Malicious code is evolving quickly, and it’s targeting the internal software that many companies simply aren’t doing enough to protect against attacks that leverage unauthorized code. This oversight can leave macros, PowerShell scripts, applications, and containers exposed to tampering and malware attacks. To prevent these types of attacks within your organization, you need to be sure that all code that executes across your organization is authorized to do so.
"Modern software development often brings increasingly complex security threats, with unauthorized code and malicious software emerging as a favored attack vector for cybercriminals today. In fact, 70% of security leaders reported that software supply chain attacks are their biggest security blind spot in a recent Venafi research study. Unauthorized code can introduce significant security risk into any organization, with major business implications,” warned Shivajee Samdarshi, chief product officer at Venafi.
To help organizations neutralize the impact of malicious code executing in their environments, Venafi today announced an industry-first solution to reduce the attack surface and harden enterprise security by stopping unauthorized code. The new offering, called the Stop Unauthorized Code Solution, is uniquely designed to help security teams proactively prevent unauthorized code across any operating environment.
Combining the power of Venafi’s CodeSign Protect product with the ongoing CodeGuard Service, the end-to-end solution enables organizations to prevent potential malware and cyber-attacks, and minimize security breaches through improved application control.
The solution helps organizations maintain rigorous control over code execution by verifying trusted signers and enforcing strict code execution policies, ensuring the protection of data and systems. This process is crucial because if intrusion detection systems can’t spot hidden malicious code, your company might be at a higher risk of malware attacks, zero-day exploits and the like. “Venafi’s industry-first Stop Unauthorized Code Solution helps security teams tackle this growing challenge by stopping unauthorized code in its tracks—and effectively hardens systems and networks,” notes Samdarshi.
Stop unauthorized code: Strategies to secure your software supply chain
The integrated, end-to-end solution enables security teams to maintain their code signing trust chain across all environments—from modern, cloud native environments such as Kubernetes to more traditional environments such as Windows and Linux, as well as Apple and Android setups. It maintains strict control over code execution by verifying that software originates from an approved source and has not been altered. Coupled with stringent execution policy controls, the solution permits only authorized code to run and blocks any unauthorized code throughout the enterprise.
Venafi’s Stop Unauthorized Code Solution features:
- Secure Code Signing Process. Security teams can automate and secure the entire code signing lifecycle while also reducing the burden on development teams. Code is signed using private digital certificates or those issued by trusted Certificate Authorities.
- Dynamic Certificate-Based Application Control. A dynamic, certificate-based approach to application control minimizes the burden on security teams while improving compliance and security. Teams have ultimate flexibility to maintain this list through their operating system or existing security solutions—such as endpoint protection platforms—which have built-in capabilities to manage certificate-based allowlists.
- Certificate Verification. Before code can execute, the organization’s security solution is configured to check the digital signature against trusted code signing certificates. The integrated solution allows only valid signatures associated with trusted certificates, which indicate authentic and unaltered software.
- Execution Policy Control. To prevent unauthorized software from running, the solution blocks code if it does not use valid, trusted code signing certificates or if it is not on the list of approved certificates.
- Ongoing Tailored Support and Guidance. Comprehensive, ongoing support and guidance from Venafi’s trusted team of security experts helps customers tailor the solution to specifically meet their organization’s needs. This includes configuring and optimizing third-party technology integrations with an organization’s existing security vendors and workflows.
"As part of Ferguson's ongoing efforts to build and improve our DevSecOps tools and automation, we are beginning an initiative with Venafi to partner on integration of its Stop Unauthorized Code Solution for its end-to-end capabilities for Kubernetes container signing, signature verification, policy configuration and enforcement, and runtime verification to prevent the execution of unsigned or tampered images," said Shawn Irving, CISO and VP of infrastructure & security at Ferguson. "As a long-time customer of Venafi for TLS Protect and SSH Protect at multiple companies, I am confident that this addition to our portfolio of security capabilities will complement our existing investments and help us to leap forward in combating software supply chain threats with continued machine identity management."
Protecting your organization’s software supply chain has never been more critical. Cybersecurity Ventures predicts that the global cost of software supply chain attacks to businesses will reach nearly $138 billion by 2031.
The Venafi Stop Unauthorized Code Solution empowers organizations with a comprehensive approach to code execution security that is designed to reduce risks and enhance compliance. Find out how you can get enterprise-wide visibility into your code signing operations and start building the foundation you need to stop unauthorized code from running across any environment by visiting https://venafi.com/stop-unauthorized-code/.
