Press release

AppViewX Contributes to NIST SP 1800-37B Report on Enhancing TLS 1.3 Visibility

0
Sponsored by Businesswire

AppViewX, the leader in automated machine identity management (MIM) and application infrastructure security, today announced it is a contributor to the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 1800-37B, Addressing Visibility Challenges with TLS 1.3 within the Enterprise, released today on overcoming the visibility challenges posed by the adoption of the Transport Layer Security (TLS) protocol version 1.3 in enterprise environments.

The NIST preliminary practice guide for understanding what types of key management-based solutions can be used for achieving TLS 1.3 visibility is available free of charge here.

TLS 1.3 enhances network traffic security to ensure that end-to-end communications are encrypted, prevent eavesdropping and man-in-the-middle attacks, and protect the contents of communications – a feature known as forward secrecy. However, the security improvements in TLS 1.3 create challenges for enterprises that rely on passive decryption techniques for visibility into their TLS traffic. This visibility is essential for enterprises to meet cybersecurity, operational, and regulatory requirements.

To help organizations faced with the dilemma of choosing between the outdated TLS 1.2 and the more secure TLS 1.3, which complicates internal traffic visibility, the National Cybersecurity Center of Excellence (NCCoE) initiated a project in collaboration with technology providers like AppViewX and enterprise customers. This project presents options for maintaining visibility within the TLS 1.3 protocol by offering standards-compliant architectural models for real-time and post-facto systems monitoring and analytics capabilities within enterprises. AppViewX contributed its technical expertise, and first hand experience working with enterprise customers migrating to TLS 1.3, to the SP 1800-37B report.

“This engagement with the National Cybersecurity Center of Excellence and our participation in the SP 1800-37B report reflects our dedication to helping organizations advance digital certificate management, streamline the adoption of modern protocols like TLS 1.3 and automate certificate lifecycle management,” said Murali Palamisamy, Chief Solutions Officer at AppViewX. “One of the NIST’s report key recommendations is for enterprises to implement a central key governance platform. AppViewX provides key governance and certificate management solutions to enable comprehensive certificate discovery, visibility into outdated cryptographic algorithms, and an automated path to crypto-agility.”

This project builds upon the NCCoE’s previous project, “TLS Server Certificate Management,” which showed organizations how to centrally monitor and manage their TLS certificates. This latest project will give security and IT professionals the tools they need to gain more visibility into the information being exchanged on their servers and to help them fully adopt TLS 1.3 in their private data centers and in hybrid cloud environments.

The AppViewX SaaS-delivered Digital Trust Platform is used by Fortune-ranked organizations across financial services, banking, healthcare, oil and gas, manufacturing, and high tech to reduce cybersecurity risk and meet security compliance requirements. AppViewX CERT+ is a certificate lifecycle management (CLM) solution that automates the discovery, monitoring, analysis, provisioning and orchestration of digital certificates, including SSL/TLS, client and code signing certificates, to eliminate cloud service outages and prevent damaging security breaches. Delivered on-premises, in the cloud or as a service, AppViewX CERT+ is ready-to-consume and highly scalable to meet any organization’s identity governance and cybersecurity strategy.

NIST does not evaluate commercial products under this consortium and does not endorse any product or service used. Additional information on this consortium can be found at https://www.nccoe.nist.gov/addressing-visibility-challenges-tls-13.

About AppViewX

AppViewX is trusted by the world’s leading organizations to reduce risk, ensure compliance, and increase visibility through automated machine identity management and application infrastructure security and orchestration. The AppViewX platform provides complete certificate lifecycle management and PKI-as-a-Service using streamlined workflows to prevent outages, reduce security incidents and enable crypto-agility.

Fortune 1000 companies, including six of the top ten global commercial banks, five of the top ten global media companies, and five of the top ten managed healthcare providers rely on AppViewX to automate NetOps, SecOps, and DevOps. AppViewX is headquartered in New York with offices in the U.K., Australia and three development centers of excellence in India. For more information, visit https://www.appviewx.com and follow us on LinkedIn and Twitter.

About the National Cybersecurity Center of Excellence

The NCCoE, a part of NIST, is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under CRADAs, including technology partners—from Fortune 50 market leaders to smaller companies specializing in information technology and operational technology security—the NCCoE applies standards and recommended practices to develop modular, adaptable example cybersecurity solutions by using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to re-create the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Maryland. Information is available at https://www.nccoe.nist.gov.