Venafi news stories

The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.

Digital transformation is driving an average of 42% annual growth in the number of machine identities, according to a new study from Venafi.

New research has found extortion continues even if a ransom is paid, while CISOs are under increasing pressure.

"Unfortunately, our research shows that while most organisations are extremely concerned about ransomware, they also have a false sense of security about their ability to prevent these devastating attacks."

There is a glaring disconnect between executive concern and executive action when it comes to guarding against SolarWinds-style supply chain attacks.

IT security professionals and developers aren’t completely confident in their ability to defend against another SolarWinds/Codecov-style supply chain attack.

While CIOs say they are concerned about the security risks SSH machine identities pose, Venafi data indicates they seriously underestimate the scope of these risks. 

Venafi, the provider of machine identity management, finds that malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.

"Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect."

Despite the prolific usage of TLS certificates within organisations, many CIOs aren't concerned about security risks associated with TLS machine identities.

"Our team is thrilled to join Venafi so we can accelerate our plans to bring machine identity protection to the cloud native stack, grow the community and contribute to a wider range of projects across the ecosystem.”

“Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.”

Organisations worldwide could recover a collective total of between US$51 billion to as much as US$72 billion just by repairing their poorly protected machine identities.

Only 10% of organisations believe they have complete and accurate intelligence over all SSH machine identities.

Venafi has released the findings of its latest survey, revealing 75% of DevOps professionals say certificate issuance policies slow them down.

These mistakes increase security risks and negatively impact the reliability and availability of business-critical network resources, Venafi has found.

Less than half of DevOps professionals believe developers always request certificates that serve as machine identities through authorised channels.

The total number of certificates using lookalike domains is more than 400% greater than the number of authentic retail domains.

The integration allows network operations to orchestrate the lifecycle of SSL/TLS certificates and ensure security policies are enforced across devices.

Governments that flout encryption best practice and mandate the inclusion of backdoors into technology are putting their entire countries at risk, according to security professionals.

Eliminating certificate-related outages within complex, multi-tiered architectures can feel like an impossible effort.

Machine identity protection solution secures code signing across organisations and guards against unauthorised use.

“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."

Certificate-related outages harm the reliability and availability of vital network systems and services while also being difficult to diagnose and remediate.