Painless Certificate Management: KeyChest

all right hey uh so thank you very much uh apologize for that um i uh i just want to give you a quick bit of background uh i'll explain how um how we came to the certificate management piece i'm colin basketball i'm from lucy security and i am joined by my colleague dan brennan from keychest uh so we're going to talk to you about certificate management and and we have this terrific solution uh for you that i think you'll you'll really appreciate but let me first explain how we we arrived here so lucy security is a security awareness company uh we have a beautiful product uh that was was invented uh basically to to address the uh the

problem of um of protecting a bank actually bank uh ken justin says hey we need to have a security awareness product all the stuff that's out there is uh is sas and we're a bank we can't have people sharing knowledge of who our vulnerable employees are so we built this product and it grew and it grew and grew but we were pen testers and security consultants uh and and that's informed a lot of the product so just so you understand where we came from uh we we're the company with the cute logo uh but a very serious product where we test employees with phishing attacks usb attacks everything hundreds of these customizable templates educate with a standalone lms for

security awareness again everything is customizable it can be on-prem it can be sas installed where you like it also has plug-ins and uniquely it lets you do what-if scenarios so say you do a simulated ransomware attack and somebody falls for it then the next question is what if it was real so you can do what if scenarios technical tests uh with the product so i invite you in your own time to to take a look at the website um all of these beautiful pieces and that's just some background but one of the uh the you know the pieces that we still do is we still do dark web research we do find uh compromised credentials so we we

have a full monitoring service and this is actually this just came out last night so this is our security research team uh that you can uh see here um we found a a hack of a whole state in mexico where police documents files citizen tax records everything was uh was dumped because the guys there didn't know how to pay a ransom uh bitcoin they just didn't have a clue they had no process uh so it's just so you can see some of the depths that we get to now um i came across key chest i know the uh the founder and so i use it to educate people about the fishing threat and uh key chest has this fantastic

piece in here you can see uh this is a potential fishing threat these aren't necessarily fishing uh domains but you can see this is bank of america and you can see there's a little accent over the a on bank of america so um and uh you know it's sort of unowned uh which is an interesting uh piece so um uh i i just love uh this this this depth of analysis of lucy's uh sorry off kicha so uh from there i then started to look at some of the uh the other uh perspectives of the of the product and with that what i want to do is take you into a a brief powerpoint uh talk about how

we got here and then we'll have a walk around uh the product if we can do that um so uh let me uh bring this up here and i'll just start this off i promise you it's not gonna be a 300 power points and and i hope you will you'll find it to be of interest so this is uh the the fundamental piece is certificate management and it enables uh um overburdened overstressed people to focus on better things than uh than managing certificates so um it gives you complete control of the certificate life cycle and so there is no implementation there are there are a bunch of solutions that they tend to be locked and closed

and um you know i've heard horror stories of four months to two years of implementation uh so loose so key chest is available immediately because and i'll explain how this works it's already doing the work for you you literally just plug in your domain you go where you have instant visibility you get to see all certificates that are as part of your estate everything is automated and automate apple and you're able within the product to buy open market certificates at discounted prices so it's a tremendous solution i love it customers love it so i'm pleased to share this with you um and the issue i mean we all know this don't we uh that uh https is out there but

it's a threat to business continuity uh so 78 of web traffic is encrypted by the way 80 of phishing domains are also certificated so you can get robbed safely so one million certificates are expiring every day that's a lot of heartbreak for a lot of people because an expired certificate that you didn't know is going to expire is instant downtime lost business lost customers google at the window and the lights are out and the other piece that's coming up there's a browser war between google and apple so whilst uh google makes it hard to use a let's encrypt um a 90-day certificate in their g suite it's perhaps apple is banning the use of long-term

certificates anything more than 12 months and that kicks in in october so uh i think that's something like 16 20 percent of uh of certificates are not going to work on a any um apple devices safari and so on so these are all issues and we need visibility uh to uh to help address those those issues um so yeah equifax you know they lost a lot of money didn't they and they when they were hacked they lost two months uh in detecting that issue because of certificate issues ericsson uh was running networks for the mobile phone companies 32 million cell phone users lost it because of one certificate that ericsson didn't renew microsoft teams is going with gangbusters

