Contact Us

Internal Only Marketing Assets

Finally, a one-stop-shop for all our marketing content, organized by product and asset type.

Marketing

Sectigo Corporate Brand Assets

Please find latest logos, signature, and powerpoint templates below.

Full Sectigo Logos

View Files

Sectigo "S" Logos

View Files

Powerpoint Templates

Download Templates

Email Signature Template

Download Template

Simplify and automate certificate lifecycle management at scale

Sectigo Certificate Manager

Manage public & private certificates from a single platform. The Sectigo Certificate Manager is a complete management platform enabling you to easily manage PKI certificates at scale. It makes life easier for security administrators by automating the issuance, discovery, renewal, revocation, and replacement of certificates numbering in the thousands, tens of thousands, or more.

Sectigo Certificate Manager Brief

Overview of how Sectigo Certificate Manager automates management of the entire certificate lifecycle, from issuance to expiration and replacement.

Download Datasheet

The Value of Automatic SSL Certificate Installation for Enterprises

This document outlines the value of automating SSL certificate installation and renewal.

Download Whitepaper

Sectigo Certificate Manager

High-level overview video of Sectigo Certificate Manager.

Watch Product Video

Five Ways PKI Protects and Secures Financial Services Data

Data has become the lifeblood of the financial services industry, is integral for the business and the most important resource to protect.

Read Blog

Sectigo Certificate Manager Short Listed for Computing Magazine’s Security Automation Award

We are pleased to announce that Sectigo has made the short list for Computing Magazine’s Security Excellence Awards in the Security Automation category.

Read Blog

Sectigo Is Short Listed for Computing Magazine’s AI & Machine Learning Awards

We are pleased to announce that Sectigo Certificate Manager has been short listed for Computing Magazine’s AI & Machine Learning Awards, which recognize the people, projects, and companies that are leading this fast-developing area of technology.

Read Blog

Automated Certificate Management Is No Longer a Nice to Have; It’s Essential

Automated renewal is no longer a luxury; it’s essential. The same applies to certificate issuance.

Read Blog

63-Bit Password Episode Emphasizes Role of Automation in Enterprise PKI

Industry PKI experts recently have discovered a flaw in certificate generation practices that employ the commonly used EJBCA CA tool, which can result in serial numbers with 63 bits of entropy as opposed to the 64 bits required by public certificate guidelines.

Read Blog

Simplify management of all SSL certificates across your enterprise

Enterprise SSL

Sectigo Enterprise SSL allows you to automate the installation of SSL. As certificate lifetimes are reduced by the browsers, there is a growing need to renew certificates on a growing number of servers in a reduced amount of time.

Sectigo Automation

Automation is now critical to any certificate management system. Not only does it reduce the overall cost of ownership; but automation also enforces cryptographic compliance and prevents potential service disruptions caused by human error.

Download Datasheet

Subscription SSL

Sectigo now offers three-, four-, and five-year Subscription SSL bundles, allowing customers to obtain continuous certificate coverage for up to five years.

Download Datasheet

Extended Validation (EV) SSL Certificates

Extended Validation (EV) SSL is the highest-security form of SSL certificate available. Increase your transaction rates and provide better security with EV SSL certificates from Sectigo

Download Datasheet

Sectigo SSL Solutions Brief

A simple guide explaining the overview of TLS and SSL, along with the types of certificates and certificate solutions.

Download Datasheet

Extended Validation for SSL for Online Retail

Extended Validation (EV) SSL is an important tool in giving your online business the credibility and trust visitors require before they will choose to engage in transactions or share sensitive information with you online.

Download Datasheet

Extended Validation for SSL for Research Result

Consumers prefer online businesses displaying green address bars and complete more transactions

Download Datasheet

Extended Validation for SSL for Small Business

Extended Validation (EV) SSL is an important tool in giving your online business the credibility and trust visitors require before they will choose to engage in transactions or share sensitive information with you online.

Download Datasheet

Beware: Phishing Attacks Using SSL are on the Rise

An uptick in phishing websites using SSL certificates is causing concern in the industry. However, there are steps companies can take to protect their customers from being the victims of fraud.

Download Whitepaper

Combating Attacks: Best Practices in Securing Your Digital Identity

Malware attacks, cybercrime, cyberterrorism and related threats are increasing on a daily basis. So too is the defense of these attacks, as Certificate Authorities (CA) implement security measures that stay ahead of an attacker’s next step.

Download Whitepaper

A-Z Guide in Choosing the Right SSL Certificate

Introduction to the different types of certificates, how they work, and what kind is most relevant for your use case.

Download Whitepaper

Understanding the Role of Extended Validation Certificates in Internet Abuse

Extended Validation (EV) Certificates play an instrumental role in web security. EV certificates assure the visitors of a website that they are indeed visiting the safe website they intend to, and not an imposter set up by cybercriminals. Previous work [1] has shown that domains who invest in EV certificates are prudent with cyber security practices, and these domains were not found to be associated with phishing sites.

Download Whitepaper

Extended Validation SSL: Your Key to Maximizing Online Trust

EV SSL is a clearly visible example of your business investing in best-of-breed security to protect your site visitors.

Download Whitepaper

Secure Your Website with Sectigo SSL

Sectigo offers the complete range of available SSL certificates for your business. With more than 100 million certificates issued and the widest selection of certificate options to meet the needs of any sized website, Sectigo is the best choice for your SSL needs.

Watch Product Video

Sectigo's ACME Automation

Sectigo offers several automation capabilities, including support of the ACME Protocol. Come check out how we make it easier than ever for automated deployments of SSL Certificates.

Watch Product Video

5 Reasons to Consider EV SSL for Your Online Business

Add your company name to the browser interface in the branded address bar enabled by EV SSL. Increase user confidence and transaction rates by showing your true identity online.

View On-Demand Webcast

Recent Changes to Google Chrome that Every Online Business Needs to Know

During our co-run webinar with Redmond Mag, our host Tim Warner walked us through some recent changes with the Google Chrome update and what that means for your Digital Certificate.

