SSH Risk Assessment™ service

Unique scanning technology and prioritized reports - mitigate SSH key risk, gain compliance and pass your audit

Read the ISACA guide to SSH keys

The first step to solving the SSH key audit problem

  • ICON rocket

    Fast - Completed in a few days and requires only a few hours of your staff’s time

  • ICON shield

    Non-invasive - Our software tools do not require software agents to be installed and do not make any changes on your hosts. No private keys are collected or moved

  • ICON magnifying glass

    Comprehensive - You get an analysis of the most significant risks, including compelling visualizations of trust relationships and compliance roadblocks

  • ICON checklist

    Prioritized - We tell you what to focus on first and why

  • ICON protect money

    Safe - No information or data leaves your control

“You guys are SSH Communications Security - the inventors of the protocol. Why would I look for anyone else for SSH key management?"

Security architect in a big data company

Designed with and for the world’s biggest corporations

SSH Risk Assessment is a professional service from SSH.COM for large organizations that provides in-depth information around the use of SSH and key-based authentication in complex IT infrastructure.

We leverage our in-depth technology expertise, our industry leading IP, our custom-developed scanning and reporting software, and our wide-ranging experience with thousands of enterprises and state/federal agencies, to provide a service that is fast, efficient and effective.

Get an example SSH Risk Assessment report

In-depth analysis and your path to success

Our detailed reports provide visualizations that illustrate trust relationships that are within and outside of policy and from known and unknown sources.

Executive summaries, charts and graphics give your team actionable information for internal stakeholders in audit, risk, compliance and the C-suite.

You gain clear understanding of the scale of your SSH key risk and exposure and prioritized recommended actions for success.

Read more on solving SSH audit failure

Explore how SSH Risk Assessment identifies critical vulnerabilities in enterprise key environments

PAM bypass - prevent users from circumventing access controls

Transitive trust - remediate unauthorized standing privileges

Segregation of Duties - discover non-compliant dev-prod access

“Reliable accurate key discovery is vital. Our high performance key usage scanning parses configuration files to extract the exact location and activity of every key. I believe our R&D in this area is very strong, unmatched in the market.”

Tatu Ylönen, founder and inventor of SSH, co-author of NIST 7966