Why do enterprises keep selecting UKM?

Prevent PAM bypass

IT management at a big box retailer found admins were bypassing their Privileged Access Management (PAM) with ad hoc SSH key generation.

SSH Risk Assessment discoveries:

• Unprotected master private keys on all servers
• Unauthorized connections from non-prod to prod
• Small user group with massive untracked key inventory
• Non-policy compliant, IT audit failure point

Read more about 5 ways to bypass PAM here>>>

The UKM solution:

• 1m keys taken under management
• 0.5m unauthorized keys over 5 years old immediately remediated
• Automation and regular reports on entire key inventory
• PAM bypass mitigated, policy compliant

Remedy a failed IT audit

A large investment firm failed an internal audit over lack of control over internal access to sensitive assets.

SSH Risk Assessment discoveries:

• Users had direct access to production environment outside of the company’s PAM system
• Attempts to use the company’s PAM to rotate passwords and enforce ticketed access to production had failed
• Unauthorized users had access to the servers that should have been the most secure

The UKM solution:

• Secure server group alerts for unauthorized user accounts
• Leveraged UKM API for custom IAM automations
• Internal access to sensitive assets audit problem solved

Replace a struggling in-house SSH solution

One of the world’s largest technology companies developed their own solution for SSH key creation but it was not able to monitor the estate or manage keys.

SSH Risk Assessment discoveries:

• Multiple shared keys in use with access to over 30,000 servers
• SSH keys over 20 years old running critical business processes
• In-house solution unable to scan, monitor or remediate keys

The UKM solution:

• Full visibility too the entire SSH key environment in one console
• Leverage UKM APIs for automated key deployment
• 100% legacy keys remediated and brought up to modern quantum-resistant encryption standards without breaking critical processes

State-mandated SSH Key control

A regional financial authority mandated comprehensive SSH key management for a major international bank when it failed an audit.

SSH Risk Assessment discoveries:

• System administrators had direct access to root accounts across the server estate
• Direct connections to production servers from development with no device restrictions
• No control or visibility into over 10m annual SSH connections

The UKM solution:

• 95% of SSH keys discovered were unused and deleted
• 100% of keys made policy compliant with assigned owners
• UKM integrated with Ansible to deploy keys required at build time

Gain compliance for billions of connections

A major financial institution’s test lab found no processes for SSH key management and needed to meet compliance standards

SSH Risk Assessment discoveries:

• 200,000 non-policy compliant SSH keys
• 500 root access keys over 10 years old
• Over 90% of private keys not protected with passphrases
• One account had over 500 copies of the same private key across multiple servers

The UKM solution:

• All non-policy compliant keys flagged and remediated, with alerts for policy violating new keys
• Over 1.5bn key-based logins managed in 3 years since deployment
• Successful compliance audit

Find out more about enterprise UKM customers in our case studies

Discover

UKM deployments begin with an SSH Risk Assessment, a non-disruptive report on your SSH environment

• Full inventory of all active and potentially active keys - who has access to what, and where
• Discovery of keys enabling PAM and jump host bypass
• Identification of all keys violating global SSH policy capable of posing a threat
• Detailed prioritized report on policy compliance in your SSH Key environment (e.g. NIST, SOX, HIPAA, PCI-DSS etc.)
• Trust relationship map and evaluation against defined policies

Manage

Implement systematic monitoring and control of your SSH Key environment.

• Highly efficient centralized key management
• Monitor and report when and where SSH Keys are used
• React to violations with alerts for unauthorized changes to SSH configurations
• Remove unused or unauthorized SSH keys and renew old and weak keys
• Prevent ungoverned distribution of SSH Keys
• Limit access to servers to authorized sources

Automate

Automate the full lifecycle of vast numbers of SSH Keys to simplify the effort of staying compliant.

• Integrate authorization processes with existing ticketing systems
• Centrally manage SSH configurations Automate key provisioning, rotation and remediation
• Automate detection and prevention of policy violations
• Configuration lock down
• Compliance process enforcement

Migrate to Zero Trust

Eliminate the need for standing privileges (authorized keys) for SSH access.

• Eliminate authorized keys on servers for SSH access
• Radically simplify the overhead of rotating SSH keys
• Full audit and session control 
• Transparent migration to just-in-time (JIT) and Zero Trust proof ephemeral access - without permanent SSH keys to manage or rotate.

UKM Case Study

Finance compliance audit success

Learn how SSH.COM helped one of the world’s largest banks solve compliance issues stemming from lack of governance over the SSH Keys used to access critical business systems.

UKM Case Study

Prevent PAM bypass and regain control

A famous bank's internal security audit showed their development team had found a way to self-provision SSH access across production systems, by-passing access control systems in place.

UKM Case Study

Securing a Financial IT  Key Environment

This global big data analysis firm deployed UKM  to fully integrate with their AWS-hosted service to meet customer demands for secure access controls to data hosted in the cloud.