View On-demand Webcast

Sectigo to Remove Brand Information from DV Certificates

Sectigo recently announced that we will make a change to our issuance practices to remove “static” brand and hosting information from the OU fields of our Domain Validation (DV) certificates.

Read Blog

On Black Friday and Cyber Monday, Look Out for “Not Secure” Warnings

As millions of people visit online retailers to spend hundreds, even thousands, of their hard-earned dollars, cybercriminals are finding increasingly creative ways to trick consumers into mistakenly sending that money their way, instead.

Read Blog

How Let's Encrypt Runs CT Logs

Sectigo is proud to sponsor the Let’s Encrypt CT Log. We believe this initiative will provide much-needed reinforcement of the CT ecosystem,” said Ed Giaquinto, Sectigo’s CIO.

Read Blog

The Hidden Price Tag of Free DV Certificates

Everything has a cost, including free Domain Validated (DV) certificates. In exchange for $0.00, you’ll be trading your time and technical expertise along with valuable additional features that only a commercial DV certificate can provide.

Read Blog

Status of Browsers and EV Indicators

It used to be that all popular browsers reliably displayed the company name in green to the left of the web address, now Chrome and Firefox have decided to remove the company name and require a click on the lock icon to see the certificate’s identity information.

Read Blog

Sectigo Votes in Favor of One-Year SSL Certificate Term Limit

After careful consideration, Sectigo has decided to vote in favor of CA/Browser Forum (CABF) ballot SC22, which seeks to limit the allowed duration of TLS certificates to 397 days, or about thirteen months.

Read Blog

Mozilla's Announced Decision to Remove the Extended Validation UI Indicator Should Be Reconsidered

The week before last, very quickly and without advance warning, Mozilla announced that it would remove the Extended Validation SSL certificate indicator from its upcoming build 70.

Read Blog

Be Prepared for One-Year SSL Certificate Duration

A recent CA/Browser Forum ballot sponsored by Google will, if it passes, limit SSL certificate lifespans to 397 days (thirteen months) starting in March 2020. Should this ballot pass, organizations that presently use two-year SSL certificates will need to change their practices to only one-year certificates moving forward.

Read Blog

New Research on EV SSL Security from Georgia Tech: EV Domains 99.99% Free of Online Crime

Today we saw new research from Georgia Tech’s Cyber Forensics Innovation (CyFI) Lab on the topic of Extended Validation (EV) SSL and online criminal actors.

Read Blog

EV Fallacies Debunked - "This Other Site Isn’t Using EV So I Shouldn’t Either"

Sometimes IT decision makers seem to be going out of their way to find excuses not to invest in Extended Validation SSL.

Read Blog

Seven Steps to EV SSL Issuance

SSL certificates create a secure communication tunnel by encrypting the data sent between a client and server, or between two servers, to prevent cybercriminals from modifying data.

Read Blog

Firefox to Add “Not Secure” Warning to Non-SSL Pages

In its upcoming build 70, Firefox will incorporate a “Not Secure” warning for non-SSL pages. This warning will appear to the left of the address, where the company-branded green address bar appears on sites with EV SSL certificates.

Read Blog

How Loss Aversion Ties into Decision Making for EV SSL Certificates

I have been engaged with many decisions makers who are evaluating whether or not to use Extended Validation SSL on their sites, and I have repeatedly observed how a psychological phenomenon called loss aversion biases this decision-making process.

Read Blog

How Well Do the Largest Banks in North America and Europe Protect Customers from Phishing?

Given the extent and value of personal and financial data managed by the world’s leading financial services companies, and that 76% of data breaches are financially motivated, it is critical for banking customers to feel assured of the authenticity of their banks' websites.

Read Blog

Enable Certificate Management Automation for Citrix ADC with Sectigo

Citrix ADC’s SSL offload feature transparently improves the performance of web sites that conduct SSL transactions.

Read Blog

Sectigo Is Sponsoring a Certificate Transparency (CT) Log from Let’s Encrypt. Here’s Why.

Today we announced that Sectigo is sponsoring Let’s Encrypt’s new Certificate Transparency (CT) log "Oak." As Let’s Encrypt’s CT log sponsor, Sectigo makes it economically possible for Let’s Encrypt, a non-profit, to create and maintain a CT log capable of meeting high-volume needs.

Read Blog

When It Comes to SSL Certificate Automation, Sectigo Provides Plenty of Options

One size does not fit all when it comes to automation of SSL certificate lifecycle management. That is why Sectigo provides a number of alternatives and a choice to pick one or more that are the most suitable for your organization.

Read Blog

What the Latest Firefox Update Means for SSL Certificates

Last month marked the release of Firefox 66, the newest iteration of the ever-popular web browser. The update adds a number of interesting new features, including improvements to content loading and extension storage, auto-play sound blocking, and support for the AV1 codec (on the Windows version, at least).

Read Blog

Why CAs Charge More for Extended Validation SSL

One objection that is raised against Extended Validation (EV) SSL is that, for any given Certificate Authority, it tends to cost more than an Organization Validation (OV) or Domain Validation (DV) certificate.

Read Blog

Should We Keep Calling the EV-SSL-Enabled Interface a “Green Address Bar?”

Back in 2007 the industry announced Extended Validation (EV) SSL. The first browser to present EV certificates with a difference in the interface was Internet Explorer, which displayed the address bar

Read Blog

All Sectigo Public Certificates Meet 64-Bit Serial Number Requirements

Industry PKI experts recently have discovered a flaw in certificate generation practices that employ the commonly used EJBCA CA tool, which can result in serial numbers with 63 bits of entropy as opposed to the 64 bits required by public certificate guidelines.

Read Blog

New Research Regarding Online Criminal Marketplaces for Certificates

A recent study from researchers at the Andrew Young School of Policy Studies at Georgia State University discusses how online marketplaces feature a steady supply of TLS / SSL certificates from all major public ertificate Authorities (CAs), including Comodo (Sectigo’s old certificate brand name).

