SSH APIs and Connectors
SSH Communications Security products offer comprehensive APIs for integrating with identity and access management, configuration management databases, workflow and ticketing systems, security incident and event management, privilege escalation, data loss prevention and various other protocols.
Almost all information in the system can be extracted using the APIs for external reporting. It also means that there is no vendor lock-in. Most data items can also be entered into the system via the API, meaning it is possible to transfer data from other systems into SSH One.
It also supports APIs and connectors for extending the products. These could be used, for example, for intefacing with new mechanisms for scanning SSH keys on hosts and managing them.
The product also supports PKCS#11 interfaces to hardware security modules (HSMs) for secure storage of private keys.
Interface to Identity and Access Management
SSH key management is part of identity and access management. Most customers want to integrate SSH One into their workflows for identity and access provisioning and deprovisioning. SSH One provides REST APIs to help do that.
Many of our customers integrate with, for example, Oracle Identity Manager.
Interface to Configuration Management Databases
Most customers already have a lot of data in various databases describing installed systems and accounts, applications they are used for, responsible people, and various other aspects of this environment. A lot of this information is very useful for speeding up an SSH key management project. SSH One provides REST APIs for importing such infomation.
Interface to SIEM
SSH One has a two-way integration with security incident and event management (SIEM) systems. On one had, SSH One reads log information from hosts and can import it from a SIEM. The log information is very helpful in, for example, determining which SSH keys are actually being used and how they are used.
On the other hand, various components of SSH One generate their own log data and alerts. These can be sent to a SIEM using the syslog protocol. Alerts can also be triggered in several other ways.
The Universal SSH Key Manager component also needs to escalate privileges to execute certain operations with privileged access when it is run without full root privileges.
Data Loss Prevention and Anti-Virus
The CryptoAuditor component is often used together with data loss prevention (DLP) solutions to gain leakage protection for encrypted file transfers. The ICAP protocol is used for integration with these systems. It is supported by most DLP and anti-virus vendors.
The CryptoAuditor component can also be used for adding a second factor of authentication at a firewall or boundary, without having to add agents or other software on servers behind the firewall. It can use, e.g., the RADIUS protocol to talk to the two-factor authentication server. This is supported by most two-factor authentication solutions. Various other protocols are also available.