The DIMS software product is designed to discover and catalogue what certificates an organization has and inform them of what’s important about the certificate assets, all from a single, easy to use management interface. Certificates expire, by design. It is therefore imperative that an organisation knows what certificates they have and when each certificate is due to expire: otherwise, they can find themselves in the position where key services fail.
DIMS provides the following benefits to an organisation:
- Minimises the reputational risk and maximises the systems availability
- Helps manage certificates’ costs
- Identifies rogue certificates in the environment such as
>Self-signed or test certificates
>Live certificates and associated keys installed on unapproved devices
>Certificates contravening the security policies
- Identifies weaknesses in the certificate handling practices
- Helps to achieve compliance to standards such as PCI DSS
The DIMS infrastructure allows management of certificates, no matter where they’re installed. The DIMS appliance will find certificates installed throughout the organisation’s network, either directly from the DIMS appliance or through the use of agent-based technology. DIMS agent technology ensures that remote networks or highly secure networks are covered - the agent does the work and returns the results to the DIMS appliance over a secure channel. The flexibility of DIMS makes sure the secure network remains so.
For completely remote networks, or when periodic scanning is not sufficient, the DIMS stand-alone discovery agent can be used. This portable and easy-to-run utility collects information from a network and optionally saves it to an encrypted file, which can then be loaded independently to the DIMS environment.
All DIMS management is via a single, secure web interface, with a visual representation of the number of certificates expiring each month. The inventory is also split into categories including “Expired” and “Expiring”, providing an easy at-a-glance view of the managed SSL assets. The inventory can be grouped, filtered, sorted and exported to the user’s requirements, making custom reporting simple.
- Comprehensive identification of certificates across all networks, public or private, internal or external.
- Non-intrusive - all discovery is extremely lightweight and requires no software to be installed on the target devices.
- Web-based management interface means no software for end users to install to view public facing networks. “At-a-glance” categories show certificates that are pending expiration.
- Visual view of certificate inventory - can aid in management of renewal cycles or highlight unwanted vendor certificates.
- Deployable discovery agents can be installed around your network, allowing discovery of certificates even on remote subnets where communication is normally restricted (i.e private networks). All communication is completely secure.
- Vendor-agnostic - regardless of issuer, DIMS will catalog the certificate, including untrusted or “self-signed” certificates.
- Works on multiple protocols, including HTTP/S, SMTP/S and IMAP/S.
Comprehensive interactive reporting, with full data export capability. Reports can also be scheduled for automatic delivery by email.
- Automated and customisable e-mail exception alerts: DIMS will alert selected users when certain exception criteria is set - for example, a certificate is due to expire.
- Certificate policies will highlight weak or undesirable certificates.
- Stand-alone discovery agent allows “offline” discovery of external or unconnected networks. Results can be stored and transported out-of-band to the DIMS Appliance, with no need for a direct connection between the agent and appliance.