Read Blog

Authentication Is Not for the Party Being Authenticated

Our IT systems are frequently engineered not to enable encryption unless certificates are in place (most obviously when connecting to a web site using a popular desktop or mobile browser), but that decision is in recognition of the original purpose of certificates, which is to authenticate the identity of a participant in a digital transaction.

Read Blog

Root Causes: New TLS Certificate Incident Research

New research out of Indiana University Bloomington reviews nearly 400 "incidents" with public SSL certificates over the course of more than a decade. Join us as we go through the main findings from this piece of original research, including methodology, incident types and causes, and rogue certificates.

Listen to Podcast

Root Causes: What is the CA/Browser Forum?

SSL certificate practices are governed by the rules of the CA/Browser Forum. But what is the CA/Browser Forum, who is in it, and where do they get their authority?

Listen to Podcast

Root Causes: New University Research on Phishing and Certificates

Join our hosts as we dig into the details of these findings to learn specifically which certificate types are more or less likely to appear on phishing sites - and some thoughts on why.

Listen to Podcast

Root Causes: Prepare for One-Year Limits on SSL Certificates

Our hosts discuss the trend to shorter certificates, the pluses and minuses of decreased maximum term, and automation as the only solution to fill the gap.

Listen to Podcast

Root Causes: Why Do Browsers and Academic Research Say Different Things About EV SSL?

Breaking research from two esteemed universities shows that sites with Extended Validation SSL certificates are much less likely to be engaged in criminal behavior like malware and phishing. And yet, leading browsers are reducing or removing EV information from the interface.

Listen to Podcast

Root Causes: When a Whole Country Has it's PII Stolen

Recently we have seen major news items in some of the common Root Causes themes. Join our hosts as they discuss new whopping breach fines from GDPR and the FTC, what happens when an entire country has its PII stolen, and phishing sites with SSL.

Listen to Podcast

Root Causes: SSL Certificate Automation through ACME

Join our hosts and guest Abul Salek as they discuss this ACME, why it's important, and what's next for this hugely popular standard.

Listen to Podcast

Root Causes: Pending Safe Browser Guidelines from Germany

Join our hosts as they discuss the German safer browser requirements and their potential impact on Germany, other governments, and industry worldwide.

Listen to Podcast

Root Causes: Authentication is Not for the Authenticated

Join us for a discussion of who benefits from known identity, what can go wrong when identity is obscured, and why ecosystems must include incentives for members to participate in identity authentication.

Listen to Podcast

Root Causes: 63-bit Serial Numbers

A recently discovered flaw in common practices reveals that potentially millions of active SSL certificates fall short of cryptographic requirements. Learn how it is that 64-bit certificate serial numbers might offer only 63 bits of entropy and what CAs have to do about it.

Listen to Podcast

Create and manage your own Private Certificate Authority

Private PKI

Sectigo's Private PKI, also known as Private CA, is a complete, managed PKI solution that lets you automatically issue and manage private certificates for all non-Microsoft devices and applications within your enterprise.

Sectigo PKI Enterprise Use Case: Windows Hello for Business

Integrating PKI-based authentication with Windows Hello for Business biometrics helps ensure the highest standards of security and identity. But using manual processes to manage the certificates required for Windows Hello for Business across large numbers of employees is labor intensive, technically demanding, and error prone.

Download Datasheet

Sectigo PKI Enterprise Use Case: Mobile Devices

Employees rely on a variety of mobile devices at work. That’s why it has never been more important—or more difficult—to authenticate digital information and keep it secure across smartphones, tablets, and other mobile endpoints in the enterprise.

Download Datasheet

Sectigo PKI Enterprise Use Case: VPN

Replacing multi-factor authentication for VPN access with certificate-based authentication improves the user experience and helps ensure the highest standards of security and identity. Sectigo can help. Sectigo Certificate Manager is a complete management platform that automates end-to-end lifecycle management of digital certificates at scale.

Download Datasheet

Sectigo PKI Enterprise Use Case: Web Servers

Effectively implementing PKI on web servers requires overcoming significant challenges. To help ensure the highest standard of web server authentication and identity, your security team needs an enterprise SSL certificate management platform.

Download Datasheet

Sectigo PKI Enterprise Use Case: WiFi

PKI-based authentication for Wi-Fi enables password-free user access and helps ensure the highest standards of security and identity. But using manual processes to manage the certificates required for Wi-Fi access across large numbers of employees is labor intensive, technically demanding, and error prone.

Download Datasheet

Private Certification Authority Services

Under a Private CA, enterprises can create their own private root certificates, which can issue private, end-entity certifi cates to their internal servers and users. Sectigo’s Private CA solution provides customers with a complete, managed PKI solution designed to alleviate problems associated with establishing and managing internal PKI.

Download Datasheet

Securing the Breadth of Enterprise Use Cases with PKI

Today, more than ever, our economy relies on data and digitally disruptive business models. Whether you are looking to improve customer experience, launch new products and services, open new routes to market, or streamline business operations, chances are data plays a key role.

Download Whitepaper

Leveraging PKI to Ensure Security Privacy, and Integrity in Healthcare and the Life Sciences

Every organization in the healthcare and life sciences sector must manage multitudes of data. Whether it’s sensitive Personal Health Information (PHI), invaluable ntellectual property, ponderous internal records, or the product of an analytics system or connected device, data is arguably the sector’s most precious asset— and among the most challenging to protect.

Download Whitepaper

Using PKI to Ensure Security, Privacy, and Integrity of Data for Firms in the Financial Services Sector

Today, more than ever, the financial services industry relies on data. From managing transaction details, providing real-time account and trading information, and creating a trustworthy overall customer experience to automating risk management processes, forecasting, and fraud detection, data is integral to all the financial sector does. For financial institutions, data has become their lifeblood—and the most important resource to protect.

