攻擊的規模與複雜度與日俱增。各種攻擊以及規範的波動對所有地區和所有領域都造成衝擊。

    続きを読む

    0 0

    사이버 공격이 양적으로 증가하고 있을 뿐만 아니라 정교성 또한 강화되고 있습니다. 모든 지역과 시장이 공격과 컴플라이언스 변동성의 영향력 아래 있습니다.

    続きを読む

    0 0

    Publish to Facebook: 
    No

    This is the third part of a four-part series covering twelve fundamentals for choosing a managed PKI solution, and questions to ask in the buying process.

    In Part 2, we shared three key differences between DigiCert and other managed public key infrastructure (PKI) providers around administration and deployment. This week, we will discuss four features of Symantec Managed PKI*, Powered by DigiCert, that provide your organization with the ability to easily deploy certificates to diverse groups of user communities across different platforms without requiring an investment in Professional Services.

    8. Look and feel

    The visual appeal of an application contributes significantly to ease of use for end users. In part 2, we described how Symantec Managed PKI interfaces make it easy to Administer.  The same is true, for end user interfaces. Symantec provides a set of consistent, well-defined interfaces that make it easy to deploy certificates to disparate groups of users with varying levels of technical abilities.

    Companies can reduce setup and support time by providing setup and usage instructions for end users, directly on the portal. Administrators can supply instructions in PDF, DOC, DOCX, TXT, PPT, PPTX formats that users can download when they get a new certificate. Should a user require further assistance,

    Administrators can also customize contact information (name, email, and phone) on enrollment pages and within end user e-mail notifications.

    9. Branding

    DigiCert provides a wide range of certificate enrollment methods out of the box. For enrollment methods that require user input, DigiCert enables you to easily brand the end user enrollment pages with your company logo from within the web based PKI Manager interface.

    Branding can be tailored uniquely for each certificate type. This allows you to expose different brands depending on the user community you are attempting to reach (internal customers vs. external users, or different subsidiaries). All enrollment pages are created on-demand, and hosted by DigiCert making the pages easily accessible both internally and externally. 

    Some Managed PKI providers leverage the same static enrollment pages for all customers, unless a customer pays additional annual fees for branding and customization.

    10. Localization

    DigiCert makes it easy to reach a global audience with out-of-the-box support for 9 languages. These languages include: English, French, German, Japanese, Spanish, Chinese, Portuguese, Japanese and Norwegian for both Administrative and end user facing interfaces. Display is based on the region encoding set in the user’s browser. You can also customize the fields that appear in the end user enrollment pages to make them more specific to your organization or to provide an alternative translation. Some MPKI providers limit their language support to English and French, and charge exorbitant prices for professional services to localize enrollment pages.

    11. Multiple Workflows

    For simplicity, Enterprises usually elect to auto-enroll certificates to large communities of users and devices because it is easiest and most transparent. While DigiCert supports this method, sometimes auto-enrollment isn’t possible; perhaps the end user is external and isn’t a member of the domain, additional user vetting is required to achieve a particular level of assurance (LOA), or the device is a smartphone, and not a laptop or desktop. Customers can choose from a wide variety of out-of-the-box capabilities to address different issuance scenarios.

    DigiCert makes it easy to integrate with AD\LDAP for authenticating users during enrollment. By connecting to LDAP through a local PKI gateway, it is possible to move beyond a one-time reference number\authorization code for enrolling users. When additional user vetting is required, Administrators can elect to implement manual approvals for requesting certificates. Administrators approve the enrollment based on the information users enters into the enrollment form, and the user is notified about how to pick up their certificate.

    DigiCert allows Administrators to configure, deploy and customize the enrollment and authentication methods used for certificate enrollment. The competition either doesn’t support it, or requires professional services to complete the work.

    Questions to Ask

    1.What customizations (including Branding) can be made to end user facing portals?

    2.Can we perform the branding and customizations ourselves, or do we need to rely on you?

    3.If we can’t perform the work ourselves, what fees are involved (professional services, annual service)?

    4.What languages do you support for Administrator console?

    5.What languages do you support for end user enrollment?

    6.Describe the workflow you support out-of-the-box for certificate enrollment.

    7.Can I leverage my company directory for user authentication beyond automatic enrollment?

    Our final post in this series, Part 4, concludes with the 12th fundamental - what to look for in a Managed PKI solution when it comes to mobile device management.

    *On October 31, 2017, DigiCert, Inc. acquired from Symantec Corporation the business of providing and supporting Symantec’s Website Security and PKI products and services.


    0 0
  • 04/10/18--23:32: 2018年3月最新情报
  • Inception Framework网络间谍团伙在近三年中始终保持活跃并藏而不漏。恶意软件电邮比例再次上升。基于浏览器的挖掘竟然不用显示浏览器就能执行。

    続きを読む

    0 0

    微软在四月份共修补了66个漏洞,其中有22个漏洞评为严重级别。

    続きを読む

    0 0

    サイバースパイ集団「Inception Framework」が 3 年以上も身を隠しながら活動を続けています。メールマルウェアの比率は引き続き上昇し、ブラウザを使わないブラウザベースの暗号通貨マイニングも登場しました。

    続きを読む

    0 0

    今月は、66 個のパッチがリリースされており、そのうち 22 件が「緊急」レベルです。

    続きを読む

    0 0

    您现在可以查看赛门铁克的2018互联网安全威胁报告,及时了解网络攻击者正使用的战术并及时采取应对措施。

    続きを読む

    0 0

    시만텍의 2018 인터넷 보안 위협 보고서(ISTR)에서 변화하는 사이버 위협과 그 대응 방안을 확인해 보십시오.

    続きを読む

    0 0

    シマンテックの 2018 年版『インターネットセキュリティ脅威レポート(ISTR)』が公開されました。攻撃者が次々と繰り出す手口の変化を追跡し、対抗措置を講じるために、ぜひ ISTR をご一読ください。

    続きを読む

    0 0

    企業可以閱覽賽門鐵克的 2018 年網路安全威脅研究報告,了解攻擊者不斷變化的手法,進而採取反制的措施以阻止攻擊。

    続きを読む

    0 0

    年を追うごとに、モバイルを狙う脅威と脆弱性は増え続けていますが、モバイル OS のアップデートは遅れ気味。原因はどこにあるのでしょうか。

    続きを読む

    0 0

    手机威胁、漏洞和淘汰手机的数量在去年再次攀升,到底发生了什么?

    続きを読む