Certificate Lifecycle Management systems (CLM/CLMS), also called Certificate Management Systems (CMS), provide that support. They allow admins to manage every part of the lifecycle for an individual certificate while maintaining a broader perspective on the state of the network.

 

 

• Machine Identity is at the core of enterprise cybersecurity.
• You may have the most advanced IAM, antivirus, and firewall solutions, but if machine identities are not managed correctly, applications and devices cannot communicate securely.
• Digital certificates and keys are what establish machine identities, which is where certificate lifecycle management comes in.

Other reasons besides cybersecurity include compliance, and audit saved money on not having to deal with Mis (major incidents) that result due to devices having issues with certs.

Managing Certificates is Complex

• Discovering Devices without certs can be challenging.
• Certificates Expire (causing business process failures)
• Keys Stored in all over the place. (insecure location of keys).
• Scattered Ownership of Certificates. (people leave)
• Low Visibility (no single pane of glass)
• No PKI Self Service (no way to request a certificate and have it generated automatically)
• Manual Processes with no rudimentary supervision.
• Way too many different infrastructure components.
• Revocation of certificate is not being documented, or rarely performed.

---

CLM Stages that DBA Binary Fusion can help your organization tackle.

Discovery

• Devices that have invalid certs are no certs can be difficult to discover. The Discovery process depends on the types of devices, protocols, API programmability, and other characteristics.

Enrollment

• Credentials and other inputs are gathered to enroll the certificate. For example, certificate signing requests with Common names and identification of service together with authorization details are gathered.

Issuance

• Certificate enrolment data is validated, and a certificate is issued. The certificate is stored in a database and provided to the end entity which provided the initial enrolment.

Expiration

• The certificate approached the end of its validity period. An expired certificate will no longer be valid and trusted, therefore the end entity should be aware of it and decide to either renew or decommission.

Destruction

• After the expiration and validity period, the private key and certificate are no longer needed. The private key is securely destroyed, and the certificate is decommissioned from the public key infrastructure.

 

---

What DBA Binary Fusion can do for your organization?

 Discovery of Assets

• Discover and visualize your assets by subnet, &or app level through manual, or existing CMDB and AD integration.

Centralized Ownership

• Define ownership for certificate and keys.
• Enforce Access control
• Audit Tracking

 Process and Policy

• Remove reliance on personal knowledge to handle PKI.
• Enforce policy across for all stakeholders

Endpoint Deployment

• Streamline certificate push to endpoints.
• For ex: F5 Load Balancers, Servers, VCs, Printers.

Certificate Operations

• Grouping and expiry reminders
• Inventory Certs
• Visibility via monitoring
• Renewal Automation
• Certificate Key Generation.
• CA Automation

---

Here is what our CLM solution can do for you.

Wrap DBA Binary Solution Solution around CLM stages per your need and package them in CLM Fusion View (custom built CLM management software).

• Wrap solution around CLM stages (enrollment, issuance, expiration, destruction)
• Get to know your devices & certificates.
• Are they in PEM, are they in CER, or DER.
• Tie revocation of certificates into ITSM such as Service Now.

Create Visual Representation of your Certificate Ownership

• Discover your devices and present them in custom-built software CLM Fusion View for your organization.
• Create Geo-Based views to help you visualize your certificates, by departments, device type, locations etc.
• Review your existing devices' vulnerabilities to see which certs are most vulnerable, (an example of which ones using SHA1 vs SHA2) and handle these first etc.
• View which certs use weak ciphers and low bit cryptographic keys.

Integrate Certificate Generation Workflows

• Orchestrate Manual, Semi-Automatic, and Automatic Workflows where applicable.
• Integrate already existing certificate generation workflows, map to security groups.
• Create/Leverage Self Provisioning Certificate UI of either another vendor or create a custom one for your environment.

 

Solution:  This is how DBA Binary Fusion helped customers tackle this issue.

 

Inventory of Devices

• DBA Binary Fusion helped customers create an inventory of all video conferencing devices, categorized them by region, type, department, ownership.  DBA Binary Fusion identified which devices needed to be upgraded in order for certificate signing requests to be generated.   
• DBA Binary Fusion centralized visibility of every video conferencing device into a geographical portal called "CLM Fusion View" (custom-built portal based on micro-services architecture, designed specifically for customer's Certificate Lifecycle Management Needs).  Within CLM Fusion View, policies were created that would enforce Audit recommendations to notify certificate owners if certificates are about to expire. 

