SlideShare a Scribd company logo

The TLS Upgrade

AppViewX
AppViewX

A Brief History of TLS Implications of the TLS Deprecation TLS Upgrade: Challenges and Recommendations How AppViewX Assissts the TLS Migration

1 of 22
© 2019 AppViewX, Inc. 1 The TLS Upgrade Migrating Away from TLS 1.0 and 1.1
© 2019 AppViewX, Inc. 2 2 Agenda Implications of the TLS Deprecation The Upgrade: Challenges and Recommendations 2 3 A Brief History of TLS1 How AppViewX Assists the TLS Migration4
© 2019 AppViewX, Inc. 3 A Brief History of TLS TLS 1.2 is Released TLS 1.3 is Released TLS 1.0 & 1.1 will be deprecated. TLS 1.1 is ReleasedTLS 1.0 is Released  Major Browsers announce early 2020 end-of- support for TLS 1.0, 1.1  [Apple, Google, Mozilla, Microsoft] (+) Cipher Suite Specified Pseudorandom Functions (+) AES Cipher Suites (+) Functional Enhancements (-) IDEA Cipher Suites (-) DES Cipher Suites Minor Upgrade to TLS 1.0 (+) Protection Against Cipher Block Chaining (CBC) Attacks (+) Single Round- Trip Handshake (+) Encryption of SNI Info (+) RSA-PSS Support (-) SHA-1 (-) MD5 (-) RC4 (-) DES (-) 3ES  A replacement to SSL 3.0  Similar to SSL, but prevents interoperability 1999 2006 2008 2018 2020
© 2019 AppViewX, Inc. 4 The Immediate Effects of TLS Deprecation Loss of recognition from Big 4 Internet Browsers Once deprecated, clients can no longer connect to services using TLS 1.0 and 1.1. Result: Exposure to vulnerabilities of older versions (Ex: Downgrade Attacks, Failing PCI Compliance Checks) PCI Supports TLS 1.1 and upwards, strongly recommends TLS 1.2
© 2019 AppViewX, Inc. 5 Preparing for an Upgrade Renew x.509 Certificates Replace/Update Web Servers Ensure Application and API Support of TLS 1.2/1.3 Configure TLS Securely
© 2019 AppViewX, Inc. 6 TLS 1.2 vs. TLS 1.3 TLS 1.3 is fairly recent, with TLS 1.2 being over a decade old. According to Mozilla, 93% of TLS sessions in 2018 used TLS 1.2, with only 5.6% using TLS 1.3. However, TLS 1.3 boasts of vastly greater performance and experts recommend its use right away. Being a newer protocol, TLS 1.3 has several key advantages over its predecessor. Zero/One Round-Trip Handshakes Removal of SHA-1, DES, AES-CBC etc. No Vulnerability to RC4, BEAST exploits Perfect Forward Secrecy RSA-PSS Standard Implementation Provision to Encrypt SNI Information
© 2019 AppViewX, Inc. 7 Migrating to TLS 1.2/1.3 : Challenges o The average organization has thousands of applications and systems supporting TLS 1.0 or 1.1. o Each application has one or more devices supporting TLS 1.0 or 1.1. o Manually switching every device to TLS 1.0 is tedious and error- prone. o An automation tool that can efficiently migrate/update the device to TLS 1.2/1.3-compatible ones is a safe, cost-effective method.
© 2019 AppViewX, Inc. 8 Migrating to TLS 1.2/1.3 : Recommendations  Configure end systems to disable TLS 1.0/1.1  Identify technology to replace vulnerable protocols and document secure configurations to be implemented.  Identify all system components and data flows that rely on OR support the obsolete protocols.  Ensure that servers are TLS 1.2/1.3 cipher compatible.  Discover and verify endpoint compatibility with TLS 1.2 and above.  Endpoint rectification by enabling TLS 1.2 and above.  Block vulnerable ciphers (TLS 1.0, 1.1) on endpoints and plan for a quick rollback if needed.
© 2019 AppViewX, Inc. 9 How can I prime my PKI to work with an upgraded TLS? Identify Vulnerable Devices Scan your entire network to discover and locate Clients and Servers Migrate Certificate Keys Migrate the hash function from SHA1 to SHA256 to support TLS 1.2 and above Renew Certificates Contact CAs to renew certificates with the SHA256 key type. Push to Endpoints Install the renewed certificates on their respective endpoints.
© 2019 AppViewX, Inc. 10 End-to-End Automation Platform: AppViewX CERT+ Growing List of Integrations ITSM Web App Firewall Firewall Access Proxy CA DDI SSL Certificates ADC HSM SDN, Branch, NFV
© 2019 AppViewX, Inc. 11 Accelerated Certificate Renewal and Installation Automated installation on endpoints Achieve an up-to-date certificate infrastructure Scan environments and discover vulnerable devices Set up an automation workflow for bulk renewals Group them according to replacement criteria
© 2019 AppViewX, Inc. 12 CA-Agnostic Discovery Engine Certificate Discovery Control Panel Inventory Report
© 2019 AppViewX, Inc. 13 Zero-touch Control over Certificate Infrastructure Holistic View of Certificate Trust Chain
© 2019 AppViewX, Inc. 14 Process Automation with Visual Workflows Certificate Process Workflow Builder
© 2019 AppViewX, Inc. 15 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 1: Select Endpoint(s)
© 2019 AppViewX, Inc. 16 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 2: Check current version of endpoint(s)
© 2019 AppViewX, Inc. 17 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 3: Disable TLS 1.0/1.1 on endpoint(s)
© 2019 AppViewX, Inc. 18 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 4: Implementation of TLS 1.0/1.1 disablement
© 2019 AppViewX, Inc. 19 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 5: Check TLS version post disablement of vulnerable version
© 2019 AppViewX, Inc. 20 Value Proposition of Certificate Lifecycle Automation ELIMINATE ERRORS Remove manual steps in development and production ENFORCE COMPLIANCE Deliver and protect applications as you intend MOVE FASTER Automate network infrastructure services REDUCE COST Take out complexity and do more with less
© 2019 AppViewX, Inc. 21 Real-world Business Benefits of AppViewX Reduction in Issuance Time Reduction in Deployment Time Reduction in Configuration Time 70% 83% 70% 0% Configuration Errors 0% Outages
© 2019 AppViewX, Inc. 22 Schedule a Live Demo

