Symantec today announced a cluster of new offerings in its Website Security Solutions portfolio. The new security offerings include multi-algorithm SSL digital certificates with stronger and better-performing encryption, updates to Symantec’s cloud-based Certificate Intelligence Center that improve certificate management, and Symantec Secure App Service, a new hosted code-signing service that helps software developers and businesses ensure that their applications are trusted and have not been maliciously tampered with.

Multi-Algorithm SSL Certificates, Certificate Intelligence

Included in the Symantec Website Security Solutions updates are multi-algorithm SSL certificates, giving customers a choice of 2048-bit RSA encryption, which Symantec began offering in 2012, as well as the addition of 256-bit Elliptic Curve Cryptography (ECC) and 2048-bit Digital Signature Algorithm (DSA) certificates. ECC will be available in Symantec Managed PKI for SSL in spring 2013; DSA is available now in Symantec Managed PKI for SSL.

“We’re really excited about ECC,” said Robert Hoblit, senior director of product management for Symantec Website Security Solutions. “Theoretically ECC is more secure [than 2048-bit RSA] and is equivalent to a 3072-bit RSA certificate.” ECC certificates offer performance benefits, Hoblit said. “ECC will offer faster page-load times on the desktop.” Hoblit said that the ECC certificates option will especially benefit companies that have high server-resource utilization as well as those whose apps run in a shared environment.

Symantec has also improved its Certificate Intelligence Center cloud service. Currently the service is focused on monitoring certificate activity in an environment. By the end of Q1 2013, said Hoblit, Certificate Intelligence Center will include new capabilities for automating processes associated with certificates — for example, the automatic renewal and replacement of expired certificates.

Symantec Secure App Service

Of particular interest to software developers is Symantec Secure App Service, which is now available as a SOAP API, with a full management GUI version coming in summer 2013. The cloud-based code-signing service aims to help companies and web stores better protect applications from being compromised by malware and malicious advertising (“malvertising”).

Hoblit said that Secure App Service is designed to address the flaws in current code-signing methodology. “The way code signing works today, the certificate doesn’t have innate security associated with it and is vulnerable to be lost or stolen by intruders,” said Hoblit. Since many signed applications are time-stamped with the same key, when a malware app is inadvertently signed, it may take days or weeks for its certificate to be revoked once the app is identified.

Hoblit explained that Secure App Service addresses this issue by creating a unique key for each signing event, then generating the signing event itself. This makes it easier to track signed applications and revoke only those that have been compromised. Security managers can limit rights to the secure signing service to selected users.

Visit Symantec’s Website Security Solutions blog for additional information.