Share this article on:
As cyber criminals hunt for new and more sophisticated ways to mount attacks, many are paying close attention to the role played by machine identities. Kevin Bocek from Venafi explores.
In some high-profile security incidents, such as those experienced by SolarWinds and Kaseya, the software supply chain was leveraged as a conduit for attacks due to machine-identity and code-signing mismanagement.
During the past two years, the COVID-19 pandemic has added further complexity to the use of machine identities. A rapid shift to the cloud, remote work practices, increased reliance on internet of things (IoT) devices and mobility have all served to change the enterprise IT landscape.
Unfortunately, however, in many cases security became an afterthought. It’s become clear that robust machine-identity management is now a crucial tool for organisations racing to catch up and protect their corporate assets.
The part played by machine identities
In the modern world, machines control everything from connectivity to data flows. Personal computers, IoT and mobile devices, apps, office equipment, and microservices all have a role in modern corporate environments.
Each machine requires a unique identity to manage and secure connections with other machines and the wider IT infrastructure. These devices are issued a form of digital “ID” through SSL, TLS and code-signing security certificates, authentication tokens, and SSH keys, which then act as their machine identity.
Machine identities are required to facilitate the billions of transactions that occur worldwide every day, from routing to processing financial transactions. It’s this critical role that makes them so appealing to attackers.
It only takes one
Just one mismanaged or unprotected machine identity can cause a widespread security incident. Once an identity has been stolen or tampered with, attackers can obfuscate malicious activity, steal data, conduct surveillance and deploy ransomware.
Unfortunately, this is a risk factor that many businesses do not yet fully understand. Research conducted by Venafi and AIR Worldwide estimates that the worldwide economy faces losses of between US$51 billion and US$72 billion annually due to the poor protection of machine identities.
Popular attack vectors
Cyber criminals are constantly scanning for weaknesses in corporate networks and their underlying machine-identity protocols. While their attack techniques are constantly evolving, the most popular vectors include:
Improving the security of machine identities
For many organisations, the task of effectively managing large numbers of machine identities can be a time-consuming and difficult task. In many cases, organisations do not know how many certificates and keys they have or where these are located.
At a time when the shift to hybrid working has widened potential attack surfaces, overcoming this situation is now vital. Organisations of all sizes need to place a greater emphasis on protecting machine identities to secure their IT networks.
To achieve this, increasing numbers are deploying machine identity management solutions. These solutions can help to protect devices and grant IT teams improved visibility into the systems they are trying to protect, without placing an additional burden on their shoulders.
However, while automation can streamline this process as well as reduce the risk of human error causing a data breach, it alone is not enough. Effective security needs to be introduced at every stage of the software development cycle to reduce the risk of machine identity, certificate and key compromise.
The risks posed by ineffective machine identity management are likely to continue to increase in coming months and years. Taking the steps required overcome this should now be a top priority.
Kevin Bocek is the chief security strategist at Venafi.