Recommended

What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Sysmon and Windows Event Forwarding workshop
Sysmon and Windows Event Forwarding workshopSysmon and Windows Event Forwarding workshop
Sysmon and Windows Event Forwarding workshop
Dave Willingham
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Popescu Petre
 
Audio Steganography synopsis
Audio Steganography synopsisAudio Steganography synopsis
Audio Steganography synopsis
kartikeya upadhyay
 
Symmetric encryption and message confidentiality
Symmetric encryption and message confidentialitySymmetric encryption and message confidentiality
Symmetric encryption and message confidentiality
CAS
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
n|u - The Open Security Community
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
Mazin Alwaaly
 
Substitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSubstitution cipher and Its Cryptanalysis
Substitution cipher and Its Cryptanalysis
Sunil Meena
 

Recommended

What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Sysmon and Windows Event Forwarding workshop
Sysmon and Windows Event Forwarding workshopSysmon and Windows Event Forwarding workshop
Sysmon and Windows Event Forwarding workshop
Dave Willingham
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Popescu Petre
 
Audio Steganography synopsis
Audio Steganography synopsisAudio Steganography synopsis
Audio Steganography synopsis
kartikeya upadhyay
 
Symmetric encryption and message confidentiality
Symmetric encryption and message confidentialitySymmetric encryption and message confidentiality
Symmetric encryption and message confidentiality
CAS
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
n|u - The Open Security Community
 
Information and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipherInformation and data security pseudorandom number generation and stream cipher
Information and data security pseudorandom number generation and stream cipher
Mazin Alwaaly
 
Substitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSubstitution cipher and Its Cryptanalysis
Substitution cipher and Its Cryptanalysis
Sunil Meena
 
Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key Exchange
Kevin OBrien
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORING
Fanky Christian
 
