SlideShare a Scribd company logo

The TLS Upgrade

AppViewX, profile picture
AppViewX

The document discusses the migration from TLS 1.0 and 1.1 to TLS 1.2 and 1.3, highlighting the implications of TLS deprecation and providing recommendations for organizations to prepare for the upgrade. It outlines the challenges associated with migrating systems and emphasizes the importance of automating the transition to minimize errors and ensure compliance. Additionally, the document introduces AppViewX Cert+ as a solution for managing the certificate lifecycle and facilitating a smoother upgrade process.

Technology
1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
© 2019 AppViewX, Inc. 1 The TLS Upgrade Migrating Away from TLS 1.0 and 1.1
© 2019 AppViewX, Inc. 2 2 Agenda Implications of the TLS Deprecation The Upgrade: Challenges and Recommendations 2 3 A Brief History of TLS1 How AppViewX Assists the TLS Migration4
© 2019 AppViewX, Inc. 3 A Brief History of TLS TLS 1.2 is Released TLS 1.3 is Released TLS 1.0 & 1.1 will be deprecated. TLS 1.1 is ReleasedTLS 1.0 is Released  Major Browsers announce early 2020 end-of- support for TLS 1.0, 1.1  [Apple, Google, Mozilla, Microsoft] (+) Cipher Suite Specified Pseudorandom Functions (+) AES Cipher Suites (+) Functional Enhancements (-) IDEA Cipher Suites (-) DES Cipher Suites Minor Upgrade to TLS 1.0 (+) Protection Against Cipher Block Chaining (CBC) Attacks (+) Single Round- Trip Handshake (+) Encryption of SNI Info (+) RSA-PSS Support (-) SHA-1 (-) MD5 (-) RC4 (-) DES (-) 3ES  A replacement to SSL 3.0  Similar to SSL, but prevents interoperability 1999 2006 2008 2018 2020
© 2019 AppViewX, Inc. 4 The Immediate Effects of TLS Deprecation Loss of recognition from Big 4 Internet Browsers Once deprecated, clients can no longer connect to services using TLS 1.0 and 1.1. Result: Exposure to vulnerabilities of older versions (Ex: Downgrade Attacks, Failing PCI Compliance Checks) PCI Supports TLS 1.1 and upwards, strongly recommends TLS 1.2
© 2019 AppViewX, Inc. 5 Preparing for an Upgrade Renew x.509 Certificates Replace/Update Web Servers Ensure Application and API Support of TLS 1.2/1.3 Configure TLS Securely
© 2019 AppViewX, Inc. 6 TLS 1.2 vs. TLS 1.3 TLS 1.3 is fairly recent, with TLS 1.2 being over a decade old. According to Mozilla, 93% of TLS sessions in 2018 used TLS 1.2, with only 5.6% using TLS 1.3. However, TLS 1.3 boasts of vastly greater performance and experts recommend its use right away. Being a newer protocol, TLS 1.3 has several key advantages over its predecessor. Zero/One Round-Trip Handshakes Removal of SHA-1, DES, AES-CBC etc. No Vulnerability to RC4, BEAST exploits Perfect Forward Secrecy RSA-PSS Standard Implementation Provision to Encrypt SNI Information
© 2019 AppViewX, Inc. 7 Migrating to TLS 1.2/1.3 : Challenges o The average organization has thousands of applications and systems supporting TLS 1.0 or 1.1. o Each application has one or more devices supporting TLS 1.0 or 1.1. o Manually switching every device to TLS 1.0 is tedious and error- prone. o An automation tool that can efficiently migrate/update the device to TLS 1.2/1.3-compatible ones is a safe, cost-effective method.
