Key Objectives and Enhancements:

• Extends SSL/TLS handshake certificates to ECDSA_P256

  ECDSA_P256 is not only powerful but also efficient, ensuring that our security measures enhance protection without compromising system performance. This makes it a preferred choice in environments where both security and performance are paramount.

• Introduces a higher level of security for communications

  The adoption of ESDSA_P256 encryption significantly enhances the security of data transmissions between the CloudOneWS/Deep Security Agent and CloudOneWS nodes. This more advanced encryption method is considerably more challenging for attackers to compromise, thus providing enhanced protection for sensitive data.

• Aligns with current and evolving certification requirements

  This upgrade not only meets but anticipates future security standards and recommendations from cybersecurity experts, ensuring that our security measures remain at the forefront of technological advancements.

• Rollout plans

  The update will be systematically implemented across all regions, with completion targeted by September 30th, 2025.

Frequently Asked Questions

• Why move to ESDSA_P256 encryption?

  ESDSA_P256 is recognized for its strong security properties and efficiency in commercial communications. It's increasingly preferred for its robustness and performance, especially in environments requiring high security.

• Is there anything I need to do to prepare for this upcoming change?

  While ESDSA_P256 is becoming a standard for secure communications, it is advisable for customers to verify that their network infrastructure supports ESDSA_P256 encrypted TLS/SSL communications.

• Will there be any disruption in communication between the Deep Security agent and Workload Security manager?

  No, there will be no disruption. The certificate update will occur seamlessly as part of our routine Infra updates, ensuring continuous and secure communications.