An Introduction to OMNeT++ 5.1
An Introduction to OMNeT++ 5.1An Introduction to OMNeT++ 5.1
An Introduction to OMNeT++ 5.1
Alpen-Adria-Universität
 
SSL
SSLSSL
SSL
theekuchi
 
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
VMware Tanzu
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
Rana assad ali
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
ssuserec53e73
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4
Kabul Education University
 
Seminar Report on Quantum Key Distribution
Seminar Report on Quantum Key DistributionSeminar Report on Quantum Key Distribution
Seminar Report on Quantum Key Distribution
Shahrikh Khan
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
Ghanshyam Patel
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
davisli
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
UTD Computer Security Group
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
Ibrahiem Mohammed
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
Sophos XG Firewall
Sophos XG FirewallSophos XG Firewall
Sophos XG Firewall
DeServ - Tecnologia e Servços
 
Common Factor Attack on RSA
Common Factor Attack on RSACommon Factor Attack on RSA
Common Factor Attack on RSA
Vineet Kumar
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptography
Mohibullah Saail
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
RightScale
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
Leonardo Antichi
 

More Related Content

What's hot

Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key Exchange
Kevin OBrien
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORING
Fanky Christian
 
An Introduction to OMNeT++ 5.1
An Introduction to OMNeT++ 5.1An Introduction to OMNeT++ 5.1
An Introduction to OMNeT++ 5.1
Alpen-Adria-Universität
 
SSL
SSLSSL
SSL
theekuchi
 
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
VMware Tanzu
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
Rana assad ali
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
ssuserec53e73
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
Abdullaziz Tagawy
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
Dr.Florence Dayana
 
Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4
Kabul Education University
 
Seminar Report on Quantum Key Distribution
Seminar Report on Quantum Key DistributionSeminar Report on Quantum Key Distribution
Seminar Report on Quantum Key Distribution
Shahrikh Khan
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
Ghanshyam Patel
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
davisli
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
UTD Computer Security Group
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
Ibrahiem Mohammed
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
Sophos XG Firewall
Sophos XG FirewallSophos XG Firewall
Sophos XG Firewall
DeServ - Tecnologia e Servços
 
Common Factor Attack on RSA
Common Factor Attack on RSACommon Factor Attack on RSA
Common Factor Attack on RSA
Vineet Kumar
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptography
Mohibullah Saail
 

What's hot (20)

Diffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key ExchangeDiffie_Hellman-Merkle Key Exchange
Diffie_Hellman-Merkle Key Exchange
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORING
 
An Introduction to OMNeT++ 5.1
An Introduction to OMNeT++ 5.1An Introduction to OMNeT++ 5.1
An Introduction to OMNeT++ 5.1
 
SSL
SSLSSL
SSL
 
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Chapter 1.ppt
Chapter 1.pptChapter 1.ppt
Chapter 1.ppt
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
 
Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4Cryptography and Network security # Lecture 4
Cryptography and Network security # Lecture 4
 
Seminar Report on Quantum Key Distribution
Seminar Report on Quantum Key DistributionSeminar Report on Quantum Key Distribution
Seminar Report on Quantum Key Distribution
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Transport Layer Security
Transport Layer Security Transport Layer Security
Transport Layer Security
 
Kerberos
KerberosKerberos
Kerberos
 
Sophos XG Firewall
Sophos XG FirewallSophos XG Firewall
Sophos XG Firewall
 
Common Factor Attack on RSA
Common Factor Attack on RSACommon Factor Attack on RSA
Common Factor Attack on RSA
 
Threshold cryptography
Threshold cryptographyThreshold cryptography
Threshold cryptography
 

Similar to The TLS Upgrade

Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
RightScale
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
Leonardo Antichi
 
Customer Highleveloverview
Customer HighleveloverviewCustomer Highleveloverview
Customer Highleveloverview
rehanf5
 
Pivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First LookPivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First Look
VMware Tanzu
 
Friendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies- Cloud-Based TR-069 Device Management SuiteFriendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies
 
NetScaler 11 Update
NetScaler 11 UpdateNetScaler 11 Update
NetScaler 11 Update
MarketingArrowECS_CZ
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
chhoup
 
Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017
Alex Rhea
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
Array Networks
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)
Jorgen Thelin
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
Monodip Singha Roy
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
Monodip Singha Roy
 
CERT_ver-1.4
CERT_ver-1.4CERT_ver-1.4
CERT_ver-1.4
Abin Abraham
 
World Wide Technology Introduces Cisco ONE
World Wide Technology Introduces Cisco ONEWorld Wide Technology Introduces Cisco ONE
World Wide Technology Introduces Cisco ONE
World Wide Technology
 
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity SoftwareSlash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Real-Time Innovations (RTI)
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
Lew Tucker
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunity
xKinAnx
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
Nur Shiqim Chok
 
Secure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateSecure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)Certificate
CheapSSLUSA
 

Similar to The TLS Upgrade (20)

Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
Checkpoint Overview
Checkpoint OverviewCheckpoint Overview
Checkpoint Overview
 
Customer Highleveloverview
Customer HighleveloverviewCustomer Highleveloverview
Customer Highleveloverview
 
Pivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First LookPivotal Cloud Foundry 2.3: A First Look
Pivotal Cloud Foundry 2.3: A First Look
 
Friendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies- Cloud-Based TR-069 Device Management SuiteFriendly Technologies- Cloud-Based TR-069 Device Management Suite
Friendly Technologies- Cloud-Based TR-069 Device Management Suite
 
NetScaler 11 Update
NetScaler 11 UpdateNetScaler 11 Update
NetScaler 11 Update
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
 
Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
CERT_ver-1.4
CERT_ver-1.4CERT_ver-1.4
CERT_ver-1.4
 
World Wide Technology Introduces Cisco ONE
World Wide Technology Introduces Cisco ONEWorld Wide Technology Introduces Cisco ONE
World Wide Technology Introduces Cisco ONE
 
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity SoftwareSlash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
Slash Avionics Integration Costs with DO-178C Certifiable Connectivity Software
 
Istio Service Mesh
Istio Service MeshIstio Service Mesh
Istio Service Mesh
 
Presentation capturing the cloud opportunity
Presentation capturing the cloud opportunityPresentation capturing the cloud opportunity
Presentation capturing the cloud opportunity
 
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
[Cisco Connect 2018 - Vietnam] Satit adirek hn under_the_hood_sdwan deep_dive
 
Secure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateSecure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)Certificate
 

More from AppViewX

Accelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery AutomationAccelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery Automation
AppViewX
 
Best Practices for Certificate Management
Best Practices for Certificate ManagementBest Practices for Certificate Management
Best Practices for Certificate Management
AppViewX
 
Network Automation and Microservices Application
Network Automation and Microservices ApplicationNetwork Automation and Microservices Application
Network Automation and Microservices Application
AppViewX
 
AppViewX and Ansible
AppViewX and AnsibleAppViewX and Ansible
AppViewX and Ansible
AppViewX
 
What is NetOps? | NetOps Transformation
What is NetOps? | NetOps TransformationWhat is NetOps? | NetOps Transformation
What is NetOps? | NetOps Transformation
AppViewX
 
Network Security Automation_Solution Brief
Network Security Automation_Solution BriefNetwork Security Automation_Solution Brief
Network Security Automation_Solution Brief
AppViewX
 
Application Delivery Automation_Solution Brief
Application Delivery Automation_Solution BriefApplication Delivery Automation_Solution Brief
Application Delivery Automation_Solution Brief
AppViewX
 
AppViewX Automation+ brochure
AppViewX Automation+ brochureAppViewX Automation+ brochure
AppViewX Automation+ brochure
AppViewX
 
AppViewX CERT+ Brochure
AppViewX CERT+ BrochureAppViewX CERT+ Brochure
AppViewX CERT+ Brochure
AppViewX
 
AppViewX Platform Brochure
AppViewX Platform BrochureAppViewX Platform Brochure
AppViewX Platform Brochure
AppViewX
 
AppViewX| Case study - Automated server rotations save healthcare consortium ...
AppViewX| Case study - Automated server rotations save healthcare consortium ...AppViewX| Case study - Automated server rotations save healthcare consortium ...
AppViewX| Case study - Automated server rotations save healthcare consortium ...
AppViewX
 
