The Importance of Maintaining Effective Machine Identity Security

GUEST TIP: As cybercriminals search for new, more sophisticated ways to mount attacks, many are paying close attention to the role played by machine identities.

In some high-profile security incidents, such as those experienced by SolarWinds and Kaseya, the software supply chain has been used as an attack vector due to poor management of machine identity and device signing. coded.

Over the past two years, the COVID-19 pandemic has made working with machine identities even more complex. The rapid move to the cloud, remote working practices, increased reliance on Internet of Things (IoT) devices, and mobility have all contributed to changing the enterprise IT landscape.

Unfortunately, however, in many cases security has become an afterthought. It has become clear that robust machine identity management is now a crucial tool for companies looking to catch up and protect their assets.

The role played by machine identities

In the modern world, machines control everything from connectivity to data flows. Personal computers, IoT and mobile devices, applications, desktop equipment, and microservices all have a role to play in modern enterprise environments.

Each machine requires a unique identity to manage and secure connections with other machines and the wider IT infrastructure. These devices receive a form of digital “ID” via SSL, TLS, and code-signing security certificates, authentication tokens, and SSH keys, which then act as their machine identity.

Machine identities are needed to facilitate the billions of transactions that occur around the world every day, from routing to processing financial transactions. It is this essential role that makes them so attractive to attackers.

It only takes one

A single mismanaged or unprotected machine identity can cause a widespread security incident. Once an identity has been stolen or tampered with, attackers can conceal malicious activity, steal data, conduct surveillance, and deploy ransomware.

Unfortunately, this is a risk factor that many companies do not yet fully understand. Research by Venafi and AIR Worldwide estimates that the global economy faces annual losses of between US$51 billion and US$72 billion due to poor machine identity protection.

Popular attack vectors

Cybercriminals are constantly looking for weaknesses in corporate networks and their underlying machine identity protocols. While their attack techniques are constantly evolving, the most popular vectors include:

Compromising key security certificates: Stolen or scammed certificates can be used to make websites or activities appear legitimate. Expired certificates can also be exploited to spy on communication or interfere in transactions.

Exploitation of inadequate safeguards: Although essential for verifying the authenticity and integrity of software code, signing certificates can also be leveraged for signing malware. The SolarWinds breach is an example. The attackers were able to infiltrate the software vendor’s network and exploit a lack of code signing and verification policies to deploy a malicious Orion update containing the Sunburst backdoor. The malware was delivered to approximately 18,000 customers.

Abuse of SSH keys: SSH keys are used to access encrypted and secure channels and establish trust. However, if these keys are abandoned, forgotten, unaudited, or acquired through Dark Web transactions, it can expose company assets and accounts to hacking. Many commodity malware strains now contain the ability to abuse SSH keys.

Improve machine identity security

For many organizations, the task of efficiently managing a large number of machine identities can be a time-consuming and difficult task. In many cases, organizations don’t know how many certificates and keys they have or where they are.

At a time when the shift to hybrid working has widened potential attack surfaces, overcoming this situation is now vital. Organizations of all sizes need to put more emphasis on protecting machine identities to secure their IT networks.

To achieve this, more and more of them are deploying machine identity management solutions. These solutions can help protect devices and give IT teams better visibility into the systems they are trying to protect, without placing an additional burden on their shoulders.

However, while automation can streamline this process and reduce the risk of human error leading to a data breach, it alone is not enough. Effective security should be introduced at every stage of the software development lifecycle to reduce the risk of compromised machine identity, certificate, and key.

The risks posed by ineffective machine identity management are expected to continue to increase in the months and years to come. Taking the necessary steps to overcome this should now be a top priority.

Comments are closed.