Unique technologies for SSH key discovery and automation

Analyze vast SSH key estates, deploy remediation tools, automate policy compliant key management and simplify compliance.


Non-invasive key scan, analysis and reports

SSH Risk Assessment is the first step on the path to mitigation of SSH key risk, achieving compliance to regulatory mandates and satisfying audits with ease.

Our unique SSH key scanning technology combined with comprehensive compliance reports reveal the true status of your SSH environment. Our tools do not affect your current processes. We have made SSH key analyses for the massive estates of the world's largest financial companies.

You receive prioritized reports on policy violations, PAM bypass, standing privileges, shared access credentials, unmanaged root access, lateral movement vulnerability, non-quantum-resistant encryption and failure in the Segregation of Duties.

UKM is used by major enterprises to solve the problem of SSH key compliance


The SSH protocol and SSH keys are ubiquitous for secure data transfers and remote system admin in financial CDEs:

  • SSH encrypts traffic between end points to protect cardholder data (CHD) in transit

  • SSH secures CHD transmission by leveraging Secure File Transfer Protocol (SFTP)

  • SSH has replaced obsolete tools such as Telnet, FTP, rsh etc. to prevent unauthorized CHD access that could lead to a security breach     

  • SSH provides user and server authentication that ensures authorized user access to CHD

  • SSH provides secure access to CDEs for application developers and administrators

Best practice in application-to-application data transfers and interactive administrator access over SSH is to use public-key authentication, which relies on the use of SSH keys. Poor SSH governance and unmanaged SSH keys are a significant risk factor in PCI-DSS compliance.

ILLUSTRATION office busy

UKM User Portal - manage your SSH key estate

UKM’s User Portal provides a command-and-control console to manage your SSH key estate. You can administer your applications, authorizations and requests, new and existing keys and policy violation status all through the Portal. The UKM User Portal also lets Admins delegate authority and create isolated environments to support separate business units within an organization.

Main screen

The UKM User Portal Main screen summarizes the applications that are being managed within UKM. There’s an overview of the keys associated with these applications, including policy compliance. Also listed are access requests to applications on target hosts. From here, you can navigate to application drill-downs.


The Applications screen provides an overview of the key estate for a given application; a list of users who are associated with the application and their roles; and, for each policy the user has put in place, how their keys comply with these policies. This view presents actionable information to keep you in control of your SSH key environment and ensure compliance for each application.

“Reliable accurate key discovery is vital. Our high performance key usage scanning parses configuration files to extract the exact location and activity of every key. I believe our R&D in this area is very strong, unmatched in the market.”

Tatu Ylönen, founder and inventor, co-author of NIST 7966

UKM highlights - designed with world-leading banks and industrials

  • ICON lock and key

    Patented automatic SSH key discovery and tracking for existing authorizations, usage, configurations, and unused and policy-violating keys.

  • ICON keys

    Universal solution for open source SSH keys, Centrify, Attachmate, Bitwise etc.

  • ICON key discovery

    Non-intrusive deployment with no need to install agents on endpoints.

  • ICON monitor

    Centralized management for key configuration and policy control to reduce manual work and errors.

  • ICON NQX desktop

    Hardware Security Module (HSM) support.

  • ICON cogwheel

    Easy API integration to existing ticketing systems and your IAM infrastructure.

  • ICON inspect

    Policy-based reports on the compliance of your SSH configurations and key environment.

  • ICON checklist

    Compliant with current requirements and planned updates to e.g. GDPR, PCI, NIST/FISMA, SOX, HIPAA and BASEL III.

  • ICON bulk operations

    Alerts to SIEM or IPS/IDS systems for enhanced control, and rapid situational responses and violation fixes.

Read more in depth about UKM lifecycle key management

The latest UKM datasheet includes more information on features, specifications, compatibility, supported platforms, integrations, HSM support, deployment and reporting.

Next: download the full UKM datasheet