Skip to content

AQtive Guard Protect

AQtive Guard (AQG) Protect extends the comprehensive visibility you get from AQtive Guard Discover by providing automated cryptographic management capabilities. It centralizes certificate management into a single framework, simplifying operations and ensuring full visibility and control over how certificates are created, stored, and used.

Without proper lifecycle management, observability, and automation, certificates can become systemic vulnerabilities. AQG Protect addresses these challenges with features like automated short-lived certificate rotation and seamless integration, helping you mitigate risks and streamline operations.

AQG Protect navigation

When you open AQG Protect, you’ll find four main tabs designed to facilitate comprehensive cryptographic management. These tabs provide tools for monitoring, policy enforcement, and configuration:

  • Dashboard - Offers an overview of your cryptographic management posture and key metrics.
  • Certificates - Provides tools for managing your certificates, including their lifecycle and rotation.
  • Policy templates - Allows you to define and apply cryptographic policies.
  • Configuration - Contains settings for AQG Protect.

The following sections provide details on each tab.

Dashboard

The Dashboard is your central hub for the AQG Protect module, providing immediate insights into your cryptographic operations and certificate health. Here you’ll find a quick overview of key metrics, helping you monitor active workloads and proactively manage certificate lifecycles.

Tip

In AQtive Guard Protect, a workload refers to any application, service, or process that performs cryptographic signature operations.

On the Protect dashboard, you’ll find four main views:

  • Workload usage - Displays cryptographic signature operations over the last 48 hours.
  • Most active workloads - Identifies the most active workloads over the last 48 hours.
  • Certificate expiration timeline - A graph visualizing certificate expiration trends, showing data for:
    • Certificates expired in the last 7 days.
    • Certificates expiring within 7 days.
    • Certificates expiring in the next 8-30 days.
  • Certificate expiration summary - Provides a breakdown of certificate statuses into four categories:
    • Expired.
    • Expiring within 7 days.
    • Expiring in 8-30 days.
    • Expiring in 30+ days.

Certificates

The Certificates tab provides a centralized view of all certificates currently managed by AQG Protect. Here, you’ll find comprehensive details about each certificate, allowing you to monitor their status and apply management policies.

The following details are presented for each certificate:

  • Certificate CName - The certificate’s Common Name (CNAME), which is typically the primary hostname or identity associated with the certificate.
  • Fully qualified name - The complete and unambiguous name of the host or resource associated with the certificate. This name must be unique.
  • Policy template - The policy template currently applied to the certificate.
  • Time to live - The certificate’s remaining validity period.
  • Protect setting - The specific protection settings applied by AQG Protect.
  • State - The current lifecycle status of a certificate/key pair within AQG Protect. This will either be:
    • Active - the certificate has been enrolled and deployed.
    • Awaiting deployment - the certificate has been enrolled but not deployed.
    • Renewing - The certificate is currently in the process of being renewed.

At the end of each row, you can select Details for more information about the certificate, such as the:

  • Certificate string - The complete, encoded cryptographic data of the certificate.
  • Deployment configuration - The specific settings for how a certificate is used on its deployed system or application.
  • Startup configuration - The parameters AQtive Guard Protect uses to manage a certificate when its client or agent initializes.

Policy templates

The Policy Templates tab allows you to view and manage the cryptographic policies available for comparison against your certificates. Here, you’ll see which policies a certificate is using or following, ensuring compliance and alignment with security standards. The following details are presented for each policy:

  • Policy name - The name of the policy, including its NIST security level and bits of security.
  • Signature algorithm - The cryptographic algorithm used for digital signatures within the policy.
  • Hash algorithm - The hashing algorithm specified by the policy.
  • Certificate count - The number of certificates currently associated with or following this policy.

Note

The NIST security level quantifies the strength of a cryptographic algorithm or system, typically expressed in bits, indicating the estimated computational effort required to break it.

Configuration

The Configuration tab displays the foundational settings for your AQG Protect infrastructure. Here, you’ll find details about the parameters governing the Protect environment and the specific Root Certificate Authority (CA) certificate it’s configured to use:

  • Infrastructure Configuration - Displays the parameters that define how your AQG Protect infrastructure is set up.
  • CA Root Certificate - Shows the Root CA certificate that your Protect infrastructure is configured with.