SSH Communications Security has announced the general availability of SSH Risk Assessor (SRA), a free tool that provides users with a clear report on risk and compliance exposures in Secure Shell environments. SRA is now available for download on SSH¹s website.
Widespread mismanagement of Secure Shell keys including lack of centralized creation, rotation and removal has left organizations vulnerable to attack and in violation of current and emerging compliance mandates including SOX, PCI, NIST and FISMA. The SRA tool gives security auditors and administrators valuable decision support with respect to identity and access governance in SSH environments. The tool report highlights known vulnerabilities in the environment, basic statistics on SSH keys deployed and specific violations of best current practices.
Matthew McKenna, EVP and COO, SSH Communications Security, said: "Our customers are some of the biggest banks and organizations in the world. When we surveyed them, none had any idea that their network environments were home to over 100,000 lost Secure Shell keys providing root access to their most sensitive data. They had no way to discover how many lost keys they had, no way to find where they were and no way to know how much risk they were taking on as a result. With the release of the free SRA tool, we are making it quick and easy for major enterprises, governments and financial institutions to get a clear snapshot of the level of risk in their Secure Shell environments, giving them the first step toward remediation."