© 2019 AppViewX, Inc. 8 Migrating to TLS 1.2/1.3 : Recommendations  Configure end systems to disable TLS 1.0/1.1  Identify technology to replace vulnerable protocols and document secure configurations to be implemented.  Identify all system components and data flows that rely on OR support the obsolete protocols.  Ensure that servers are TLS 1.2/1.3 cipher compatible.  Discover and verify endpoint compatibility with TLS 1.2 and above.  Endpoint rectification by enabling TLS 1.2 and above.  Block vulnerable ciphers (TLS 1.0, 1.1) on endpoints and plan for a quick rollback if needed.
© 2019 AppViewX, Inc. 9 How can I prime my PKI to work with an upgraded TLS? Identify Vulnerable Devices Scan your entire network to discover and locate Clients and Servers Migrate Certificate Keys Migrate the hash function from SHA1 to SHA256 to support TLS 1.2 and above Renew Certificates Contact CAs to renew certificates with the SHA256 key type. Push to Endpoints Install the renewed certificates on their respective endpoints.
© 2019 AppViewX, Inc. 10 End-to-End Automation Platform: AppViewX CERT+ Growing List of Integrations ITSM Web App Firewall Firewall Access Proxy CA DDI SSL Certificates ADC HSM SDN, Branch, NFV
© 2019 AppViewX, Inc. 11 Accelerated Certificate Renewal and Installation Automated installation on endpoints Achieve an up-to-date certificate infrastructure Scan environments and discover vulnerable devices Set up an automation workflow for bulk renewals Group them according to replacement criteria
© 2019 AppViewX, Inc. 12 CA-Agnostic Discovery Engine Certificate Discovery Control Panel Inventory Report
© 2019 AppViewX, Inc. 13 Zero-touch Control over Certificate Infrastructure Holistic View of Certificate Trust Chain
© 2019 AppViewX, Inc. 14 Process Automation with Visual Workflows Certificate Process Workflow Builder
© 2019 AppViewX, Inc. 15 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 1: Select Endpoint(s)
© 2019 AppViewX, Inc. 16 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 2: Check current version of endpoint(s)
© 2019 AppViewX, Inc. 17 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 3: Disable TLS 1.0/1.1 on endpoint(s)
© 2019 AppViewX, Inc. 18 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 4: Implementation of TLS 1.0/1.1 disablement
© 2019 AppViewX, Inc. 19 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 5: Check TLS version post disablement of vulnerable version
© 2019 AppViewX, Inc. 20 Value Proposition of Certificate Lifecycle Automation ELIMINATE ERRORS Remove manual steps in development and production ENFORCE COMPLIANCE Deliver and protect applications as you intend MOVE FASTER Automate network infrastructure services REDUCE COST Take out complexity and do more with less
© 2019 AppViewX, Inc. 21 Real-world Business Benefits of AppViewX Reduction in Issuance Time Reduction in Deployment Time Reduction in Configuration Time 70% 83% 70% 0% Configuration Errors 0% Outages
© 2019 AppViewX, Inc. 22 Schedule a Live Demo