Download Whitepaper

Digital Identities for Identity and Access Management

One of the leading attacks on an Enterprise occurs when the attacker impersonates a legitimate user or device to steal intellectual property, or otherwise harm the business operations. A strong digital identity is the best proven method to prevent a digital impersonator.

Download Whitepaper

Enterprise Certificate Authority Made Easy

Microsoft Windows plays an important role in the Enterprise, serving as the access point to company assets within the firewall, over a virtual private network, or from the browser to cloud services. However, authentication is required to ensure only authorized employees and devices can access the company assets.

Download Whitepaper

Supporting Microsoft CA with Sectigo Certificate Manager Private CA

Sectigo Certificate Manager provides enterprises with a Private Certificate Authority (CA) solution, delivering a complete, managed public key infrastructure (PKI) platform designed to alleviate the problems associated with establishing and managing an internal PKI. Through the Private CA, enterprises can create their own private root certificates, which can issue private end-entity certificates to internal servers and users.

Download Whitepaper

Augment Microsoft CA and Secure Non-Windows Devices and Applications

Explainer video on how Sectigo Certificate Manager can augment Microsoft CA to secure applications not running on a Windows Operating System such as mobile devices, web servers, IoT, DevOps, SSH, and more.

Watch Product Video

Sectigo Private CA

Check out this animated video and learn the basics of what it means to host a Private CA.

Watch Product Video

Digital Certificates in the Modern Enterprise

Digital certificates are in use everywhere, for a variety of use-cases within the modern enterprise. Our purpose-built PKI solutions make scaling and automating your Digital Identity Management System possible, providing you with the crypto-agility to stay ahead of the ever-changing standards and future-proof your systems.

Watch Product Video

Using and Managing Private PKI for the Security of Your Enterprise

Digital Certificates are becoming increasingly prevalent within the enterprise, whether for securing internal services or authenticating employees and devices. However, growing certificate volumes and the complexity of operations can lead to problems with management and maintenance of your CA infrastructure.

View On-demand Webcast

The Future of PKI in the Modern Enterprise Webinar

Join our subject matter experts Tim Callan and Jason Soroko to discover how Sectigo Private PKI allows you to secure and automate the management of your internal devices and applications, regardless of which internal protocols you have in place, and save you costs, time and resources in the long run.

View On-demand Webcast

Is Private PKI Really Private?

With our Private PKI solution, you can brand the certificates for your servers, devices, and users. Since the purpose of this CA is to serve your organization only, it will provide a tighter control when this PKI infrastructure is used for internal user authentication.

Read Blog

Root Casues: Blockchain vs. PKI

Join us this episode as we explain the details of how blockchain and PKI work, similarities and differences between them, and what use cases are appropriate for each.

Listen to Podcast

Root Causes: Weaknesses in MFA Authentication

A recent FBI warning cautions of attacks that circumvent Multi-Factor Authentication (MFA). Join us as we describe contemporary attacks against MFA and how to defend against them.

Listen to Podcast

Root Causes: What is Blockain's Killer App?

Join us as we explain what blockchain actually does and how it compares to PKI, including some examples of use cases that are appropriate for each of these technologies.

Listen to Podcast

Root Causes: Shadow IT and PKI

Shadow IT has become a fact of the modern enterprise. SaaS, BYOD, outsourced development, embedded IT, DevOps, and public cloud have all chipped away at the CIO's ability to oversee and control the enterprise's technology systems. Join our hosts as they discuss these challenges and what IT departments can do to address them.

Listen to Podcast

Root Causes: Using PKI to Authenticate Phone Callers

Join our hosts as they discuss public telephony systems and other environments that suffer from this problem, where this situation creates vulnerabilities, and what can be done about it.

Listen to Podcast

Root Causes: Certification Revocation

Join our hosts as they discuss the whys and wherefores of revocation by the CA, especially as it relates to code signing and malware.

Listen to Podcast

Root Causes: Architecture for Enterprise Certificate Automation

Join our hosts as they detail the whys and hows of enterprise certificate automation. A must-listen for anyone seeking to understand this rapidly emerging technology space.

Listen to Podcast

Root Causes: PKI in the News

Tune in to learn the latest about the Dragonblood WPA3 vulnerability, Russian spoofing of GPS/GNSS navigation signals, Know Your Customer (KYC) for social media sites, and a Chinese national's apparent attempt to install a USB rootkit somewhere in Mar-a-Lago.

Listen to Podcast

Root Causes: Free PKI is Not Free

The promise of a "free" Microsoft CA was alluring to enterprises in the 2000s, but today's increasingly open computing architectures and agile development methodology have outgrown your old fashioned Microsoft CA. Learn about the seven common use cases where your traditional CA no longer does the job.

Listen to Podcast

Root Causes: Australia's New IT Security Back Door

Australia now requires a back door to IT systems. Our hosts are skeptical that this idea will work. Join our PKI experts to learn about the dangers and pitfalls of such a system - and why they have failed in the past.

Listen to Podcast

Root Causes: Introduction

Intro to the leading PKI and security podcast. Learn your hosts' qualifications and the reasons for creating this podcast.

Listen to Podcast

Improve your email security

Enterprise S/MIME

Sectigo’s industry-first Zero-Touch publicly-trusted S/MIME lets you seamlessly deploy and manage email certificates without requiring action from end users or interfering with their experience.

Email Certificates for GDPR Compliance

Enable encryption and identity authentication for greater email security with S/MIME certificates.

Download Datasheet

Meet Federal Requirements for Secure Email

Learn how to protect controlled, unclassified information in non-federal systems and organizations.

Download Datasheet

Sectigo S/MIME Email Certificates Brief

Posing as legitimate employees, servers, or devices, hackers can utilize email to infiltrate an organization’s digital infrastructure and wreak havoc on its business. You can combat these potential attacks by signing email using Sectigo S/MIME Email certificates.

Download Datasheet

Securing Emails with S/MIME Certificates for HIPAA Compliance

Email containing PHI must be protected with digital certificates to successfully guard patients’ privacy and maintain compliance with the HIPAA and HITECH regulations.

