Introduction

Keyfactor CipherInsights continuously analyzes encrypted traffic on your network—without decryption—to identify and score cryptographic risks such as outdated TLS TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. versions, weak cipher suites, expired or self-signed certificates, and misconfigurations. Delivered as a self-hosted appliance that passively listens on your network via SPAN/TAP, tunneling, or a packet broker, CipherInsights produces actionable results in about 90 minutes.

A live cryptographic dashboard summarizes the encryption in use across your network and shows progress toward quantum-safe algorithms. The Evidence page lets you drill down into client↔server relationships, TLS handshakes, and certificate chains. Reports and alerts help maintain compliance (e.g., PCI-DSS 4.0) and document improvements over time. A public API An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. provides full data access so you can focus on what matters to your organization. Together, the cryptographic inventory and evidence help you advance toward crypto-agility—and away from fragile, single points of cryptographic failure.

Components

CipherInsights has two self-hosted components that can run on virtual or physical infrastructure:

• Analytics Hub (appliance): The central platform that receives network metadata Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. from sensors and provides the web portal for dashboards, evidence, and reports.

• Sensor (appliance): A passive network analytics engine deployed on SPAN/TAPs or packet brokers at key switch points. Sensors observe traffic and forward metadata to the Analytics Hub.

Key Capabilities

CipherInsights provides continuous cryptographic monitoring of your network:

• Rapid Time-to-Value: Initial insights in about 90 minutes.

• Risk Scoring: Capture dozens of crypto signals (protocols, cipher suites, certificates).

• Actionable Views: Dashboards, drilldowns, evidence queries, and exportable reports.

• PQC Readiness: Highlight quantum-safe algorithms.

• Encrypted-Traffic Analysis: Inspect encrypted flows without decryption.

• Certificate Inventory: Discover certificates in use across your infrastructure.

• Certificate Hygiene: Flag self-signed, wildcard, expired, and other non-compliant certificates that are still active.

• TLS Posture: Report the distribution of TLS versions to target legacy protocols and enforce policy.

• CA Visibility: Surface Certificate Authorities observed in traffic (valid, invalid, unknown).

• Evidence UI: Explore, drill, and trace cryptographic usage across the network feed.

• Real-Time Session Insights: Continuously identify active servers and their clients.

• Reporting & Visualization: Tabular and visual summaries with drilldowns and analytic reports aligned to best practices.

Hidden links to (linked document is not in XML format), (linked document is not in XML format), Search Results, (linked document is not in XML format) so that they will pull into the project.