In a recent interview with Computer Business Review, Venafi CEO Jeff Hudson spoke about the growing awareness of machine identities and the need to manage and protect them. As he notes, the number of machines is growing exponentially faster than the number of people who are using them. Yet, organizations still focus the bulk of their identity protection on users and passwords, rather than on the bourgeoning population of machines. This disparity creates a sweet spot for cyber criminals.
At the risk of stating the obvious, machines represent a much broader attack surface. Predictably, cyber criminals have not overlooked this low hanging fruit. Over half of all network attacks misuse machine identities to hide in encrypted traffic. This is not all that surprising, because access to machine identities provides rich and varied payloads for attackers. Targets range from cash to theft of intellectual property, elevation of privileged access, eaves dropping on confidential communication, insertion of malware, exfiltration of data and cyber espionage.
Given the scope of valuable information that is safeguarded by machine identities, protecting them plays a pivotal role in overall security. According to Hudson, “If you think about the foundation of security, it is really identity, because if you can’t identify something, how can you protect it? You have got to be able to identify it. If I was the police and I was going to protect you out of 10 million people in the London area, I would have to identify you and know how to protect you. It starts with knowing you and who you are.”
How does a machine identify itself before sharing information? Digital certificates and cryptographic keys authenticate the identity of machines before a connection is authorized. However, if that certificate is forged or stolen, then it can be used by cyber criminals to impersonate a valid identity. Attackers can then use compromised keys and certificates to break into private, encrypted tunnels where confidential communications are a necessity. These fake machine identities can also be used to create fraudulent encrypted tunnels on corporate networks to hide malicious traffic.
Given the potential impact of machine identity compromises, you may want to take a closer look at how well managed they are in your organization. Want to know more about machine identities and how they impact your security? See the full article on Computer Business Review.