Download Datasheet

Sectigo Email Security Solution

Leran how to combat BEC/EAC or Email Phishing using Sectigo CA Email Security solution.

Download Whitepaper

Zero-Touch Email Certificate Deployment

Improve S/MIME installation and management for the Enterprise by using certificates as a defense against email-based attacks.

Download Whitepaper

E-Book on the Value of S/MIME

Learn what Business Email Compromise is and how S/MIME email certificates can help defend against BEC and related spear phishing attacks, and how email certificates contribute to compliance with key regulatory requirements.

Download E-Book

Zero Touch Deployment S/MIME Solution

World's first zero-touch, push deployment of S/MIME certificates to mobile devices; capable of seamlessly enabling and configuring the mail client.

Watch Product Video

Secure Email Signing Certificates

Watch this video to learn how to combat potential attacks by signing emails using Sectigo email S/MIME certificates.

Watch Product Video

The Bright Future of Email Encryption

Tim Callan and Jason Soroko discuss how Sectigo Zero-Touch S/MIME allows you to protect your employee communcations by deploying in all mail apps without complicated user intervention.

View On-demand Webcast

How to Protect and Defend Your Organizations from Email Attacks

Join Jason Soroko on this webinar to learn how to make S/MIME easy.

View On-demand Webcast

Automated S/MIME Pays for Itself by Eliminating Common Support Issues

With private and confidential information being communicated over email every day, it should come as little surprise that email encryption tools like S/MIME have become an important part of organizational security.

Read Blog

Why Automation Matters to Enterprises Seeking to Use S/MIME Email Certificates

Encryption and digital signature are the best way to ensure the integrity and privacy of email communication.

Read Blog

S/MIME 101: Making GDPR Compliance Easy with S/MIME

Since it went into enforcement in May 2018, the General Data Protection Regulation (GDPR) has made waves throughout the world, and organizations have spent the past several years trying to understand what it means, how to remain compliant, and how their operations might be affected.

Read Blog

S/MIME 101: Maintaining DFARS Compliance Using S/MIME

Defense Federal Acquisition Regulation Supplement, better known as DFARS, is designed to protect controlled unclassified information in nonfederal systems and organizations.

Read Blog

S/MIME 101: How S/MIME Can Help with HIPAA Compliance

S/MIME and its certificate-based authentication technology can help mitigate the risk of email-based attacks and keep confidential information safely under lock and key.

Read Blog

S/MIME 101: Protecting Yourself from Phishing Attacks

Perpetrated using fraudulent emails pretending to be from a known or trusted sender, the intended goal of a spear phishing attack is to prompt the victim to carry out some action on their behalf.

Read Blog

S/MIME 101: Why Email Is Vulnerable and How S/MIME Can Help

Businesses across industries depend upon email as an indispensable communication method, keeping employees in touch with customers, partners, vendors, and, of course, each other. But email communication has its drawbacks.

Read Blog

Root Causes: S/MIME Automated Deployment

Find out what the challenges to past adoption have been for this underutilized security technology and what the industry is doing to help enterprises secure their email today.

Listen to Podcast

Ensure software and application integrity with digital signatures

Enterprise Code Signing

Sectigo’s Code Signing enables you to develop secure code with enterprise-scale certificate lifecycle management that gives you greater cryptographic flexibility and improved time to market.

Sectigo Code Signing Brief

Sectigo Code Signing enables developers to add a layer of assurance, informing users the software they’re receiving can be trusted.

Download Datasheet

Code Signing Solutions from Sectigo

Sectigo Code Signing certificates enable developers to digitally sign applications and software programs to verify the source of the code and that it has not been altered in any way.

Watch Product Video

Sectigo Code Signing Authentication Evolves

Some Sectigo Code Signing certificate subscribers have opined recently that our Code Signing authentication now includes additional steps and requirements it did not have in previous years.

Read Blog

The What, When, and Why of Revoking Certificate-signed Malware

Now is a good time to discuss signed malware, revocation of certificates used for criminal purposes, and the tradeoffs CAs must face as they establish and enforce certificate practices.

Read Blog

Signed Malware Reports: Getting the Numbers Straight

A thank you to security monitoring firm Chronicle for identifying 127 active Code Signing certificates from Comodo / Sectigo used to sign malware incidents. We have revoked these certificates.

Read Blog

Enterprise PKI Use Case

DevOps

Enforce cryptographic security policy, enable secure container communication and future-proof your applications with Enterprise PKI for DevOps.

Forrester Report - Predictions 2020: DevOps

DevOps continues to capture hearts and minds. However, with release speeds slowing, it’s experiencing an inflection point. To succeed, integrated DevOps teams must perceive this inflection point as an opportunity to approach DevOps differently.

Download Datasheet

PKI for DevOps

DevOps teams can incorporate compliant certificate processes into their normal workflow and start taking full advantage of: code signing, RESTful API for Container Certifications, ACME for SSL and DevOps Integrations.

Download Datasheet

Unleashing Speed and Scale in DevSecOps

Watch this live webinar recording as Jason Soroko, CTO of PKI and guest speaker Sandy Carrielli, Principal Analyst at Forrester discuss how DevSecOps teams can improve security, reliability, interoperability, and compliance.

View On-demand Webinar

DevOps.com Workshop: PKI for DevOps Orchestration

Join our hosts Tim Callan and Jason Soroko as they discuss PKI for DevOps Orchestration.

View On-demand Webcast

DevOps.com Webinar: PKI for DevOps

Join us as our hosts walk us through what DevOps is, why it's starting to gain traction now, and why establishing proper PKI security for these instances is a must.

View On-demand Webcast

All About Agility: PKI in DevOps Matters

With an ever-growing need for rapid software releases, organizations are showing an increased interest in DevOps practices and the widespread adoption of microservice architecture patterns.

