After a compromised Certificate Authority was used to attack Google customers, Google pushed the industry to create Certificate Transparency logs. Each publicly trusted certificate must be registered in these logs by the certificate authority for it to be trusted by a web browser. Enabling organizations to monitor the logs and detect any certificate that was not issued by the organization.
A domain owner requests a certificate
The Certificate Authority registers the certificate in multiple certificate transparency log providers
The issued certificate is returned to the domain owner to be installed in their web servers
EZMonitor enables you to monitor and detect all publicly trusted TLS/SSL certificates by scanning and indexing Certificate Transparency Logs. EZMonitor uses the information gathered from scanning the more than 10 million certificates that are created on a daily basis and creates an easy to use health dashboard where you can see your organization's SSL health. EZMonitor also uses intelligence to detect and alert on anomalies that could affect your organization's reputation either by causing an outage or enabling an attack.
Unauthorized issued certificates can rage from a developer in your organization not following your approved certificate issuance process and issuing a certificate through another provider, to an attacker compromising a certificate authority and issuing a rogue certificate on behalf of your organization. EZMonitor enables you to monitor all certificates issued for your organization and detect any unauthorized certificate issuance.
Over the past few years, over 80% of companies have reported a certificate related outage, this includes high profile outages such as Epic Games 2021 outage. EZMonitor helps you prevent SSL related outages by alerting on certificates near expiration date that have not been renewed. EZMonitor will also scans your organization's publicly available endpoints and will alert on any endpoint where a new certificate has not been installed.
With the growth of the cloud and sites being more dynamic sub-domain takeover has dramatically increased over the past few years. Domain takeover occurs when a DNS entry for a subdomain is not removed from the DNS record when the site is no longer used. This enables attackers to create a site on that resource and impersonate your organization. EZMonitor scans your subdomains and alerts you if any dangling DNS entry pointing to a cloud resource is found. Watch our webinar where we talk about how EZMonitor found over 30,000 vulnerable Azure domains in it's first month of operation.
With phishing attacks on the rise, attackers are getting more creative in how to impersonate your organization. A popular method of impersonating companies is by creating a sub-domain containing your domain such as: your_domain.com.hackers_domain.com making your user believe that it is a valid domain since it starts with your_domain.com. EZMonitor actively monitors the web and alerts you if a certificate containing your domain is detected.
Keeping up with the latest SSL security news and best practices is a full time job. EZMonitor keeps up with the latest SSL news such as the 2021 Let's Encrypt misconfiguration If a misconfiguration is detected in one of your domains, EZMonitor alerts you with detailed step by step actions you must take to keep your organization secure and compliant.
EZMonitor also enables you to gain visibility into your private certificates by scanning the internal network of your organization. EZMonitor internal network scan requires you to run our scanning agent from a Windows machine. To ensure the agent detects as many certificates as possible, EZMonitor has three scanning features:
This function contacts your ADCS Certificate Authority and downloads all the certificates issued by that CA and uploads them to EZMonitor. EZMonitor then uses our cloud intelligence alert you on any certificate errors that might cause an outage.
While EZMonitor enables you to add a list of domains to monitor, it is not always possible to add and maintain all the domains in your organization. EZMonitor uses Active Directory DNS lookup to find all the domains that are hosted on your organization and will automatically add them to the scanning range, ensuring all your domains are scanned.
EZMonitor scanning agent will get the list of domains that has been created by: manual upload, ADCS certificate download, and AD DNS lookup. EZMonitor will then scan all the domains and will alert you on any SSL issue detected on the network.