More Related Content

PPTX
Integrating with salesforce
Mark Adcock
 
PDF
見終わったらすぐできる! VMware & Nutanix ユーザーのためのTerraform Cloud
Wataru Unno
 
PPTX
Salesforce Integration Pattern Overview
Dhanik Sahni
 
PDF
Replicate Salesforce Data in Real Time with Change Data Capture
Salesforce Developers
 
PPTX
PUBLISHING YOUR PACKAGE TO APPEXCHANGE IN 2023
Bohdan Dovhań
 
PDF
Introduction to the Salesforce Security Model
Salesforce Developers
 
PPTX
How to Use Telegraf and Its Plugin Ecosystem
InfluxData
 
PPTX
Platform Events by Tim Taylor
Christine Smith
 
Integrating with salesforce
Mark Adcock
 
見終わったらすぐできる! VMware & Nutanix ユーザーのためのTerraform Cloud
Wataru Unno
 
Salesforce Integration Pattern Overview
Dhanik Sahni
 
Replicate Salesforce Data in Real Time with Change Data Capture
Salesforce Developers
 
PUBLISHING YOUR PACKAGE TO APPEXCHANGE IN 2023
Bohdan Dovhań
 
Introduction to the Salesforce Security Model
Salesforce Developers
 
How to Use Telegraf and Its Plugin Ecosystem
InfluxData
 
Platform Events by Tim Taylor
Christine Smith
 

What's hot (20)

PDF
FIWARE Wednesday Webinars - The Use of DDS Middleware in Robotics (Part 1)
FIWARE
 
PDF
LinkedInSaxoBankDataWorkbench
Sheetal Pratik
 
PDF
Designing the Next Generation of Data Pipelines at Zillow with Apache Spark
Databricks
 
PDF
F5 TLS & SSL Practices
Brian A. McHenry
 
PPTX
Design API using RAML - basics
kunal vishe
 
PDF
Data Migration Done Right for Microsoft Dynamics 365/CRM
Daniel Cai
 
PDF
Apex Enterprise Patterns: Building Strong Foundations
Salesforce Developers
 
PPTX
Top 10 Cypher Tuning Tips & Tricks
Neo4j
 
PDF
Linux-HA Japanプロジェクトのこれまでとこれから
ksk_ha
 
PDF
Deployment Strategies Powerpoint Presentation Slides
SlideTeam
 
PPTX
Einstein Analytics
Amit Chaudhary
 
PDF
Spark SQL Bucketing at Facebook
Databricks
 
PPTX
Data Migration Made Easy
Salesforce Admins
 
PDF
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
PPTX
Health monitoring and dependency injection - CNUG November 2019
Alex Thissen
 
PPTX
Capture the Streams of Database Changes
confluent
 
PDF
Salesforce.comの情報セキュリティについて
Salesforce Developers Japan
 
DOC
T24-TAFJ-Consultant_Sivashankar.R
Sivashankar Ramamurthy
 
PDF
A Trifecta of Real-Time Applications: Apache Kafka, Flink, and Druid
HostedbyConfluent
 
PPTX
Secure sd wan
Dr. (Engr.) OLUGBENGA BABATUNDE(FBCS,CPMP,FCIPM,FIPMA,FIMC,CMC,MNSE)
 
FIWARE Wednesday Webinars - The Use of DDS Middleware in Robotics (Part 1)
FIWARE
 
LinkedInSaxoBankDataWorkbench
Sheetal Pratik
 
Designing the Next Generation of Data Pipelines at Zillow with Apache Spark
Databricks
 
F5 TLS & SSL Practices
Brian A. McHenry
 
Design API using RAML - basics
kunal vishe
 
Data Migration Done Right for Microsoft Dynamics 365/CRM
Daniel Cai
 
Apex Enterprise Patterns: Building Strong Foundations
Salesforce Developers
 
Top 10 Cypher Tuning Tips & Tricks
Neo4j
 
Linux-HA Japanプロジェクトのこれまでとこれから
ksk_ha
 
Deployment Strategies Powerpoint Presentation Slides
SlideTeam
 
Einstein Analytics
Amit Chaudhary
 
Spark SQL Bucketing at Facebook
Databricks
 
Data Migration Made Easy
Salesforce Admins
 
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Health monitoring and dependency injection - CNUG November 2019
Alex Thissen
 
Capture the Streams of Database Changes
confluent
 
Salesforce.comの情報セキュリティについて
Salesforce Developers Japan
 
T24-TAFJ-Consultant_Sivashankar.R
Sivashankar Ramamurthy
 
A Trifecta of Real-Time Applications: Apache Kafka, Flink, and Druid
HostedbyConfluent
 
Secure sd wan
Dr. (Engr.) OLUGBENGA BABATUNDE(FBCS,CPMP,FCIPM,FIPMA,FIMC,CMC,MNSE)
 
Ad

Similar to The TLS Upgrade (20)