AppViewX|Case study - Largest US telecommunication company builds agile adc i...
AppViewX|Case study - Largest US telecommunication company builds agile adc i...AppViewX|Case study - Largest US telecommunication company builds agile adc i...
AppViewX|Case study - Largest US telecommunication company builds agile adc i...
AppViewX
 
App viewx cert+
App viewx cert+App viewx cert+
App viewx cert+
AppViewX
 
Webinar what's new in avx 12.0 AppViewX
Webinar what's new in avx 12.0 AppViewXWebinar what's new in avx 12.0 AppViewX
Webinar what's new in avx 12.0 AppViewX
AppViewX
 
Webinar unlock the power of adc management and automation AppViewX
Webinar unlock the power of adc management and automation AppViewXWebinar unlock the power of adc management and automation AppViewX
Webinar unlock the power of adc management and automation AppViewX
AppViewX
 
Webinar The New Automation+ developed for Net-ops agility- Appviewx
Webinar The New Automation+ developed for Net-ops agility- AppviewxWebinar The New Automation+ developed for Net-ops agility- Appviewx
Webinar The New Automation+ developed for Net-ops agility- Appviewx
AppViewX
 
Webinar start your automation journey AppViewx
Webinar start your automation journey AppViewxWebinar start your automation journey AppViewx
Webinar start your automation journey AppViewx
AppViewX
 
Operational Efficiency Increases by 40% for Multinational Hotel Chain
Operational Efficiency Increases by 40% for Multinational Hotel ChainOperational Efficiency Increases by 40% for Multinational Hotel Chain
Operational Efficiency Increases by 40% for Multinational Hotel Chain
AppViewX
 
Large Financial Services Company Reduces Deployment Time by 75%
Large Financial Services Company Reduces Deployment Time by 75%Large Financial Services Company Reduces Deployment Time by 75%
Large Financial Services Company Reduces Deployment Time by 75%
AppViewX
 
Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration
AppViewX
 

More from AppViewX (20)

Accelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery AutomationAccelerate Digital Transformation with Application Delivery Automation
Accelerate Digital Transformation with Application Delivery Automation
 
Best Practices for Certificate Management
Best Practices for Certificate ManagementBest Practices for Certificate Management
Best Practices for Certificate Management
 
Network Automation and Microservices Application
Network Automation and Microservices ApplicationNetwork Automation and Microservices Application
Network Automation and Microservices Application
 
AppViewX and Ansible
AppViewX and AnsibleAppViewX and Ansible
AppViewX and Ansible
 
What is NetOps? | NetOps Transformation
What is NetOps? | NetOps TransformationWhat is NetOps? | NetOps Transformation
What is NetOps? | NetOps Transformation
 
Network Security Automation_Solution Brief
Network Security Automation_Solution BriefNetwork Security Automation_Solution Brief
Network Security Automation_Solution Brief
 
Application Delivery Automation_Solution Brief
Application Delivery Automation_Solution BriefApplication Delivery Automation_Solution Brief
Application Delivery Automation_Solution Brief
 
AppViewX Automation+ brochure
AppViewX Automation+ brochureAppViewX Automation+ brochure
AppViewX Automation+ brochure
 
AppViewX CERT+ Brochure
AppViewX CERT+ BrochureAppViewX CERT+ Brochure
AppViewX CERT+ Brochure
 
AppViewX Platform Brochure
AppViewX Platform BrochureAppViewX Platform Brochure
AppViewX Platform Brochure
 
AppViewX| Case study - Automated server rotations save healthcare consortium ...
AppViewX| Case study - Automated server rotations save healthcare consortium ...AppViewX| Case study - Automated server rotations save healthcare consortium ...
AppViewX| Case study - Automated server rotations save healthcare consortium ...
 
AppViewX|Case study - Largest US telecommunication company builds agile adc i...
AppViewX|Case study - Largest US telecommunication company builds agile adc i...AppViewX|Case study - Largest US telecommunication company builds agile adc i...
AppViewX|Case study - Largest US telecommunication company builds agile adc i...
 
