No one wants to spend their time populating databases. We draw from multiple sources of information to maintain a search engine that can help you find your web sites. We rely on this search engine initially during the onboarding process so that you can get results quickly. Later, as you continue to use Hardenize, we search in the background to find new properties that belong to you and automatically add them to your inventory.
Additionally, we support managed cloud integrations, enabling you to connect your Hardenize account to your AWS, Azure, GCP, and other cloud accounts.
We have built a database that contains essentially all public certificates issued worldwide. This database, which draws from real-time monitoring of all Certificate Transparency logs, is our main source of information for host discovery. Using this source alone, if we know your domain names, we can find all your certificates and subdomains in seconds.
Today, unlike maybe a decade ago, we have the standards we need to properly secure our properties. However, keeping up with the developments and learning how to use all available and necessary technologies correctly is proving difficult. We've made it our job to understand all the network and security standards so that you don't have to.
We have a decade of experience building tools for deep analysis of security and network configuration. Our approach is to evaluate service properties in context and as a whole, and looking at how everything fits together. In other words, we build tools that work like humans. Crucially, we don't look for bad things. Instead, we answer the question if something is correctly and securely configured.
Even when you're an expert, analysing network and security configuration can take a prohibitively long time. Our platform is fully automated so that we can scale it and you can have a full picture of all your properties at once.
Ironically, it's never been more difficult to deploy certificates correctly. Today, you can have a certificate that's valid on the surface, but can fail due to external factors, for example deprecation of Symantec certificates. We understand these problems and correctly alert to certificate configuration problems.
We monitor your certificates and notify you if they're about to expire, avoiding downtime. Crucially, we also monitor the certificates of third-party services your sites rely on, helping you avoid problems via dependencies and services you don't control directly.
Via Certificate Transparency, we observe all the world's certificates as they are issued in real time. We detect those that belong to you and we pull them into your account. We automate analysis of these discoveries so that you can ignore those that are known and compliant, but focus your attention on misissued certificates.
Hardenize is provided as a service running in the cloud. There's nothing to install or manage, which means that you can start using our product in minutes and always have the latest version of our software.
Categorize hosts into groups and create multiple dashboards. Create multiple user accounts with different access levels and assign them to teams. Then assign host groups to teams to indicate responsibility.
Check for all known SSL and TLS protocols, cipher suites, named groups, and other cryptographic primitives. Simulate connections from popular clients to understand what they will negotiate with your sites.
Ensure your certificates work in major trust stores. Receive expiration notifications. Find deprecated Symantec certificates. Use CAA to control who can issue certificates.
Monitor certificates issued for your properties worldwide, in real-time. Automatically handle routine discoveries, but highlight policy violations and misissued certificates.
Deploy all the relevant standards, such as HSTS, CSP, SRI, Expect-CT, and others. Use secure cookies, including name prefixes and same-site cookies. Prevent mixed content.
Check for STARTTLS and correct TLS and PKI configuration. Deploy SPF and DMARC with confidence. Prepare for new standards, such as MTA-STS and TLSRPT.
Monitor your DNS and DNSSEC configuration across IPv4 and IPv6 networks. Find all IP addresses that provide a service. Deploy and validate DANE.
Use our APIs to programmatically manage your account. Integrate with our events subsystem to receive real-time notifications.