but they had uh had an outage because of one certificate actually we took a look there's a lot more certificates uh involved there that were at fault and you know that uh that famous browser um google chrome thing uh your connection is not private so that hits uh hits everybody uh and uh it's yeah it's not necessarily making us more secure but it is a threat to uh to business continuity so here's the uh the world of the certificate uh man i'm sure most of you guys are aware of this you have to create a server you get the storage you get controlled access to your keys so you get tools to generate certificates and you haven't even started working yet

uh so this is all swept there are 11 steps there uh to getting your certificate up and running and at the end of it it still might not be correct as immense number of stuff gets are just not correct or somebody will move something somebody'll change the setting and what was perfect suddenly becomes not quite perfect um so this is uh the pain that we address at keychest no sweat so the product manages the certificates for you uh it's secure you can bring in your existing inventory you don't have to do any integrations um automated renewal it'll take your free certificates uh every certificate you could want uh you go daddy search the lot it'll help you deploy them and it'll

enable you to renew them so that you can uh go focus on better things so um a quick run-through and some some screen grabs okay so very very simple onboarding you just put in your the main domain name all right key chest is then going to find your endpoints audit them get you the results uh and from there on you're up and running um the certificate piece very very secure you can bring in your existing keys inserts you can do the packaging for deployment and it's it's all menu driven very very simple and straightforward web ui you're not having to deploy a product per se it's just uh into the web okay reporting is excellent uh you can

choose how granular reports want to be you've got operational reports you've got cso reports they can be weekly you can get slack notifications you can have different teams having different types of reports so there's no reason why you won't know what you should know before it became a problem and it really is the whole life cycle of the certificate so instant auditing so you can go and test and check uh um ongoing it's it's monitoring it's managing there are apis for integrated uh for integration into your systems um you can run public and private uh certificates so we have agents that you deploy but you control so they're not coming from the keychess product so very very secure

a product uh the security is designed by one of the world's leading cyber security uh guys and i'm going to come out of here and i'll just show you the user interface if i may so let me take a a look here and so uh the um the piece here if i if i come here so so here is his key chest okay uh uh you'll start off with the with the headline view and uh it's it's very straightforward uh so you can see we we've got the the cto perspective we've got the cso perspective of uh of key chest and um what i'll do is i'll just show you an instant audit so uh let's just see how it is imagine if

we had a car company we had a little car company that we set up and we want to uh get get them going this is the um the start all right we can just plug that in and we're going to learn a little bit about our our little car company um and it's uh it's identified potential problems a little red dot here no hsts uh we've got all the sub domains uh so you know we've got a view we can uh dive into the detail it's digi cert so we've uh you can do that with anything that so so key chess is is great both for standalone companies and for people who are providing services and managing

other people's operations you can you can probably see the utility here so um what i can do for instance is uh i can come into the certificate piece um and if i decide hey i want to get a new certificate uh then i can uh i can do that i can plug in a card it'll uh payments with stripe and the beautiful thing is it's open market so you can see here different certificates uh prices and uh tremendously discounted so you you get a great saving and you get an automated process you don't have to go to your other suppliers uh and this uh is just a terrific way of working uh with uh with the product so you can

bring them in um so the uh the way you would set up uh the management of services again uh you know very very straightforward and remember i showed you that bank of america piece so i can get full details of uh yeah all of my certificates and uh as you've seen i can really dive into into the product um so as you like everybody else is on the internet so i've got a slow web here we go so if i wanted to uh yeah i can take a look at ernst young for instance so and what i can see here is i could uh set them up just simply add new domain that's it all right uh we can see that

they're a bunch of sub domains uh and so that that's how i i get it going just plug it in and then key just goes off and pulls all of the information so uh if i want to look at the reporting this is the the meat of what i need here what i can see is the um operations reports i've got security reports so i get instant visibility you know i can see hey what's safe what's uh what's finished uh what's coming up um if i want to request a new certificate i can do this right now i can take a look at the detail uh and it'll pull that information up for me so