App viewx cert+
App viewx cert+App viewx cert+
App viewx cert+
 
Webinar what's new in avx 12.0 AppViewX
Webinar what's new in avx 12.0 AppViewXWebinar what's new in avx 12.0 AppViewX
Webinar what's new in avx 12.0 AppViewX
 
Webinar unlock the power of adc management and automation AppViewX
Webinar unlock the power of adc management and automation AppViewXWebinar unlock the power of adc management and automation AppViewX
Webinar unlock the power of adc management and automation AppViewX
 
Webinar The New Automation+ developed for Net-ops agility- Appviewx
Webinar The New Automation+ developed for Net-ops agility- AppviewxWebinar The New Automation+ developed for Net-ops agility- Appviewx
Webinar The New Automation+ developed for Net-ops agility- Appviewx
 
Webinar start your automation journey AppViewx
Webinar start your automation journey AppViewxWebinar start your automation journey AppViewx
Webinar start your automation journey AppViewx
 
Operational Efficiency Increases by 40% for Multinational Hotel Chain
Operational Efficiency Increases by 40% for Multinational Hotel ChainOperational Efficiency Increases by 40% for Multinational Hotel Chain
Operational Efficiency Increases by 40% for Multinational Hotel Chain
 
Large Financial Services Company Reduces Deployment Time by 75%
Large Financial Services Company Reduces Deployment Time by 75%Large Financial Services Company Reduces Deployment Time by 75%
Large Financial Services Company Reduces Deployment Time by 75%
 
Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration Global Financial Firm Simplifies Cisco ANM Migration
Global Financial Firm Simplifies Cisco ANM Migration
 