Read Blog

PKI for DevOps Environments

DevOps as a software development and deployment methodology has radically transformed enterprise computing. This approach brings with it new architectures and tools such as containerization, Kubernetes, and multi-cloud. Learn how PKI plays a critical role in DevOps environments and how enterprises can best use certificates to keep their platforms safe.

Listen to Podcast

embedded device hardening technologies and third-party certificate issuance and management

IoT Identity Platform

Industry-First End-to-End Platform Offering Embedded Device Identity and Integrity Technologies and Purpose-Built Certificate Issuance and Management

IoT Identity Platform

While connected devices can enable innovative revenue models, improve device functionality, and enhance visibility and control, they also introduce significant business, legal, and compliance risks. That’s why it is imperative for enterprises using connected devices to include security and identity management at the device level and to continually fortify their capabilities to stay ahead of threats.

Download Datasheet

Sectigo IoT Manager Brief

To protect an IoT ecosystem against outside threats, Sectigo IoT Manager utilizes a secure, cloud-based portal that issues trusted third party PKI certificates for authentication and lifecycle management of the IoT network to protect it throughout its lifespan.

Download Datasheet

IoT Use Case: Firewall for Automotive Gateway ECUs

Today’s vehicles are increasingly vulnerable and require state-of-the-art embedded device security to help ensure the highest standards of safety, security, and compliance.

Download Datasheet

IoT Use Case: On-Premise or Cloud-Based Private PKI For Manufacturing

In order to enable secure authentication and prevent counterfeiting, OEMs and manufacturers must add certificates to their IoT devices and security chips at the assembly line.

Download Datasheet

Leveraging PKI to Secure Connected Devices and Enable Business Models

Digital certificates can automatically authenticate internet-connected devices and enable encryption for data passed to and from them, improving reliability, availability, and security.

Download Whitepaper

Sectigo IoT Manager

Sectigo IoT Manager uses a secure, cloud-based portal to issue trusted, third-party, PKI certificates to be assigned to devices for authentication and lifecycle management. All in a solution that’s effective, efficient, and easy to manage.

Watch Product Video

CA SB-327: The Nation's First IoT Cybersecurity Law

The Nation's first IoT cyber security law, California SB-327, went into effect January 1st. Join Sectigo's cybersecurity experts Jason Soroko, CTO of PKI and Tim Callan, Senior Fellow, as they walk you through this new law, what it requires from IoT providers, and how you can stay compliant with these new legal requirements.

Watch On-demand Webcast

IoT 101

Jason Soroko discusses the history of "Internet of Things" and why IoT Security is so important now more than ever.

View On-demand Webcast

Securing a World of Inter-Connected Devices

Discover what IoT Security actually means, and how you can effectively secure connected devices such as SCADA, electric car chargers, healthcare equipment. Attacks on these types of equipment have already been in the news, but how has it happened?

View On-demand Webcast

Australia's IoT Cybersecurity Guidelines Highlight Importance of Embedded Device Security

Australia has joined the ever-swelling ranks of government and industry organizations developing and publishing guidelines or enacting regulations regarding IoT device security.

Read Blog

Keeping Medical Devices, Services, and Data Safe from Cyberattacks

In the last few years, hospitals and medical facilities have been successfully targeted by cyber crooks looking to exploit or wreak havoc on the healthcare sector and its patients.

Read Blog

Internet of Things Authentication Is “On the Rise” According to Gartner

Gartner has added “Internet of Things Authentication” in the Innovation Trigger phase of its Hype Cycle for Identity and Access Management Technologies, 20191 (available to Gartner subscribers)(August 2019). The report identifies Sectigo as a Sample Vendor of Internet of Things Authentication, and further cites a “high” benefit rating of the technology.

Read Blog

How PKI & Embedded Security Can Help Stop Aircraft Cyberattacks

On July 30th, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) issued a security alert warning small aircraft owners about vulnerabilities that can be exploited to alter airplane telemetry.

Read Blog

When Refrigerators Attack - How Cyber Criminals Infect Appliances, and How Manufacturers Can Stop Them

According to Business Insider and Proofpoint, one of the first refrigerator incidents occurred in late 2013 when a refrigerator-based botnet was used to attack businesses.

Read Blog

Bad Cars: Anatomy of a Ransomware Attack

There have been a few real-world cases where white-hat hackers and researchers have been able – in limited, controlled instances – to actually penetrate a car’s electronics and communications systems, take over the car’s steering and acceleration systems, and potentially do real damage. However, there are other scenarios that might not be as obvious or as dramatic.

Read Blog

Return of the IoT Botnet: Silex Exposes the Soft Underbelly of IoT Devices

Like the Fast and Furious movies, IoT botnets and cyberattacks just keep coming. The most recent attack, the Silex botnet, is particularly nasty. It doesn’t use devices to create DDoS attacks or attempt to steal personal data.

Read Blog

Icon Labs Is Excited to Join Sectigo

Icon Labs provides cross-platform security solutions for embedded OEMs and IoT device manufacturers. For more than two decades we have ensured that OEMs have the tools and solutions needed to build best-in-class security into their devices.

Read Blog

Sectigo Acquires Icon Labs

We are pleased to announce that Sectigo has acquired Icon Labs, a provider of cross-platform security solutions for embedded OEMs and IoT device manufacturers.

Read Blog

Root Causes: 2019 Lookback - Infrastructure and IoT Security

Join our hosts as they talk about the trends in IoT and infrastructure security in 2019 and where these trends may go in 2020.

Listen to Podcast

Root Causes: Quantum Apocalypse - Quantum Resistant Cryptography for IoT

Our hosts are joined by repeat guest Alan Grau as we explore how IoT has specific requirements and challenges for quantum resistant crypto.

Listen to Podcast

Root Causes: Automotive Device Security

Our hosts describe the cyber threats facing connected cars, including real attacks that already have been proven, new challenges that will come with increasingly advanced capabilities, and what manufacturers can do to protect drivers from harm.

Listen to Podcast

Root Causes: Vulnerabilities in Cisco Routers and Other Device Integrity Controls

Security flaws in the device integrity modules of Cisco routers and other devices have lately filled the headlines. Join our hosts and guest Alan Grau as they discuss what is happening with these flaws, why, and what to do about it.

