Red Sift Certificates: The Next Generation

Today, we are thrilled to unveil the next generation of Red Sift Certificates, featuring a comprehensive UI update that aligns seamlessly with the broader Red Sift Pulse Platform. This release also introduces several new enhancements, including advanced AI-powered filtering, a faster and more accurate search feature, and content classification capabilities.

This development signifies a significant advancement in the evolution of the Hardenize project, maintaining our commitment to delivering outstanding certificate inventory, expiration monitoring, and analysis capabilities within a more cohesive and user-friendly interface.

What’s new?

Key updates include:

  • AI-powered Filtering: Rather than manually applying filters, you can now use AI-driven queries to customize how your results table is displayed. Simply describe your filtering needs, such as “Show me all certificates issued by DigiCert,” “Show me all active pages with expired certificates,” or “Show me all certificates that expired in June.” This feature speeds up your search and streamlines finding specific information.
  • Content Classification for Faster Remediation: Red Sift Certificates now uses platform capabilities that power Brand Trust, adding powerful context to certificate monitoring. With this integration, our content classification tool can identify whether pages with expiring or expired certificates are active, priority, or defunct. This allows you to focus your time on the remediation of certificates deployed to active sites. 
  • Updated User Interface for Cohesive Experience: Enjoy a revamped user interface with faster speeds and enhanced accuracy. The redesigned search feature offers a more intuitive and seamless experience.

Sometimes seeing is believing. Watch our Sales Engineering Director, Billy McDiarmid, show what’s new in this short video.

What is Red Sift Certificates and how can it help my team?

Red Sift Certificates offers industry-leading certificate discovery and monitoring capabilities for customers who care about protecting their organization against the tricky problems caused by public PKI but want to avoid the complexity, risks, and long timelines of deploying a traditional certificate lifecycle management (CLM) solution. Read more on the differences between CLMs and Certificate Monitoring solutions here.

With Red Sift Certificates, security, infrastructure, and IT specialists can:

  • Get Complete Visibility: Continuously discover and inventory all public certificates—owned, third-party, self-signed, or private—using our best-in-class discovery engine.
  • Avoid Downtime: Keep your reputation intact with scalable certificate expiration monitoring. Receive focused alerts that improve detection and response times for expiring certificates.
  • Act Fast: Get detailed, up-to-date certificate data for quicker issue resolution, enhancing mean time to remediation (MTTR).
  • Spot Issues Early: Use Certificate Transparency to detect policy breaches and potential compromises. Know when a certificate doesn’t meet your organization’s policies.
  • Fix Misconfigurations: Identify and resolve serious certificate misconfigurations with continuous hostname monitoring to prevent costly downtime.
  • Stay Compliant: Ensure regulatory compliance with standards like NIST and PCI-DSS 4.0 by maintaining a healthy certificate estate.
  • Be Prepared: Get ahead of PKI disruptions with complete, effortless visibility. Adapt quickly to changes like Chrome’s upcoming reduced certificate lifetime requirements and avoid unexpected events like the Entrust and Symantec distrust incidents.

Why a certificate monitoring solution is more important now than ever 

As regulations shift and major changes like Google’s distrust of Entrust certificates shake the PKI landscape, the stakes for digital trust management have never been higher. Staying ahead of these challenges with robust certificate monitoring is not just smart – it’s essential for safeguarding your operations and ensuring seamless security.

Proactive management against disruptions

When Google announced it would no longer trust certificates issued by Entrust, companies scrambled to review and potentially replace their Entrust-issued certificates to avoid service disruptions come October 31, 2024. 

This incident illustrates how trust relationships can change overnight and underscores the need for proactive monitoring and management of digital certificates. With Red Sift Certificates, customers gain one-click visibility into all their certificate authorities, enabling them to quickly assess and mitigate their exposure to such events.

Aligning with regulatory requirements

Staying aligned with security frameworks like NIST and MITRE ATT&CK is vital for any organization striving to uphold best-in-class cybersecurity. Check out our blog to learn more about certificate monitoring requirements by framework.

For businesses that store, process, and/or transmit cardholder data, the Payment Card Industry Data Security Standard (PCI-DSS) is one such framework. The latest version of the framework is PCI DSS 4.0, which has elevated the importance of certificate monitoring. Specifically, requirement 4.2.1 mandates that certificates used to transmit Primary Account Numbers (PANs) over public networks must be current and valid, while 4.2.1.1 emphasizes the need for a detailed inventory of trusted keys and certificates. These requirements are considered best practice until 31 March 2025, after which they will become mandated in order to be PCI DSS compliant. 

Red Sift Certificates assists with both of these requirements thanks to best-in-class certificate expiration monitoring to ensure all digital certificates are valid, and a comprehensive, real-time inventory of an organization’s certificate estate. 

Avoiding service downtime and financial losses

Website downtime can wreak havoc on a business’s bottom line, with costs ranging from $5,600 to $9,000 per minute. The chilling reality is that many of these disruptions are caused by expired certificates – an easily preventable problem!

High-profile incidents underscore the gravity of the issue: Elexon’s expired TLS certificates caused half a day of outage, Microsoft grappled with TLS expiration issues resulting in unwanted security warnings, Shopify narrowly avoided disaster when an expired root certificate was discovered in a staging environment, and numerous US government websites have gone offline due to certificate expirations.

With Red Sift Certificates, customers don’t have to worry about certificate-related downtime. Our system automatically monitors for misconfigurations and upcoming expiry dates, including third-party certificates, ensuring you stay one step ahead of potential threats.

Detect misissuances that could lead to an attack

In a recent incident, a man-in-the-middle attack targeted the XMPP service at Jabber.ru, leading to unauthorized wiretapping. This breach exploited misissued certificates, allowing attackers to intercept and decrypt communication without detection.

Such incidents highlight the critical need for vigilant monitoring of certificate issuance to detect anomalies that could indicate potential compromises. With Red Sift Certificates, we analyze every certificate issued in real time, applying opening, closing, and escalation rules. This proactive approach enables customers to swiftly determine if a certificate is genuine, issued outside of policy, or an early indicator of compromise, effectively mitigating risks before they escalate into full-blown attacks.

With best-in-class capabilities and an enhanced UI, Red Sift Certificates is positioned as the preferred choice for organizations seeking a robust, efficient, and user-friendly certificate monitoring solution.

PUBLISHED BY

Francesca Rünger-Field

30 Jul. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more
Certificates

Never miss an expiring certificate again with Red Sift Certificates Lite

Francesca Rünger-Field

SSL/TLS certificates are the backbone of secure, uninterrupted digital experiences—but managing them effectively to prevent downtime remains a persistent challenge. With browser and certificate authorities looking to reduce certificate durations to as little as 90 or even 47 days, keeping track of renewals has never been more critical. That’s why we’re excited to introduce…

Read more
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more