Revoking a certificate invalidates a certificate before its scheduled expiration date. There are many reasons to revoke a certificate including, but not limited to, compromise or loss of the corresponding private key, key is no...
READ MORE >
CA/Browser Forum Code Signing Requirements – New for 2023
Effective June 1st of this year, the new CA/Browser Forum code signing requirements go into effect. As a result, publicly trusted Certificate Authorities (CA) will require that certificate requestors use an appropriately certified (FIPS 140-2...
READ MORE >
Secure Container Signing with Cosign and PKCS#11
Over the past few years container adoption has grown rapidly. With it has grown the need to sign container images to help prevent supply chain attacks. The standards and tools to sign images have evolved...
READ MORE >
Preventing the Next Package Manager Supply Chain Attack
Recently, the popular NPM package ua-parser-js was compromised by attackers. At least three malicious versions of the software were released by attackers with capabilities including password stealing, cryptomining, and more. While the attack was quickly...
READ MORE >
Implementing The New Supply Chain Security Frameworks From Google, Microsoft, and CNCF
In this post, learn more about satisfying the requirements of three new frameworks for securing the software supply chain: Google’s SLSA Framework, Microsoft’s SCIM Framework, and CNCF’s Software Supply Chain Best Practices.
READ MORE >
Key-Based Authentication: Using Cryptographic Controls To Manage Access To Enterprise Resources
Enterprises have a wide array of resources to protect: file shares, email servers, production systems, databases, source code repositories, DevOps tools, and more. If key-based authentication is enforced for all of these different resources, and...
READ MORE >
Streamlining Automated Certificate Management With Centrally-Secured Private Keys
Garantir is pleased to announce new automated certificate management capabilities in the GaraSign product. The GaraSign approach enables the enterprise to centrally secure all private keys and streamline the certificate orchestration process.
READ MORE >
How To Instantly Revoke Access To Files On Remote Workstations
Managing access to files and documents that have been downloaded and stored on end-user workstations is difficult. Check out this blog post to learn how to overcome this challenge.
READ MORE >
Taking MFA Down A Notch: Enforcing Security Controls Without Software Changes
Security controls like MFA and device authentication can be applied at the transport layer, which eliminates the need to modify web applications or the servers that host enterprise resources like email, files, data, and so...
READ MORE >