Recently uploaded

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 

The TLS Upgrade

  • 1. © 2019 AppViewX, Inc. 1 The TLS Upgrade Migrating Away from TLS 1.0 and 1.1
  • 2. © 2019 AppViewX, Inc. 2 2 Agenda Implications of the TLS Deprecation The Upgrade: Challenges and Recommendations 2 3 A Brief History of TLS1 How AppViewX Assists the TLS Migration4
  • 3. © 2019 AppViewX, Inc. 3 A Brief History of TLS TLS 1.2 is Released TLS 1.3 is Released TLS 1.0 & 1.1 will be deprecated. TLS 1.1 is ReleasedTLS 1.0 is Released  Major Browsers announce early 2020 end-of- support for TLS 1.0, 1.1  [Apple, Google, Mozilla, Microsoft] (+) Cipher Suite Specified Pseudorandom Functions (+) AES Cipher Suites (+) Functional Enhancements (-) IDEA Cipher Suites (-) DES Cipher Suites Minor Upgrade to TLS 1.0 (+) Protection Against Cipher Block Chaining (CBC) Attacks (+) Single Round- Trip Handshake (+) Encryption of SNI Info (+) RSA-PSS Support (-) SHA-1 (-) MD5 (-) RC4 (-) DES (-) 3ES  A replacement to SSL 3.0  Similar to SSL, but prevents interoperability 1999 2006 2008 2018 2020
  • 4. © 2019 AppViewX, Inc. 4 The Immediate Effects of TLS Deprecation Loss of recognition from Big 4 Internet Browsers Once deprecated, clients can no longer connect to services using TLS 1.0 and 1.1. Result: Exposure to vulnerabilities of older versions (Ex: Downgrade Attacks, Failing PCI Compliance Checks) PCI Supports TLS 1.1 and upwards, strongly recommends TLS 1.2
  • 5. © 2019 AppViewX, Inc. 5 Preparing for an Upgrade Renew x.509 Certificates Replace/Update Web Servers Ensure Application and API Support of TLS 1.2/1.3 Configure TLS Securely
  • 6. © 2019 AppViewX, Inc. 6 TLS 1.2 vs. TLS 1.3 TLS 1.3 is fairly recent, with TLS 1.2 being over a decade old. According to Mozilla, 93% of TLS sessions in 2018 used TLS 1.2, with only 5.6% using TLS 1.3. However, TLS 1.3 boasts of vastly greater performance and experts recommend its use right away. Being a newer protocol, TLS 1.3 has several key advantages over its predecessor. Zero/One Round-Trip Handshakes Removal of SHA-1, DES, AES-CBC etc. No Vulnerability to RC4, BEAST exploits Perfect Forward Secrecy RSA-PSS Standard Implementation Provision to Encrypt SNI Information
  • 7. © 2019 AppViewX, Inc. 7 Migrating to TLS 1.2/1.3 : Challenges o The average organization has thousands of applications and systems supporting TLS 1.0 or 1.1. o Each application has one or more devices supporting TLS 1.0 or 1.1. o Manually switching every device to TLS 1.0 is tedious and error- prone. o An automation tool that can efficiently migrate/update the device to TLS 1.2/1.3-compatible ones is a safe, cost-effective method.
  • 8. © 2019 AppViewX, Inc. 8 Migrating to TLS 1.2/1.3 : Recommendations  Configure end systems to disable TLS 1.0/1.1  Identify technology to replace vulnerable protocols and document secure configurations to be implemented.  Identify all system components and data flows that rely on OR support the obsolete protocols.  Ensure that servers are TLS 1.2/1.3 cipher compatible.  Discover and verify endpoint compatibility with TLS 1.2 and above.  Endpoint rectification by enabling TLS 1.2 and above.  Block vulnerable ciphers (TLS 1.0, 1.1) on endpoints and plan for a quick rollback if needed.
  • 9. © 2019 AppViewX, Inc. 9 How can I prime my PKI to work with an upgraded TLS? Identify Vulnerable Devices Scan your entire network to discover and locate Clients and Servers Migrate Certificate Keys Migrate the hash function from SHA1 to SHA256 to support TLS 1.2 and above Renew Certificates Contact CAs to renew certificates with the SHA256 key type. Push to Endpoints Install the renewed certificates on their respective endpoints.
  • 10. © 2019 AppViewX, Inc. 10 End-to-End Automation Platform: AppViewX CERT+ Growing List of Integrations ITSM Web App Firewall Firewall Access Proxy CA DDI SSL Certificates ADC HSM SDN, Branch, NFV
  • 11. © 2019 AppViewX, Inc. 11 Accelerated Certificate Renewal and Installation Automated installation on endpoints Achieve an up-to-date certificate infrastructure Scan environments and discover vulnerable devices Set up an automation workflow for bulk renewals Group them according to replacement criteria
  • 12. © 2019 AppViewX, Inc. 12 CA-Agnostic Discovery Engine Certificate Discovery Control Panel Inventory Report
  • 13. © 2019 AppViewX, Inc. 13 Zero-touch Control over Certificate Infrastructure Holistic View of Certificate Trust Chain
  • 14. © 2019 AppViewX, Inc. 14 Process Automation with Visual Workflows Certificate Process Workflow Builder
  • 15. © 2019 AppViewX, Inc. 15 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 1: Select Endpoint(s)
  • 16. © 2019 AppViewX, Inc. 16 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 2: Check current version of endpoint(s)
  • 17. © 2019 AppViewX, Inc. 17 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 3: Disable TLS 1.0/1.1 on endpoint(s)
  • 18. © 2019 AppViewX, Inc. 18 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 4: Implementation of TLS 1.0/1.1 disablement
  • 19. © 2019 AppViewX, Inc. 19 Custom Workflow: Auto-Disabling TLS 1.0/1.1 on Endpoints Step 5: Check TLS version post disablement of vulnerable version
  • 20. © 2019 AppViewX, Inc. 20 Value Proposition of Certificate Lifecycle Automation ELIMINATE ERRORS Remove manual steps in development and production ENFORCE COMPLIANCE Deliver and protect applications as you intend MOVE FASTER Automate network infrastructure services REDUCE COST Take out complexity and do more with less
  • 21. © 2019 AppViewX, Inc. 21 Real-world Business Benefits of AppViewX Reduction in Issuance Time Reduction in Deployment Time Reduction in Configuration Time 70% 83% 70% 0% Configuration Errors 0% Outages
  • 22. © 2019 AppViewX, Inc. 22 Schedule a Live Demo