Listen to Podcast

Root Causes: New Texas Energy Grid Security Regulation

The state of Texas is leading the way with new legislation requiring cyber protections for its energy grid. Join our hosts as we explain this legislation, why it comes now, and its potential impact on the greater energy industry.

Listen to Podcast

Root Causes: California's New IoT Security Law

California Senate Bill 327 (SB-327) goes into effect January 1, 2020. Join us to learn what SB-327 requires from device manufacturers, which threats it protects against, and how this ordinance is leading the way toward stronger IoT security practices.

Listen to Podcast

Root Causes: Global Energy Grids Under Cyber Attack

The world's energy grids and other utilities have increasingly become targets for cyber attack, both state-sponsored and otherwise. Join our hosts as they discuss the latest developments, possible consequences of cyber war against energy grids, and what we can do about it.

Listen to Podcast

Root Causes: Sectigo Acquires Icon Labs

Jason and Tim are joined by Icon Labs co-founder Alan Grau as our podcasters explore the needs and potential vulnerabilities for connected devices and the suite of technologies that can address these security requirements.

Listen to Podcast

Root Causes: P2P Vulnerability in IoT Devices

Join our hosts as we discuss the nature of IoT-based botnets and their negative consequences on enterprises, consumers, and the internet at large, including DDoS, phishing, and more.

Listen to Podcast

Root Causes: PKI For Iot

Learn how identity is an essential part of protecting any service involving IoT devices and how PKI is positioned to provide that identity.

Listen to Podcast

Industry-related Topics

Thought Leadership

Here you'll find various topics that aren't necessarily to a particular product but are more broad topics related to cyber security industry.

The Future of Identity and Access Management

All business processes and applications are imbued with identities, and managing these identities is essential when it comes to protecting data. Customer-obsessed security pros need a solid grasp of IAM capabilities and must treat them as a top priority.

Download Whitepaper

The Search for Quantum Resistant Cryptography

Cryptography depends on the ability to create strings of bits that are extremely difficult to guess using brute force methods. Before it can be used, any encrypted data must be decrypted using a digital key, and for our cryptographic systems to work these asymmetric keys must be impractical to discover just by running through combinations until we get one right.

Download Whitepaper

California Consumer Protection Act: What You Need to Know

Effective January 1st, the California Consumer Privacy Act (CCPA) has created consumer privacy protections that all companies serving customers in California must follow. Join Tim Callan, Senior Fellow, and Jason Soroko, CTO of PKI at Sectigo, as they explain these new regulations and what they are requiring companies to do.

View On-demand Webcast

Windows CryptoAPI Spoofing Vulnerability Revealed

This week Microsoft disclosed the existence of a critical vulnerability in how Windows operating systems validate ECC-based x.509 certificates and released patches for affected versions that are supported. We highly recommend immediate application of the appropriate patch to all Windows servers and client systems to prevent exploits based on this newly discovered flaw.v

Read Blog

Sectigo Executives Share 2020 Predictions

As 2019 draws to a close, it’s time to turn our attention to 2020. Our leadership team has been diligently looking ahead, working to identify the new trends and developments that will shape the security market in the coming year.

Read Blog

Social Engineering: Friend or Foe?

In a social engineering attack, a bad actor uses human interaction (social skills) to acquire information about an organization and/or its computer systems.

Read Blog

One Year In, Sectigo Stands Tall

As Sectigo turns one, the company stands proud of its innovations, growth, thought leadership, transparency, and commitment to customer success.

Read Blog

Proceed with Caution: Tips for Avoiding Email Phishing Scams

Email is an essential part or our everyday communications, and it has quickly become one of the most common methods that hackers use to attempt to gain access to sensitive information.

Read Blog

Some Sectigo customers have been misidentified as Comodo customers

We have sought to clarify in the past that Sectigo and Comodo are entirely separate companies. The company that is now called Sectigo was carved out of Comodo and became fully owned by Francisco Partners in 2017, and in 2018 we rebranded our company as Sectigo.

Read Blog

I Hate the Word Spoof

The trouble with spoof is that it is most commonly used in the context of literature, media, or storytelling. A spoof is a send-up of a known art work.

Read Blog

DigiCert Changes to New Private Equity Owners

Yesterday, DigiCert announced the company has been acquired by Clearlake Capital Group and TA Associates. It has been a busy few years in terms of ownership changes for DigiCert.

Read Blog

Attention Journalists and Researchers: Don't Confuse Comodo with Sectigo

An article in TechCrunch yesterday reported a security breach against Comodo. Unfortunately, this article attributes what is in fact Sectigo’s SSL business to Comodo.

Read Blog

Root Causes: 2019 Lookback - Evolving Cryptography

2019 saw important changes in the world's cryptographic standards, including changes in browser treatment of SSL certificates, the removal of a public CA from trusted root stores, widespread serial number entropy problems across many CAs, and progress in building quantum-resistant PKI. Join our hosts as they detail these going-on and others and talk about what 2020 may hold in terms of evolving cryptography.

Listen to Podcast

Root Causes: Energy Infrastructure Cyber Attacks

Global energy infrastructure continues to find itself under cyber attack from Advanced Persistent Threats (APTs). Join our hosts as we discuss recent attacks on power plants, why these attacks persist, and possible responses

Listen to Podcast

Root Causes: California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) has been described by some as California's GDPR. This act provides broad protections to consumers in California, and businesses must comply starting January 1, 2020. Join us as we discuss this act, what protections it provides, and what businesses must do to comply.

Listen to Podcast

Root Causes: Weaknesses in MFA Authentication

A recent FBI warning cautions of attacks that circumvent Multi-Factor Authentication (MFA). Join us as we describe contemporary attacks against MFA and how to defend against them.

