Free tool to identify risks in secure shell environments
Posted on 25 April 2013.
SSH Communications Security, the inventor of the Secure Shell and SFTP protocols, today announced the launch of SSH Risk Assessor (SRA), a free tool that provides users with a clear report on risk and compliance exposures in SSH environments.


The unmanaged proliferation of SSH user keys has emerged a major cyber security risk for enterprises and government agencies of all types and sizes. Lack of proper key management – including centralized creation, rotation and removal – leaves organizations vulnerable to attack and in violation of current and emerging compliance mandates including SOX, PCI, NIST & FISMA.

SRA enables internal and external audit and security teams to quickly collect SSH key information across the environment and provides an assessment of risk exposure.

The tool report highlights known vulnerabilities in the environment, basic statistics on SSH keys deployed and specific violations of best current practices. The SRA tool gives security auditors and administrators valuable decision support with respect to identity and access governance in SSH environments.

"Companies are being flagged for compliance violations under general guidelines relating to SSH access control," said Tatu Ylönen, CEO and founder of SSH Communications Security. "SRA provides an easy way for enterprises and government agencies to determine if there are risk and compliance issues with respect to who has access to what information in their SSH environment. With compliance authorities preparing to create specific requirements regarding access controls in SSH environments, SRA is a critical tool that will help auditors and security teams scope the size of the issue and create awareness with IT executives."

SSH Risk Assessor key facts:

Access compliance: Identifies organization-specific compliance status with relevant standards

Identity and access governance: Assesses actions needed to achieve compliance

SSH Risk Assessment: Industry-first key location and risk-assessment technology available for free

SSH key discovery: Provides broad problem-scope capabilities to provide an understanding of the current state of the Secure Shell environment .

SRA will be available in May 2013, you can request it here (registration required).





Spotlight

How security analytics help identify and manage breaches

Posted on 30 July 2014.  |  Steve Dodson, CTO at Prelert, illustrates the importance of security analytics in today's complex security architectures, talks about the most significant challenges involved in getting usable information from massive data sets, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Jul 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //