Your browser does not allow storing cookies. We recommend enabling them.

SSH Communications Security Unveils General Availability of Industry-First SSH Risk Assessor Tool


Free Discovery Tool to Identify Risks in Secure Shell Environments Now Available Online as Free Download

LAS VEGAS (Black Hat USA Booth #437) – SSH Communications Security, known the world over as the inventor of the ubiquitous Secure Shell and SFTP protocols, today announced the general availability of SSH Risk Assessor (SRA), a free tool that provides users with a clear report on risk and compliance exposures in Secure Shell environments. SRA is now available for download on SSH’s website.

SSH Risk Assessor News Facts

  • Secure Shell Risk Assessment : Industry-first key location and risk-assessment technology available for free
  • Secure Shell Key Discovery : Provides broad problem-scope capabilities to provide an understanding of the current state of the Secure Shell environment
  • Access Compliance : Identifies organization-specific compliance status with relevant standards
  • Identity and Access Governance : Assesses actions needed to achieve compliance
  • The tool is available for free at

Widespread mismanagement of Secure Shell keys – including lack of centralized creation, rotation and removal – has left organizations vulnerable to attack and in violation of current and emerging compliance mandates including SOX, PCI, NIST and FISMA. The SRA tool gives security auditors and administrators valuable decision support with respect to identity and access governance in SSH environments. The tool report highlights known vulnerabilities in the environment, basic statistics on SSH keys deployed and specific violations of best current practices.

Supporting Quote

Matthew McKenna, EVP and COO, SSH Communications Security, said:

“Our customers are some of the biggest banks and organizations in the world. When we surveyed them, none had any idea that their network environments were home to over 100,000 lost Secure Shell keys providing root access to their most sensitive data. They had no way to discover how many lost keys they had, no way to find where they were and no way to know how much risk they were taking on as a result. With the release of the free SRA tool, we are making it quick and easy for major enterprises, governments and financial institutions to get a clear snapshot of the level of risk in their Secure Shell environments, giving them the first step toward remediation.”

Supporting Resources

IDC White Paper: A Gaping Hole in Your Identity and Access Management Strategy: Secure Shell Access Controls

About SSH Communications Security

Founded in 1995, SSH Communications Security is the company that invented the SSH protocol - the gold standard protocol for data-in-transit security solutions. Today, over 3,000 customers across the globe - including seven of the Fortune 10 - trust our Information Assurance Platform to secure the path to their information assets. We enable and enhance business for thousands of customers in multiple industries in the private and public sectors around the world. A fast-growing company, SSH Communications Security operates in the Americas, Europe, and APAC regions, with headquarters located in Helsinki, Finland. The company shares (SSH1V) are quoted on the NASDAQ OMX Helsinki.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now