AQtive Guard's enrichments feature cross-references customer data with our expert-curated billion-entry cryptography database to make large-scale inventories explorable and actionable.
AQtive Guard is the security operations platform that unifies Non-Human Identity (NHI) and Cryptography Management. It gives CISOs and security leaders the clarity they need to act with speed and confidence. It aims at automating traditional security operations’ tedious tasks, in a seamless and reliable manner. Most solutions drown the user with information; but AQtive Guard curates short, readable reports that facilitate swift action. To further mitigate the deluge of information-induced alert fatigue, AQtive Guard is now equipped with a new feature that cross-references customer data with our proprietary cryptography database with billions of entries that have been scrutinized and informed by our world-renowned cryptographers. This feature, called enrichments:
- Augments user data with enriched labels and contextual information about the usage, location semantics, and known issues, together with remediation steps.
- Presents a clear tree view of the cryptographic infrastructure highlighting critical root causes that need attention.
- Filters out insignificant and misleading issues reducing alert fatigue.
Enrichments are visually presented with a tree overview, which enables quick and thorough human comprehension, facilitating remediation. By toggling a few checkboxes, the user can prune the tree to focus on the subset of the inventory important to them, and to isolate the most critical cryptographic issues to tackle. A typical view of the enrichment summary is below, with the cryptographic assets accounted for and categorized into a tree of object-asset relationships with levels labelled by the distribution, application, package, path, etc.
An annotated and intelligent cryptography database
AQtive Guard’s enrichment is rooted in our proprietary database that is composed of publicly available repositories (such as certificate transparency logs, operating system base images, code repositories, etc.) and enhanced with in-house SME expertise. AQtive Guard automates and augments the wisdom of the cryptography subject matter experts, resulting in enrichment filtering that scales, yet remains accurate while scouring through tens of billions of cryptographic objects.
Let’s see an example of the power of enrichment to delineate severity depending on context. Consider an RSA key that is way too small, being breakable in practice. Using such a key in a service is a critical severity issue. The information in our database can in many cases provide context to understand when the severity is lower than what it appears to be at first sight, and thus avoid false positives. For example, this key can be on a deprecated certificate in a trust store, known to our database, that has not been updated to remove deprecated CAs, which is common practice. It can also be part of an example code or documentation, and be located in the right place for the database to be confident this is just an example. In both cases, AQtive Guard will use this extra contextual information to lower the severity of the issue. AQtive Guard can also use the information from the database to increase the severity. For instance, if a well-known example key is in your production code, and not in the documentation, the database also helps paint a clear and organized picture of the cryptography infrastructure. AQtive Guard can hide the framework that comes installed by default in an operating system (or vm or container) to reorganize and tailor the summary to the customer needs, for instance by excluding the base distribution tag. In particular, AQtive Guard can split and organize the few hundred cryptographic artifacts by differentiating the keys that belong to the VM/container from those specific to the company PKI.
Context-aware triaging
Cross-referencing with the comprehensive archives of our enrichments database enables automated triage. AQtive Guard can now identify and proactively filter out a vast array of cryptographic objects with issues known to be insignificant “as seen in the wild, benign and beyond the control of enterprise”. Switching off the “publicly known objects” check box hides away these known issues as noise and focuses on important cryptographic assets within the inventory that warrant attention, and where there is agency and the need to remediate. This goes beyond and complements AQtive Guard’s incumbent severity and source filters. The issues deemed insignificant and silenced by the filters still carry an “information” alert label, should the user desire to dig deeper. The power of suppressing false high alerts is evident from the following issue we found in the cryptographic inventory of a big company during testing. Enrichment filters deployed on a publicly available database decimated the list of problematic cryptographic assets to a tiny number, allowing a human to isolate and identify a critical vulnerability: a 1024 bit DSA code signing key, which is too short! This episode which highlights the potency of enrichment (not only in suppressing false positives, but also in zeroing in on true positive threats) will be chronicled in an upcoming blog post.
AQtive Guard's enrichments represent a paradigm shift from information overload to intelligent curation. By leveraging our billion-entry database and our cryptography expertise, enterprise and public sector security teams can distinguish signal from noise, focusing their remediation efforts where they matter most. The result is not just reduced alert fatigue, but a fundamental transformation in how organizations approach cryptographic risk management and security operations, moving from alert fatigue to actionable intelligence.