Certificate Renewal and Expiry Notifications

• DBA Binary Fusion modified "CLM Fusion View: in such a way that made it very easy for IT teams to regenerate certificates every 2 years.  CLM Fusion View was modified per customer's environment, making it possible to discover devices based on ICMP, SNMP and programmatically using APIs.  CLM Fusion View was also tailored towards customer's existing CMDB system Service Now, making it easy to keep track of certificate changes, renewals, and expirations.   Alerts were configured notifying certificate owners when the cert is about to expire, giving cert owners ample of time to log into "CLM Fusion View" and renew certificates.

Support for other devices beyond Video Conferencing Units 

• Also, CLM Fusion View was updated with not only support for video conferencing devices that customers had struggled with managing certificates but also was updated with other on-premise devices such as printers.   Additionally, certificate revocation was configured in CLM Fusion View to delete private keys anytime the certificate expires.  
• DBA Binary Fusion also updated CLM Fusion View to create a ticket automatically in ServiceNow every time new certificate was generated keeping a track record of certificate activities.

Flexible Auto-Discovery and generation of CSR

• CLM Fusion View was designed in synergy with the customer's growing environment.   Anytime new device that hopped on the network was automatically discovered in CLM Fusion View. 
• Admins had the capability to specify which VC device they want to generate a certificate for. 
• CLM Fusion View automatically logged into each of the devices and generated CSR, then navigated automatically to respective CAs, had certs signed and imported them back into Video Conferencing devices.  
• In cases where it was not possible to manage certificates using API programmatic functions, DBA Binary Fusion utilized manual practices, where Service Ticket was created by the company's who admin who needed certificate generated and DBA Binary Fusion would receive the Service Now Ticket and installed certificate manually.  DBA Binary Fusion staff was basically was an augmentation of the company's workforce.
• Additionally, DBA Binary Fusion modified CLM Fusion View to log in automatically into multiple VC units, forcing VC units to join automatically into WebEx Control Hub.

GEO Map Visualization of Devices

• After certificates were deployed on all of the video conferencing systems, each of the VC units were shown on the GEO map on customer's SIEM such as Sumo Logic or other SIEM tool such as Splunk and in "CLM Fusion View".
• Network Engineering and Security teams were involved in creating Cisco Identity Service Engine rules to match video conferencing authentication and authorization requests based on unique value keywords within the certificate Subject Alternative Name.  DBA Binary Fusion assisted network engineering staff with formulating policies on Cisco ISE and also helping Network Engineering and Security teams profile other types of devices that also needed certificates or additional validations.  

We offer our services for different types of companies and industries.

Industries we service include, financial, health, professional LLCs, manufacturing companies and beyond.

We can help you secure, analyze and design your network and help you manage your certificate life cycle process based on your existing environment and can also help you work out eccentric details that you need to provide to auditors in order to pass year yearly audit.

How to Contact Us

If interested to see some additional use cases or would like to get a similar solution implemented in your organization then don't hesitate to reach out to This email address is being protected from spambots. You need JavaScript enabled to view it.  and one of our IT consultants will get back to you.  You can also contact us by the phone number on the top right corner or send us a chat message. 

Fill out the form below to get to know you a little bit more and provide you a demo presentation tailored for your environment.

 

 

Other Enterprise Monitoring Relevant Services that we offer

• Sumo Logic Monitoring Assessment for Financial Industries 
• Micro Services and Serverless Lambda Monitoring 
• Natural Language Processing (NLP) and ML services
• Network Monitoring Managed and Non-Managed Services 
• Solar Winds Consulting 
• Network Monitoring Training for Enterprise Companies
• Software-Defined Networking Consulting
• IT Infrastructure Management for small & medium businesses  
• External Vulnerability Assessment 
• Network Security Services for mid, small and large size companies

Industries We Service

• Law Firms
• Educational
• Accounting Companies

 We also offer services for Health companies, medical, manufacturing and others.

Top Locations We service

• Westchester County NY
• Manhattan New York
• Connecticut
• Stamford CT Consulting

We also have presence nationally and globally.  Hence if you are outside any of these areas we can help you with your microservices and lambda monitoring needs.