Venafi stories

There is a glaring disconnect between executive concern and executive action when it comes to guarding against SolarWinds-style supply chain attacks.>>

IT security professionals and developers aren’t completely confident in their ability to defend against another SolarWinds/Codecov-style supply chain attack.>>

While CIOs say they are concerned about the security risks SSH machine identities pose, Venafi data indicates they seriously underestimate the scope of these risks. >>

Venafi, the provider of machine identity management, finds that malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.>>

"Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect.">>

Despite the prolific usage of TLS certificates within organisations, many CIOs aren't concerned about security risks associated with TLS machine identities.>>

"Our team is thrilled to join Venafi so we can accelerate our plans to bring machine identity protection to the cloud native stack, grow the community and contribute to a wider range of projects across the ecosystem.” >>

“Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.”>>

Organisations worldwide could recover a collective total of between US$51 billion to as much as US$72 billion just by repairing their poorly protected machine identities.>>

Only 10% of organisations believe they have complete and accurate intelligence over all SSH machine identities.>>

Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.>>

These mistakes increase security risks and negatively impact the reliability and availability of business-critical network resources, Venafi has found. >>

Less than half of DevOps professionals believe developers always request certificates that serve as machine identities through authorised channels.>>

The total number of certificates using lookalike domains is more than 400% greater than the number of authentic retail domains.>>

The integration allows network operations to orchestrate the lifecycle of SSL/TLS certificates and ensure security policies are enforced across devices.>>

Governments that flout encryption best practice and mandate the inclusion of backdoors into technology are putting their entire countries at risk, according to security professionals.>>

Eliminating certificate-related outages within complex, multi-tiered architectures can feel like an impossible effort.>>

Machine identity protection solution secures code signing across organisations and guards against unauthorised use.>>

“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system.">>

Certificate-related outages harm the reliability and availability of vital network systems and services while also being difficult to diagnose and remediate. >>

'This is not rocket science; backdoors inevitably create vulnerabilities that can be exploited by malicious actors.">>

Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.>>

These services deliver machine-identities-as-a-service to cybercriminals who wish to spoof websites, eavesdrop on encrypted traffic, perform man-in-the-middle attacks and steal sensitive data.>>

Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems. >>