In my first blog, I explained the need of visibility for all security professionals. In this analogy, visibility was the cake. But cake alone is a bit dull. As a good French man who loves "patisseries," I know that the flavor of a good cake is enhanced by cream. The cream is the heart of the cake, taking the taste to a new level. This cream is intelligence.
But, before I speak more about the “cream” of intelligence, you will also remember that I talked of the cherry on the cake. And the cherry was the image of the automation that all my customers want to achieve. But the cherry without the cake loses its context. Just as the ‘’French Pâtissier’’ must cook his cake and his cream before putting the cherries on, the security professional will have to get full visibility and apply intelligence before thinking about automation.
How much of your data can you analyze?
Now that I’ve got the cake analogy clarified, it’s time to talk about intelligence, the second step of our journey into the world of Machine Identity Management. The first thing we need to do is to align ourselves around the definition of intelligence in the context of machine identities. I propose this working definition: a set of information which can be processed, analyzed and classified in order to better protect the organization’s machine identities.
In other words, if intelligence lets me know which machine identities are active and using which cryptographic attributes, then I will be equipped to understand what my risks are, what is the level of compliance of my IT systems and where my priorities should be. Once I have answered all of those questions, then—thanks to automation capabilities—I will be able to remediate.
Yes it should be easy if you can take the control of your legacy machine identities and, at the same time, put into place processes to apply your policies for all new request of machine identities. Intelligence starts here, more precisely when you have done your first inventory and collected data about your machine identities. Only after you have conquered visibility.
"We are not always able to see the problem"
I remember one customer saying, ‘’We does have a lot of tools for building inventories but only a small percentage of our data collected are analyzed. For the rest, we remain stupid and blind. If we are not always able to see the problem, it’s very difficult to know how to remediate.’’ He was and still is right.
If you can see the wall and decide not to avoid it, day after day you will continue to bump your head. In cybersecurity, bumps can cost a lot—to the security professional, as well as to the organization and even upper management.
Visibility without intelligence is almost useless. Intelligence without visibility is not possible
So let’s be smart and cook a very smart cream (intelligence) to and create harmony with the cake (visibility).
What type of data will you need to manage and protect your machine identities? Let me share an example based on SSL certificates: An inventory will discover the huge number of certificates that are active on your network. These will include certificates issued by your PKIs, auto signed and shared by your third parties. You will also need usage data, such as how often the same certificate is installed in your IT, where a certificate is being used, and who is responsible for it. In addition, you’ll need access to cryptographic attributes, such as key length, crypto algorithm, issuing Certificate Authority and, of course, the critical expiration date.
"A prodigious quantity of information"
A huge number of certificates will mean a prodigious quantity of information to analyze. And many large organizations have tens, and even hundreds of thousands of certificates in scattered throughout their environments. Intelligence starts with the analysis of this information, with an objective to make that analysis continuous.
Your main interest is to be sure that a certificate that is discovered will be categorized, more or less automatically, and only the exceptions will be manually analyzed, before being placed into a category.
Armed with this information, CISOs will be able to identify their vulnerabilities and non-compliance (with security policies). Based on that knowledge they will design policies for machine identities.
By moving away from a reactive mode (or not reactive at all), the security teams become proactive, having capabilities to analyze trends and engage actions of mitigation or anticipation more than those of remediation. Furthermore, all actions will be done in compliance with the policies set. And with automation, all actions can be done from 1 to N machines simultaneously.
Putting the cream and cake together
By putting intelligence in motion, CISOs and security teams are able to govern and control their strategy for machine identity management across the organization. I would call this putting the cream and the cake together.
When I told a CIO in a few words what you just read, he responded, ‘’Do you know how much effort your dream involves?’’ Of course, I know. And that is why I will talk about the cherries in my next blog on automation.
PS: This CIO became a Venafi customer right after the POC showed him how streamlined the process could be. J In my next blog, I’ll talk more about how the cherry of automation will make your cake the envy of the enterprise.