SignPath for InfoSec

SignPath makes Code Signing secure

How secure are your private keys? Who has access to them and how is their usage regulated? Stolen or misused code signing certificates are a severe threat to ISPs and their customers. The only way to prevent breaches and reduce the risks of successful attacks is to protect your private keys and to estabalish a secure, transparent process.

CA Security Council best practices

Chain attacks

Don't be the weakest link

A stolen code signing certificate does not only put your organization at risk, but also all your customers. ISPs are increasingly becoming a target with the sole purpose of attacking one or several of their customers. IT organizations are reacting and demand their suppliers not only to sign their code, but to establish secure code signing processes.

Read about media coverage

code build test plan sign release deploy operate monitor

Agility and Security

Allow your developers to move fast

Define clear policies on how code signing certificates may be used - give your development teams the freedom to implement them for their processes. SignPath provides a clear separation of duties, where security teams stay on top of private key access and policy enforcement and development teams can focus on delivering software.

See our DevOps integration

Incident management

Be prepared and take informed decisions

SignPath allows you to lock down the code signing process and define multiple gates to ensure only malware-free, approved software from trusted build systems is signed. Every usage of your private key is logged, making it possible to trace any misuse.

Read about certificate revocation

Secure storage of private keys

Rest assured that your private keys can never be compromised

SignPath provides a FIPS-certified Hardware Security Module (HSM) to generate and store the private keys for your certificates. The HSM is located in a physically secured data center. Every signing operation takes place on the HSM ensuring that the private key is never exposed. The key infrastructure of SignPath fulfills all requirements for Extended Validation (EV) certificates without having to deal with USB tokens or spending money on dedicated hardware.

Read about storage options for private keys

Sign up for news and special offers