i know you know i'm uh i'm getting close to the end of uh time so uh so hopefully uh that is all in place so i can see all of this information obviously and i can also have a security perspective on uh on my certificate estate so i can find that uh any untrusted issuers uh all sorts of detail here that i can see um and i'm pretty safe uh on this one mainly because this is just used for a demo i can also identify domains potentially uh expiring domains uh you know i'm just so whizzing through this because uh i think uh you know you can go to keychest.net you'll be able to see this and we can uh

um set you up with uh with trials so that you can you can take a deeper look but uh you know we could see uh you know potential expired domains here i already showed you the the phishing threat um and uh in terms of the notifications yeah i can set up notifications uh yeah um different ways different channels slack and so on uh what the main pieces are don't want a customized report maybe the cso gets one report maybe i get something more detailed and maybe my outside agency gets yet something else so that was a very very quick sprint through uh the uh the product it's uh um i'd say web ui and easily uh set up so let me just uh

finish this off here if um if if we uh we can just uh this is this is the the key piece this is a win for you it gives you back your time okay and time is money uh we don't have enough of it it also gives you um it's like having an extra an extra guy on your team an extra person to help you it's difficult to get people and time together so key chest is a tremendously valuable resource i think you'll find and how does it work yeah so that was the piece so the reason we don't need the integration the reason we don't need those four months to two years of painful integration into other solutions

is that we have a global database uh so we've got over 11 billion certificates we track everything uh so the work is already done that's why it's up and ready to go it gives you real time intelligence uh and you know you're not having to pull all that data in it's a very very fast searching agent we continually enhance and optimize but uh it's a beautiful elegant way uh to be able to uh to work um and basically this is uh you know how key chess can help you you know so um you can you can start off with a personal uh edition for free you can go and play with it uh you can get uh different options so

you can have solutions that will help you as an individual which gives you more granularity of features i think the really exciting piece is that we offer a full enterprise management piece for internal and external certificates with automation of renewals on a so it's a fixed price but it's an smb level price so the other options are so expensive and they they price per certificate so this is an all-you-can-eat model it's a tremendous solution and we really do encourage you to uh to reach out to us we'd love to set you and your colleagues up with demos and um uh please uh note the email uh dan uh my tremendous guy uh my colleague that's dan.brennan at keychest.net

uh and uh you can also reach us uh on our website uh keychess.net so there's a phone number it's a texas number uh despite my speech in pennsylvania i'm actually in texas uh so um and so is dan so basically this is uh our hq and it's a 512-696-1552 um and that was my very quick gallop through i hope that was uh of some level of interest um and i'll hand back to uh to you michael if that's okay

any questions uh comments then uh there's no chat up there i see so uh there we go thank you

hey michael

so i can see you talking about i can't hear you michael so did my sound go nope it's me so i was gonna say um i'm shane edwards i'm using michael's account because he's the one that set it up but but it's it's it's just really in case some of these other people know michael is like well that's not michael um so yeah sorry um mike mike holcomb did set up all the accounts for us to use so um if anybody does have any chats um questions anything like that um we'll stick on for another you know 30 seconds a minute but we appreciate you coming and presenting today um so um have you guys um you know because

we've been locked down the last few months have you guys actually done any other virtual conferences or sessions with any other isa groups or our soccer groups or hacking groups we haven't uh but we'd love to uh to work more with with different groups so we're we're really keen to do that obviously we're all uh running away doing uh doing zoom meetings and conference meetings we had a user group meeting which was great the other day we uh we we arranged for real-time delivery of pizzas and donuts to uh people turning up so that's very cool yeah very cool so i think that's one better than sending a groupon or something so yeah definitely definitely and and

actually it just shows your your uh you know everybody's moving to more real time you know devops models whatever you want to call it and that just shows that you can uh deliver on those things right you bet yeah so uh yeah it's uh it's it's a new world and um it's been unfortunately you know i've been working at home for uh like 15 years now so uh for me it's kind of the same except i've got a house full of other people who think that i can be interrupted five minutes as we all have everyone's got that uh but uh yeah it's it's great we do really appreciate you inviting us here so uh thank you so very much