Safeguarding data in transit has always been a big challenge for security administrators. While SSH keys have helped organizations ensure security in remote administrative access and data transfer, digital keys present some unique challenges.
Usually, SSH keys are left unmonitored and unmanaged, making organizations vulnerable to cyber attacks. In the absence of an automated system, getting the list of all the keys in use, finding and restricting access privileges, and ensuring periodic rotation is a herculean task.
Similarly, managing a Secure Socket Layer (SSL) environment can be daunting when organizations use a large number of SSL certificates issued by different vendors with varying validity periods. On the other hand, SSL certificates left unmonitored and unmanaged could expire, or rogue/invalid certificates could be used. Both scenarios could lead to service downtime or display of error messages that would destroy customer trust in data security and, in extreme cases, even result in security breaches.
ManageEngine Key Manager Plus has been designed to solve all these issues and serves a one-stop solution for managing all digital identities.
Discover SSH systems in the network, enumerate users, and private keys.
Consolidate all discovered SSH keys in a secure, centralized repository.
Create new key pairs, associate with users, and deploy on target systems.
Rotate key pairs automatically at periodic intervals.
Get a holistic view of the key to user relationship across the organization.
Launch a direct SSH connection with target systems.
Audit and track all user activities and generate reports.
Associate specific resources to users and establish granular access controls.
Manage SSH keys better, comply with regulations such as SOX, FISMA, PCI, and HIPAA.
Enforce policies for key creation. Remove all existing keys for a fresh start or append new keys.
Import users / user groups from Windows Active Directory and also leverage the authentication mechanism.
Provision for scheduled backup of entire database for disaster recovery.
Discover all SSL certificates deployed in the network.
Consolidate all discovered certificates in a secure, centralized repository.
Track the name of the CA, date of issue, encryption algorithm, key length and other vital details.
Centrally control new Certificate Signing Requests (CSR) process. Get ready-to-use CSR data files.
Receive alerts about the certificates that are about to expire.
Ensure usage of strong encryption algorithms key lengths. Identify and eliminate weak ones such as SHA-1 certificates.
Supported platforms for product installation:
Local, Active Directory (for Windows)
Supported SSH version:
PostgreSQL (bundled with the product)
RSA (1024/2048/4096 bit) and DSA (1024 bit)
The term 'Keys' refers to the number of SSH private keys plus SSL certificates plus any other digital key being managed.