Red Sift Certificates: The Next Generation

Today, we are thrilled to unveil the next generation of Red Sift Certificates, featuring a comprehensive UI update that aligns seamlessly with the broader Red Sift Pulse Platform. This release also introduces several new enhancements, including advanced AI-powered filtering, a faster and more accurate search feature, and content classification capabilities.

This development signifies a significant advancement in the evolution of the Hardenize project, maintaining our commitment to delivering outstanding certificate inventory, expiration monitoring, and analysis capabilities within a more cohesive and user-friendly interface.

What’s new?

Key updates include:

  • AI-powered Filtering: Rather than manually applying filters, you can now use AI-driven queries to customize how your results table is displayed. Simply describe your filtering needs, such as “Show me all certificates issued by DigiCert,” “Show me all active pages with expired certificates,” or “Show me all certificates that expired in June.” This feature speeds up your search and streamlines finding specific information.
  • Content Classification for Faster Remediation: Red Sift Certificates now uses platform capabilities that power Brand Trust, adding powerful context to certificate monitoring. With this integration, our content classification tool can identify whether pages with expiring or expired certificates are active, priority, or defunct. This allows you to focus your time on the remediation of certificates deployed to active sites. 
  • Updated User Interface for Cohesive Experience: Enjoy a revamped user interface with faster speeds and enhanced accuracy. The redesigned search feature offers a more intuitive and seamless experience.

Sometimes seeing is believing. Watch our Sales Engineering Director, Billy McDiarmid, show what’s new in this short video.

What is Red Sift Certificates and how can it help my team?

Red Sift Certificates offers industry-leading certificate discovery and monitoring capabilities for customers who care about protecting their organization against the tricky problems caused by public PKI but want to avoid the complexity, risks, and long timelines of deploying a traditional certificate lifecycle management (CLM) solution. Read more on the differences between CLMs and Certificate Monitoring solutions here.

With Red Sift Certificates, security, infrastructure, and IT specialists can:

  • Get Complete Visibility: Continuously discover and inventory all public certificates—owned, third-party, self-signed, or private—using our best-in-class discovery engine.
  • Avoid Downtime: Keep your reputation intact with scalable certificate expiration monitoring. Receive focused alerts that improve detection and response times for expiring certificates.
  • Act Fast: Get detailed, up-to-date certificate data for quicker issue resolution, enhancing mean time to remediation (MTTR).
  • Spot Issues Early: Use Certificate Transparency to detect policy breaches and potential compromises. Know when a certificate doesn’t meet your organization’s policies.
  • Fix Misconfigurations: Identify and resolve serious certificate misconfigurations with continuous hostname monitoring to prevent costly downtime.
  • Stay Compliant: Ensure regulatory compliance with standards like NIST and PCI-DSS 4.0 by maintaining a healthy certificate estate.
  • Be Prepared: Get ahead of PKI disruptions with complete, effortless visibility. Adapt quickly to changes like Chrome’s upcoming reduced certificate lifetime requirements and avoid unexpected events like the Entrust and Symantec distrust incidents.

Why a certificate monitoring solution is more important now than ever 

As regulations shift and major changes like Google’s distrust of Entrust certificates shake the PKI landscape, the stakes for digital trust management have never been higher. Staying ahead of these challenges with robust certificate monitoring is not just smart – it’s essential for safeguarding your operations and ensuring seamless security.

Proactive management against disruptions

When Google announced it would no longer trust certificates issued by Entrust, companies scrambled to review and potentially replace their Entrust-issued certificates to avoid service disruptions come October 31, 2024. 

This incident illustrates how trust relationships can change overnight and underscores the need for proactive monitoring and management of digital certificates. With Red Sift Certificates, customers gain one-click visibility into all their certificate authorities, enabling them to quickly assess and mitigate their exposure to such events.

Aligning with regulatory requirements

Staying aligned with security frameworks like NIST and MITRE ATT&CK is vital for any organization striving to uphold best-in-class cybersecurity. Check out our blog to learn more about certificate monitoring requirements by framework.