Listen to Podcast

Root Causes: Criminals Are Patching Browsers for TLS Fingerprinting Attacks

In a new variant on a known attack, a Russian Advanced Persistent Threat has begun applying patches to Chrome and Firefox to enable TLS fingerprinting even after the malware is removed from a system. To learn more about this new development, join our hosts as they explain how this attack works, its significance, and where the criminals may go from here.

Listen to Podcast

Root Causes: Quantum Apocalypse - More on Mosca's Inequality

In episode 35 our hosts explained Mosca's Inequality, a formula for calculating when we need to have post-quantum encryption in place to prevent the Quantum Apocalypse. In this episode our hosts embark on a nuanced exploration of the factors influencing this calculation and test whether popular estimates are credible.

Listen to Podcast

Root Causes: Anatomy of a Botnet

We talk about botnets a lot, but not everyone understands how they are built and used by the criminals who control them or how headless IoT devices have greatly added to their power. Expert guest Alan Grau (VP of IoT and Embedded Security, Sectigo) joins us to help dissect today's botnets.

Listen to Podcast

Root Causes: Interesting Breaches In August Mixdown

The month of August saw some unusual criminal activity when it comes to PKI and malware. Our hosts explain four August news stories including a SHA-1 enabled breach, stolen certificates and keys, and some interesting developments with malware-driven botnets.

Listen to Podcast

Root Causes: Quantum Apocalypse - Will Quantum Annealing Break Cryptography?

In this episode we examine the potential for the quantum annealing approach to break RSA-based cryptography sooner than most people have been expecting, and the difficulty of predicting the "Z date" at all.

Listen to Podcast

Root Causes: Quantum Apocalypse - The Search for Quantum Resistant Crypto

Finding the new quantum-resistant cryptography we will need to replace RSA and ECC is a difficult task requiring the coordinated effort of academics, industry, and government. NIST has stepped in to lead this volunteer community. Join us to learn about this project to discover and vet going-forward crypto candidates, where we stand in the process, and where we go from here.

Listen to Podcast

Root Causes: Quantum Apocalypse - Mosca's Inequality, Mad Max, and Mohawks

Join our hosts Tim Callan and Jason Soroko as they explain how to calculate the ominously named "Z date," the possible consequences of missing that deadline, and potential hairstyles for a post-apocalyptic world.

Listen to Podcast

Root Causes: The White House Wants to Prohibit End-to-End Encryption

The White House is the latest government entity seeking to defeat widespread encryption technology through legislated "back door" access. Join our hosts as they explain why such an idea is essentially unworkable and would endanger the confidential online business and personal services upon which we all depend.

Listen to Podcast

Root Causes: Entropy and Random Numbers

Join our hosts as they discuss the need for randomness, the lengths companies go to to generate random numbers, and the bad things that can happen when they fail.

Listen to Podcast

Root Causes: Attacks on US Cities with EternalBlue Cyber Weapon

A recent spate of ransomware attacks against US municipalities is noteworthy for being enabled by the stolen US cyber weapon EternalBlue. Join our hosts as we explain this attack, its similarities to earlier incidents, and the whole syndrome of government-sponsored cyber war.

Listen to Podcast

Root Causes: 885 Million First American Financial Customer Docs Exposed

It was recently revealed that First American Title Corporation had 885 million confidential customer financial documents discoverable in the clear on its online site. These documents contain all the most sensitive information necessary for identity theft, spear phishing, and other exploits against individuals. Join our hosts as they discuss the details of this exposure, how it may have come about, and its potential consequences.

Listen to Podcast

Root Causes: Death of a Public CA

Mozilla has decided to remove a public CA from its trusted root store. By doing so Mozilla renders public certificates from this CA essentially valueless for almost all use cases. Join our hosts as the examine the reasons for this decision, how CA rules are made and maintained, and why an action like this one ultimately is healthy for the internet as a whole.

Listen to Podcast

Root Causes: SHA-1 Collisions - TLS Fingerprinting - Cisco Trust Anchor Flaw

Recent news has revealed several important developments in PKI and cyber trust. Our hosts cover the latest SHA-1 collision attack and why it signals the inevitable death of this hashing algorithm. We explain TLS fingerprinting and how it enables malware to defeat firewall AI protections. And we walk through reports of a flaw in the implementation of secure elements on Cisco routers.

Listen to Podcast

Root Causes: Russian Disconnection from the Internet

Russia has stated that it will disconnect from the internet as a trial exercise for full-blown cyber warfare. This idea presents many problems for Russian services, systems, and businesses, especially since they depend on global systems such as DNS and public Certificate Authorities. Join us to learn some of the problems facing Russia will face if indeed it disconnects.

Listen to Podcast

Root Causes: Quantum-Resistant Cryptography

The pending cryptographic Quantum Apocalypse requires that we replace the hashing and encryption algorithms used through the internet, enterprise networks, mobile service, and popular devices. Join our experts to learn more about the requirements for quantum-resistant algorithms to survive the Quantum Apocalypse.

Listen to Podcast

Root Causes: Cryptographic Quantum Apocalypse

As quantum computing continues to progress, the world's widespread cryptographic schemes are in danger. To prepare for the cryptographic "Quantum Apocalypse" we will need to replace our RSA- and ECC-based schemes with a new set of ciphers.

Listen to Podcast

Root Causes: US Government Shutdown and Security Vulnerabilities

The US government shutdown has taken its toll on IT systems. Services are going offline, and we are ill equipped to deal with a major security or service crisis. Tune in to learn more about the risks of the ongoing shutdown to the government's technical infrastructure.

Listen to Podcast

Root Causes: Outage and Equifax Breach

In December users of O2, Softbank, and other mobile services experienced a day-long data outage affecting as many as 40 million people. In the summer of 2017 148 million Americans lost their personal data in the Equifax breach.

Listen to Podcast

Chat With Us

We are here for you!
Talk to a fellow human.


United States

+1-888-266-6361

International

+1-914-732-8446

Chat With Us

We are here for you!
Talk to a fellow human.


United States

+1-888-266-6361

International

+1-914-732-8446