PPT
Securing Servers in Public and Hybrid Clouds
RightScale
 
PPTX
Checkpoint Overview
Leonardo Antichi
 
PPTX
Customer Highleveloverview
rehanf5
 
PDF
Pivotal Cloud Foundry 2.3: A First Look
VMware Tanzu
 
PPTX
Friendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies
 
PPSX
NetScaler 11 Update
MarketingArrowECS_CZ
 
PDF
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
chhoup
 
PDF
Tech Talk - Cloud Transformation in 2017
Alex Rhea
 
PPTX
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd
 
PDF
SSL VPN Evaluation Guide
Array Networks
 
PPTX
Network-chapter 4.pptx
LailaHeilat3
 
PPT
Web Services and Devices Profile for Web Services (DPWS)
Jorgen Thelin
 
PPTX
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
PPTX
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
PDF
CERT_ver-1.4
Abin Abraham
 
PPTX
World Wide Technology Introduces Cisco ONE
World Wide Technology
 
PPTX
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Real-Time Innovations (RTI)
 
PDF
Istio Service Mesh
Lew Tucker
 
PPTX
Adaptive Cloud Security Next Generation Sec
Samuel Onaghise
 
PDF
Presentation capturing the cloud opportunity
xKinAnx
 
Securing Servers in Public and Hybrid Clouds
RightScale
 
Checkpoint Overview
Leonardo Antichi
 
Customer Highleveloverview
rehanf5
 
Pivotal Cloud Foundry 2.3: A First Look
VMware Tanzu
 
Friendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies
 
NetScaler 11 Update
MarketingArrowECS_CZ
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
chhoup
 
Tech Talk - Cloud Transformation in 2017
Alex Rhea
 
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd
 
SSL VPN Evaluation Guide
Array Networks
 
Network-chapter 4.pptx
LailaHeilat3
 
Web Services and Devices Profile for Web Services (DPWS)
Jorgen Thelin
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
CERT_ver-1.4
Abin Abraham
 
World Wide Technology Introduces Cisco ONE
World Wide Technology
 
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Real-Time Innovations (RTI)
 
Istio Service Mesh
Lew Tucker
 
Adaptive Cloud Security Next Generation Sec
Samuel Onaghise
 
Presentation capturing the cloud opportunity
xKinAnx
 
Ad

More from AppViewX (20)

PPTX
Accelerate Digital Transformation with Application Delivery Automation
AppViewX
 
PPTX
Best Practices for Certificate Management
AppViewX
 
PPTX
Network Automation and Microservices Application
AppViewX
 
PPTX
AppViewX and Ansible
AppViewX
 
PPTX
What is NetOps? | NetOps Transformation
AppViewX
 
PDF
Network Security Automation_Solution Brief
AppViewX
 
PDF
Application Delivery Automation_Solution Brief
AppViewX
 
PDF
AppViewX Automation+ brochure
AppViewX
 
PDF
AppViewX CERT+ Brochure
AppViewX
 
PDF
AppViewX Platform Brochure
AppViewX
 
PDF
AppViewX| Case study - Automated server rotations save healthcare consortium ...
AppViewX
 
PDF
AppViewX|Case study - Largest US telecommunication company builds agile adc i...
AppViewX
 
PDF
App viewx cert+
AppViewX
 
PDF
Webinar what's new in avx 12.0 AppViewX
AppViewX
 
PDF
Webinar unlock the power of adc management and automation AppViewX
AppViewX
 
PDF
Webinar The New Automation+ developed for Net-ops agility- Appviewx
AppViewX
 
PDF
Webinar start your automation journey AppViewx
AppViewX
 
PDF
Operational Efficiency Increases by 40% for Multinational Hotel Chain
AppViewX
 