For businesses that store, process, and/or transmit cardholder data, the Payment Card Industry Data Security Standard (PCI-DSS) is one such framework. The latest version of the framework is PCI DSS 4.0, which has elevated the importance of certificate monitoring. Specifically, requirement 4.2.1 mandates that certificates used to transmit Primary Account Numbers (PANs) over public networks must be current and valid, while 4.2.1.1 emphasizes the need for a detailed inventory of trusted keys and certificates. These requirements are considered best practice until 31 March 2025, after which they will become mandated in order to be PCI DSS compliant. 

Red Sift Certificates assists with both of these requirements thanks to best-in-class certificate expiration monitoring to ensure all digital certificates are valid, and a comprehensive, real-time inventory of an organization’s certificate estate. 

Avoiding service downtime and financial losses

Website downtime can wreak havoc on a business’s bottom line, with costs ranging from $5,600 to $9,000 per minute. The chilling reality is that many of these disruptions are caused by expired certificates – an easily preventable problem!

High-profile incidents underscore the gravity of the issue: Elexon’s expired TLS certificates caused half a day of outage, Microsoft grappled with TLS expiration issues resulting in unwanted security warnings, Shopify narrowly avoided disaster when an expired root certificate was discovered in a staging environment, and numerous US government websites have gone offline due to certificate expirations.

With Red Sift Certificates, customers don’t have to worry about certificate-related downtime. Our system automatically monitors for misconfigurations and upcoming expiry dates, including third-party certificates, ensuring you stay one step ahead of potential threats.

Detect misissuances that could lead to an attack

In a recent incident, a man-in-the-middle attack targeted the XMPP service at Jabber.ru, leading to unauthorized wiretapping. This breach exploited misissued certificates, allowing attackers to intercept and decrypt communication without detection.

Such incidents highlight the critical need for vigilant monitoring of certificate issuance to detect anomalies that could indicate potential compromises. With Red Sift Certificates, we analyze every certificate issued in real time, applying opening, closing, and escalation rules. This proactive approach enables customers to swiftly determine if a certificate is genuine, issued outside of policy, or an early indicator of compromise, effectively mitigating risks before they escalate into full-blown attacks.

With best-in-class capabilities and an enhanced UI, Red Sift Certificates is positioned as the preferred choice for organizations seeking a robust, efficient, and user-friendly certificate monitoring solution.

PUBLISHED BY

Francesca Rünger-Field

30 Jul. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Cybersecurity

DMARCbis: What are the changes and how to be ready

Jack Lilley

Executive Summary: DMARCbis, also known as DMARC 2.0, is the forthcoming update to the DMARC email authentication protocol, designed to address limitations and ambiguities in the original standard, with an expectation to be finalized and published in 2025. The update introduces clearer guidelines, a new method for determining organizational domains, and streamlined record management.…

Read more
Certificates

TLS certificates are changing: What you need to know

Red Sift

Executive summary: TLS certificates are about to get significantly shorter-lived. Starting 15 March 2026, newly issued public-trust certificates will max out at 200 days—and just three years later, that lifespan drops to 47 days. Backed by Google, Apple, and Mozilla, this shift aims to make the web safer through fresher data, faster failover, and…

Read more
DKIM

The hidden threat: How misconfigured DKIM enables replay attacks

Red Sift

Email authentication isn’t just an IT concern. It protects your brand and customers. A single misstep can let attackers spoof your domain, send phishing emails, and destroy customer trust. One of the most dangerous methods? The DKIM replay attack. In this post, we’ll break down how undersigned DKIM keys and related misconfigurations open your…

Read more
BIMI

Why DMARC and BIMI are a business priority

Jack Lilley

Email threats aren’t slowing down, and neither should your authentication strategy. In our recent joint webinar with Marigold, “From DMARC to BIMI: Navigating the New Email Authorization Landscape,” we broke down what today’s evolving standards mean for both security and marketing teams—and how to take action now with our free Red Sift Investigate tool.…

Read more