The organizations that make up the project consortium join forces to help enterprises increase network visibility and adopt TLS 1.3 and other modern Internet security protocols
NEW YORK–(BUSINESS WIRE)–AppViewX, the leader in automated machine identity management (MIM) and application infrastructure security, today announced that the company has entered into a Cooperative Research and Development Agreement (CRADA) with the National Cybersecurity Center of Excellence, part of the National Institute of Standards and Technology (NIST), to help organizations address visibility and implementation challenges associated with the TLS 1.3 Project.
The NIST preliminary practice guide for understanding what types of key management-based solutions could be used for achieving TLS 1.3 visibility is available free of charge here.
This project builds upon the NCCoE’s previous project, “TLS Server Certificate Management,” which showed organizations how to centrally monitor and manage their TLS certificates. This latest project will give security and IT professionals the tools they need to gain more visibility into the information being exchanged on their servers and to help them fully adopt TLS 1.3 in their private data centers and in hybrid cloud environments.
“AppViewX is committed to a standards-based approach for all certificate, key and automation use cases whenever possible. For example, we have partnered with Netscout to develop a prototype for the TLS 1.3 visibility challenge that we plan to formalize as an open industry standard,” said Murali Palamisamy, Chief Solutions Officer at AppViewX. “We are pleased to be working with NIST on the TLS 1.3 Project, which dovetails with our Secure Key Orchestration initiative that aims to secure and automate the management of all the encryption keys across distributed and hybrid enterprise environments.”
Transport Layer Security (TLS) certificates ensure secure communication between a client and a server by encrypting all transactions. While it is highly recommended to upgrade to the latest version, TLS 1.3, to strengthen security, organizations are finding it more difficult to implement network visibility strategies because of the forward secrecy process. This collaborative effort will help to address the security implications and visibility challenges of TLS 1.3 protocol changes.
The AppViewX Cloud-native Identity and Security Platform is used by Fortune-ranked organizations across financial services, banking, healthcare, oil and gas, manufacturing, and high tech to reduce cybersecurity risk and meet security compliance requirements. AppViewX CERT+ is a certificate lifecycle management (CLM) solution that automates the discovery, monitoring, analysis, provisioning and orchestration of digital certificates, including SSL/TLS, client and code signing certificates, to eliminate cloud service outages and prevent damaging security breaches. Delivered on-premises, in the cloud or as a service, AppViewX CERT+ is ready-to-consume and highly scalable to meet any organization’s identity governance and cybersecurity strategy.
NIST does not evaluate commercial products under this consortium and does not endorse any product or service used. Additional information on this consortium can be found at https://www.nccoe.nist.gov/addressing-visibility-challenges-tls-13.
AppViewX is trusted by the world’s leading organizations to reduce risk, ensure compliance, and increase visibility through automated machine identity management and application infrastructure security and orchestration. The AppViewX platform provides complete certificate lifecycle management and PKI-as-a-Service using streamlined workflows to prevent outages, reduce security incidents and enable crypto-agility.
Fortune 1000 companies, including six of the top ten global commercial banks, five of the top ten global media companies, and five of the top ten managed healthcare providers rely on AppViewX to automate NetOps, SecOps, and DevOps. AppViewX is headquartered in New York with offices in the U.K., Australia and three development centers of excellence in India. For more information, visit https://www.appviewx.com and follow us on LinkedIn and Twitter.
About the National Cybersecurity Center of Excellence
The NCCoE, a part of NIST, is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under CRADAs, including technology partners—from Fortune 50 market leaders to smaller companies specializing in information technology and operational technology security—the NCCoE applies standards and recommended practices to develop modular, adaptable example cybersecurity solutions by using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to re-create the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Maryland. Information is available at https://www.nccoe.nist.gov.
You can read the original press release here –