New Industry-First Solution Reduces Attack Surface and Hardens Enterprise Security by Preventing Malicious Code
SALT LAKE CITY – January 24, 2024 – Venafi, the inventor of machine identity management, today introduced its new Stop Unauthorized Code Solution, uniquely designed to help security teams proactively prevent unauthorized code across any operating environment. By leveraging the combined power of Venafi’s CodeSign Protect product, trusted team of security experts and expansive technology ecosystem, the end-to-end solution enables organizations to significantly reduce their attack surface, prevent potential malware and cyber attacks, and minimize security breaches through improved application control.
"Modern software development often brings increasingly complex security threats, with unauthorized code and malicious software emerging as a favored attack vector for cybercriminals today. In fact, in a recent Venafi research study, 70% of security leaders reported that software supply chain attacks are their biggest security blind spot," said Shivajee Samdarshi, chief product officer at Venafi. “Unauthorized code can introduce significant security risk into any organization, with major business implications. Venafi’s industry-first Stop Unauthorized Code Solution helps security teams tackle this growing challenge by stopping unauthorized code in its tracks, effectively hardening systems and networks.”
The integrated, end-to-end solution enables security teams and administrators to maintain their code signing trust chain across all environments – from modern, cloud native environments such as Kubernetes to environments such as Windows, Linux, Apple and Android. It gives teams strict control over code use and execution by verifying that software originates from an approved source and has not been altered. Coupled with stringent execution policy controls, the solution permits only authorized code to run and blocks any unauthorized code throughout the enterprise.
Venafi’s Stop Unauthorized Code Solution features:
- Secure Code Signing Process – Security teams can automate and secure the entire code signing lifecycle while also reducing the burden on development teams. Code is signed using private digital certificates or those issued by trusted Certificate Authorities.
- Dynamic Certificate-Based Application Control – A dynamic, certificate-based approach to application control minimizes the burden on security teams while improving compliance and security. Teams have ultimate flexibility to maintain this list through their operating system or existing security solutions – such as endpoint protection platforms or intrusion prevention systems – which have built-in capabilities to manage certificate-based allowlists.
- Certificate Verification – Before code can execute, the organization’s security solution is configured to check the digital signature against trusted code signing certificates. The integrated solution permits only authentic and unaltered software to be executed.
- Unauthorized Code Blocking – To prevent unauthorized software from running, the solution blocks code if it does not use valid, trusted code signing certificates or if it is not on the list of approved certificates.
- Optimization and Integration Services – Comprehensive, ongoing support and guidance from Venafi’s trusted team of security experts helps customers tailor the solution to specifically meet their organization’s needs. This includes configuring and optimizing third-party technology integrations with an organization’s existing security vendors and workflows.
"As part of Ferguson's ongoing efforts to build and improve our DevSecOps tools and automation, we are beginning an initiative with Venafi to partner on integration of its Stop Unauthorized Code Solution for its end-to-end capabilities for Kubernetes container signing, signature verification, policy configuration and enforcement, and runtime verification to prevent the execution of unsigned or tampered images," said Shawn Irving, CISO and VP of infrastructure & security at Ferguson. "As a long-time customer of Venafi for TLS Protect and SSH Protect at multiple companies, I am confident that this addition to our portfolio of security capabilities will complement our existing investments and help us to leap forward in combating software supply chain threats with continued machine identity management."
The new Venafi Stop Unauthorized Code Solution is available today. To learn more, please visit https://venafi.com/stop-unauthorized-code/ or register for the “Stop Unauthorized Code: Strategies to Secure your Software Supply Chain” webinar on February 13, 2024 at 9:00 a.m. PST at https://venafi.com/webinars/stop-unauthorized-code-strategies-to-secure-your-software-supply-chain/.
Venafi is the cybersecurity market leader in machine identity management. From the ground to the cloud, Venafi solutions manage and protect identities for all types of machines—from physical and IoT devices to software applications, APIs and containers. Venafi provides global visibility, lifecycle automation and actionable intelligence for all machine identity types and the security and reliability risks associated with them.
With more than 30 patents, Venafi delivers innovative machine identity management solutions for the world's most demanding, security-conscious organizations and government agencies, including the top five U.S. health insurers, top five U.S. airlines, top four payment card issuers and top four U.S. banks. As a leading provider of open source machine identity management solutions, Venafi is the creator of the open source cert-manager project, which is downloaded more than 1.5 million times a day. For more information, visit venafi.com.