PDF
Large Financial Services Company Reduces Deployment Time by 75%
AppViewX
 
PDF
Global Financial Firm Simplifies Cisco ANM Migration
AppViewX
 
Accelerate Digital Transformation with Application Delivery Automation
AppViewX
 
Best Practices for Certificate Management
AppViewX
 
Network Automation and Microservices Application
AppViewX
 
AppViewX and Ansible
AppViewX
 
What is NetOps? | NetOps Transformation
AppViewX
 
Network Security Automation_Solution Brief
AppViewX
 
Application Delivery Automation_Solution Brief
AppViewX
 
AppViewX Automation+ brochure
AppViewX
 
AppViewX CERT+ Brochure
AppViewX
 
AppViewX Platform Brochure
AppViewX
 
AppViewX| Case study - Automated server rotations save healthcare consortium ...
AppViewX
 
AppViewX|Case study - Largest US telecommunication company builds agile adc i...
AppViewX
 
App viewx cert+
AppViewX
 
Webinar what's new in avx 12.0 AppViewX
AppViewX
 
Webinar unlock the power of adc management and automation AppViewX
AppViewX
 
Webinar The New Automation+ developed for Net-ops agility- Appviewx
AppViewX
 
Webinar start your automation journey AppViewx
AppViewX
 
Operational Efficiency Increases by 40% for Multinational Hotel Chain
AppViewX
 
Large Financial Services Company Reduces Deployment Time by 75%
AppViewX
 
Global Financial Firm Simplifies Cisco ANM Migration
AppViewX
 

Recently uploaded (20)

PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 

The TLS Upgrade

  • 1. © 2019 AppViewX, Inc. 1 The TLS Upgrade Migrating Away from TLS 1.0 and 1.1
  • 2. © 2019 AppViewX, Inc. 2 2 Agenda Implications of the TLS Deprecation The Upgrade: Challenges and Recommendations 2 3 A Brief History of TLS1 How AppViewX Assists the TLS Migration4
  • 3. © 2019 AppViewX, Inc. 3 A Brief History of TLS TLS 1.2 is Released TLS 1.3 is Released TLS 1.0 & 1.1 will be deprecated. TLS 1.1 is ReleasedTLS 1.0 is Released  Major Browsers announce early 2020 end-of- support for TLS 1.0, 1.1  [Apple, Google, Mozilla, Microsoft] (+) Cipher Suite Specified Pseudorandom Functions (+) AES Cipher Suites (+) Functional Enhancements (-) IDEA Cipher Suites (-) DES Cipher Suites Minor Upgrade to TLS 1.0 (+) Protection Against Cipher Block Chaining (CBC) Attacks (+) Single Round- Trip Handshake (+) Encryption of SNI Info (+) RSA-PSS Support (-) SHA-1 (-) MD5 (-) RC4 (-) DES (-) 3ES  A replacement to SSL 3.0  Similar to SSL, but prevents interoperability 1999 2006 2008 2018 2020
  • 4. © 2019 AppViewX, Inc. 4 The Immediate Effects of TLS Deprecation Loss of recognition from Big 4 Internet Browsers Once deprecated, clients can no longer connect to services using TLS 1.0 and 1.1. Result: Exposure to vulnerabilities of older versions (Ex: Downgrade Attacks, Failing PCI Compliance Checks) PCI Supports TLS 1.1 and upwards, strongly recommends TLS 1.2
  • 5. © 2019 AppViewX, Inc. 5 Preparing for an Upgrade Renew x.509 Certificates Replace/Update Web Servers Ensure Application and API Support of TLS 1.2/1.3 Configure TLS Securely
  • 6. © 2019 AppViewX, Inc. 6 TLS 1.2 vs. TLS 1.3 TLS 1.3 is fairly recent, with TLS 1.2 being over a decade old. According to Mozilla, 93% of TLS sessions in 2018 used TLS 1.2, with only 5.6% using TLS 1.3. However, TLS 1.3 boasts of vastly greater performance and experts recommend its use right away. Being a newer protocol, TLS 1.3 has several key advantages over its predecessor. Zero/One Round-Trip Handshakes Removal of SHA-1, DES, AES-CBC etc. No Vulnerability to RC4, BEAST exploits Perfect Forward Secrecy RSA-PSS Standard Implementation Provision to Encrypt SNI Information
  • 7. © 2019 AppViewX, Inc. 7 Migrating to TLS 1.2/1.3 : Challenges o The average organization has thousands of applications and systems supporting TLS 1.0 or 1.1. o Each application has one or more devices supporting TLS 1.0 or 1.1. o Manually switching every device to TLS 1.0 is tedious and error- prone. o An automation tool that can efficiently migrate/update the device to TLS 1.2/1.3-compatible ones is a safe, cost-effective method.
  • 8. © 2019 AppViewX, Inc. 8 Migrating to TLS 1.2/1.3 : Recommendations  Configure end systems to disable TLS 1.0/1.1  Identify technology to replace vulnerable protocols and document secure configurations to be implemented.  Identify all system components and data flows that rely on OR support the obsolete protocols.  Ensure that servers are TLS 1.2/1.3 cipher compatible.  Discover and verify endpoint compatibility with TLS 1.2 and above.  Endpoint rectification by enabling TLS 1.2 and above.  Block vulnerable ciphers (TLS 1.0, 1.1) on endpoints and plan for a quick rollback if needed.
  • 9. © 2019 AppViewX, Inc. 9 How can I prime my PKI to work with an upgraded TLS? Identify Vulnerable Devices Scan your entire network to discover and locate Clients and Servers Migrate Certificate Keys Migrate the hash function from SHA1 to SHA256 to support TLS 1.2 and above Renew Certificates Contact CAs to renew certificates with the SHA256 key type. Push to Endpoints Install the renewed certificates on their respective endpoints.
  • 10. © 2019 AppViewX, Inc. 10 End-to-End Automation Platform: AppViewX CERT+ Growing List of Integrations ITSM Web App Firewall Firewall Access Proxy CA DDI SSL Certificates ADC HSM SDN, Branch, NFV
  • 11. © 2019 AppViewX, Inc. 11 Accelerated Certificate Renewal and Installation Automated installation on endpoints Achieve an up-to-date certificate infrastructure Scan environments and discover vulnerable devices Set up an automation workflow for bulk renewals Group them according to replacement criteria
  • 12. © 2019 AppViewX, Inc. 12 CA-Agnostic Discovery Engine Certificate Discovery Control Panel Inventory Report
  • 13. © 2019 AppViewX, Inc. 13 Zero-touch Control over Certificate Infrastructure Holistic View of Certificate Trust Chain
  • 14. © 2019 AppViewX, Inc. 14 Process Automation with Visual Workflows Certificate Process Workflow Builder
  • 15. © 2019 AppViewX, Inc. 15 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 1: Select Endpoint(s)
  • 16. © 2019 AppViewX, Inc. 16 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 2: Check current version of endpoint(s)
  • 17. © 2019 AppViewX, Inc. 17 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 3: Disable TLS 1.0/1.1 on endpoint(s)
  • 18. © 2019 AppViewX, Inc. 18 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 4: Implementation of TLS 1.0/1.1 disablement
  • 19. © 2019 AppViewX, Inc. 19 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 5: Check TLS version post disablement of vulnerable version
  • 20. © 2019 AppViewX, Inc. 20 Value Proposition of Certificate Lifecycle Automation ELIMINATE ERRORS Remove manual steps in development and production ENFORCE COMPLIANCE Deliver and protect applications as you intend MOVE FASTER Automate network infrastructure services REDUCE COST Take out complexity and do more with less
  • 21. © 2019 AppViewX, Inc. 21 Real-world Business Benefits of AppViewX Reduction in Issuance Time Reduction in Deployment Time Reduction in Configuration Time 70% 83% 70% 0% Configuration Errors 0% Outages
  • 22. © 2019 AppViewX, Inc. 22 Schedule a Live Demo