ISARA Advance provides a system of record for cryptography for data in motion—click here to download the overview
Cryptography is the foundation of identification, authentication, confidentiality, digital signatures, and verification—consequently, it’s a critical enabler of enterprise security.
To secure your enterprise today, to keep it secure tomorrow, and to comply with increasingly stringent regulations and audits, your cryptographic infrastructure needs to be visible, managed, and upgraded whenever necessary—without disrupting your normal business operation.
That’s why we created ISARA Advance: a cryptographic management platform that enables you to discover, manage, and remediate your cryptographic infrastructure—all from an easy-to-understand and easy-to-use central dashboard.
ISARA Advance provides a system of record for cryptography for data in motion—click here to download the overview
Explore the topics below to learn:
Cryptography is employed practically everywhere by today’s enterprises, but it often represents an enormous infrastructure security blind spot.
The potential damage of a successful attack against cryptography is immense, and no governance program or cyber risk strategy is complete without considering that:
However, the reality is that few enterprises understand their cryptographic risk—and fewer still have the agility to upgrade their crypto systems efficiently, securely, and without disruption.
Together, revealing what lurks inside this infrastructure security blind spot and equipping enterprises to remediate problems form the foundation of cryptographic agility and risk management.
Cryptography is the foundation of digital trust and is employed within and between practically every layer of your technology stack
Managing cryptography is notoriously expensive and error prone, because it's a highly manual, specialized, complex, and ongoing operation—and many enterprises find themselves ill-prepared for these important projects.
Advance overcomes these hurdles with automated end-to-end capabilities that enable you to discover, manage, and remediate the cryptographic algorithms used within your enterprise infrastructure.
By doing so, Advance increases cryptographic visibility and manageability, equipping you to:
Advance… | So you can… |
---|---|
Discovers and catalogs your cryptographic assets |
Understand the encryption, digital signature, and hashing algorithms upon which your enterprise depends, along with how they are implemented |
Identifies all cryptographic providers |
Manage your vendors, contractors, OEMs, third parties, and partners—whether the cryptography in place exists as separate utilities or is incorporated into vendor-provided solutions |
Surfaces existing cryptographic problems and risks |
Prioritize remediation of old and outdated algorithms, faulty configurations and implementations, exploitable software, etc. |
Equips you to manage your cryptographic assets |
Bring cryptographic systems into compliance with internal policies, cybersecurity best practices, and regulatory guidelines, by implementing and maintaining new cryptographic solutions |
Continually monitors your cryptographic posture and provides an easy-to-understand Global Crypto Score |
Track progress against a defined policy (covering algorithms, assets, devices, etc.), keeping pace with your ever-changing technology stack and cryptographic landscape |
To help CIOs, CISOs, and IT teams make informed decisions, Advance organizes information and insights within a sophisticated—but elegant—dashboard featuring clear, context-rich visuals.
Beyond discovery and reporting, Advance provides a central location from which to simplify cryptographic management and to orchestrate complex migrations between encryption standards.
ISARA Advance reveals—at a glance—important information; in this example, Advance is showing a high-level view of the strength of the cryptography used in the enterprise’s connections
To enable disruption-free deployments, Advance integrates into existing network detection and response (NDR) and endpoint detection and response (EDR) solutions. By utilizing the data these tools already collect, Advance allows you to learn about your cryptographic assets without needing to deploy and manage any additional agents.
For the latest details about NDR and EDR integration, please contact us at advance@isara.com.
If you’re looking for general information about cryptographic agility and the quantum threat (and its potential impact to your organization), we recommend our guide, Managing Cryptographic and Quantum Risk A non-technical and hype-free explanation of what’s at risk, what you can do, and why you should act now.
Here are answers to specific questions—if you have questions about Advance, crypto agility, or quantum-safe security solutions that aren’t answered below, then please reach out to us at advance@isara.com.
In short, yes—in fact, it would be difficult to overstate the risk quantum computing poses to today’s enterprises.
That’s why NIST is working hard on quantum-safe standards, which are expected to be published in 2024 (learn more about the third round of NIST standardization activities).
However, there are nuances. For instance, the urgency and severity of this risk don’t apply uniformly: while some organizations can reasonably wait, others should be laying the groundwork—today—for a migration to quantum-safe cryptography. This latter group includes those involved with critical infrastructure, connected vehicles, long-lived IoT devices, and communication platforms.
Of course, setting aside the quantum threat, becoming more effective and efficient at managing cryptographic assets still has significant benefits. The transition to quantum-safe cryptography is not the first cryptographic transition, nor will it be the last, and experience proves that these undertakings are costly, disruptive, and take much longer than anticipated.
Yes.
For organizations who need to protect today’s information and solutions with quantum-safe cryptography, there are “hybrid” solutions which maintain the use of NIST-approved algorithms while also future-proofing existing systems. Two such examples are:
Plus, regardless of the specific approach and timeline adopted by a particular organization, a prerequisite for a safe, secure, and disruption-free cryptographic migration is for an organization to understand where, how, and what cryptography is being used—which is why we built Advance.
Advance complements existing certificate and key management platforms by providing tools to monitor these solutions.
Cryptographic migrations are tremendously difficult, with experience showing that these transitions are costly, disruptive, and take much longer than anticipated—realistically requiring a decade or more to complete.
As just one example, the transition from the hash function SHA-1 to SHA-2 clearly demonstrates that organizations struggle to complete cryptographic migrations in a timely manner, even though every delay increases risk: despite SHA-1 being effectively deprecated in 2011 due to security vulnerabilities, many organizations are still working to complete the transition to SHA-2 almost a decade later.
Organizations have struggled with this update because hash functions are embedded in a vast number of protocols, systems, and solutions. Simply gaining visibility into the posture of any single algorithm has proven to be a daunting manual task that rarely gets accomplished—so it’s no wonder that migrating all the affected systems and software libraries is such a challenge.
In Better Safe Than Sorry: Preparing for Crypto-Agility1, Gartner stated that, “Sudden and unpredictable algorithmic and cryptographic compromises can leave application security at risk. Security and risk management leaders must prepare for these events by crafting agile response plans.”
The report predicts that organizations with crypto-agility plans in place will suffer 60% fewer cryptographically related security breaches and application failures than organizations without a plan.
That’s because cryptographically agile organizations can upgrade and evolve their cryptographic systems safely, securely, and without disruptions, giving them important advantages and significantly lowering their crypto risk.
Unfortunately, simply auditing their assets is a complex and expensive undertaking for most organizations, requiring IT personnel to spend countless hours manually sifting through the technology stack—and the result is still an incomplete view.
So there are clear cybersecurity and risk management advantages to effectively and efficiently gaining an accurate accounting of your cryptographic assets and increasing your ability to manage them, even if your quantum migration is off in the distance.
[1] Better Safe Than Sorry: Preparing for Crypto-Agility, Mark Horvath, David Mahdi, 20 March 2017
In the short term, all organizations should take steps to become crypto agile, because doing so is an effective way to manage cryptographic risk and also positions an organization for the migration to quantum-safe cryptography.
All organizations should also endeavor to understand the quantum threat and to stay up-to-date with ongoing developments. In addition to our own guide, another recommended resource is the NIST Computer Security Resource Center whitepaper, Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms, published as a draft in May 2020.
Certain organizations—particularly those involved with critical infrastructure, connected vehicles, long-lived IoT devices, and communication platforms—should also investigate and potentially implement quantum-safe algorithms which are available today.