Key Objectives and Enhancements
- Extends SSL/TLS handshake certificates to 3072-bit key length
Increases the certificate key length from 2048-bit to 3072-bit, providing a significant security enhancement.
- Introduces a higher level of security for communications between the Deep Security Agent and Heartbeat Service nodes
The longer key length makes it much more difficult for attackers to break the encryption, thereby offering improved protection for sensitive data transmitted between the Deep Security Agent and Heartbeat nodes. Additionally, this upgrade aligns with current best practices and recommendations from security experts, ensuring that we stay ahead of evolving security standards and threats.
- Align with current and evolving certification requirements
- Rollout plans
The automatic certificate renewals for all regions will be completed by September 30th, 2025.
FAQs
- Why move to RSA 3072-bit encryption?
RSA 3072 is a widely used and strongly recommended key size for use in commercial communications, providing an excellent balance between security and performance. Although algorithms like ECDSA are also popular, RSA 3072 continues to be a reliable choice for safeguarding sensitive data.
- Is there anything I need to do to prepare for this upcoming change?
Even though the RSA 3072-bit certificate length is a commercial standard, it is recommended for customers to review their network infrastructure support to ensure RSA 3072-bit encrypted TLS/SSL communication is allowed.
- Will there be any disruption in communication between the Deep Security agent and Workload Security manager?
No. The updated certificate will be rolled out as part of our standard ongoing certificate renewal process.
- Does this apply to on-premises deployment?
No. This will only apply to cloud-based deployments for Trend Vision One™ Endpoint Security - Server and Workload Protection and Trend Cloud One™ Workload Security.
For support assistance, you can contact Trend Micro Technical Support.