Blog

(ISC)² and Venafi Explore The Strange New World of Machine Identity Management

Sep 12, 2022

Earlier this year, (ISC)² hosted a webinar about a new kind of challenge facing cybersecurity: machine identity management. Although this security component has only received sizable attention over the last couple of years, Gartner ranked it among the top eight security trends for 2021 .

In the webinar, Kevin Bocek, Vice-President of Security Strategy & Threat Intelligence for Venafi, discussed the problems that arise when machine identities fail, infamous machine identity attacks and the protective measures organizations can take.

Machine identities – TLS, SSH, and code signing keys and certificates – control encryption, authentication, and code execution for software-based machines such as:

  • Load balancers and application servers
  • Open-source software
  • Microservices
  • Service meshes
  • Kubernetes
  • Cloud-to-cloud integrations
  • API to API integrations
  • Distributed ledger technology
  • Smart contracts

Machine Identity Management

 

 

 

 

 

 

 

 

 

 

 

 

However, thousands of these machines can be created in a matter of seconds. Consequently, many of them are “unknown” (that is, unreported and untracked).

The expiration of even a single unknown machine identity can cause costly, debilitating outages. Such an incident occurred in California at the height of the pandemic. The expiration of a single certificate prevented the state from transmitting COVID-19 data for almost a week. As a result, tens of thousands of positive cases weren’t reported to local health authorities and infected people weren’t notified, hampering efforts to stop the spread.

In addition to causing outages, unknown machine identities serve as prime attack vectors for cybercriminals. One of the most significant attacks in recent years, the 2017 Equifax breach was the result of hundreds of TLS certificates not being updated in threat protection systems. The attackers used encrypted “tunnels” created by those unaccounted-for machine identities to remain hidden for over two months while they leveraged the exploit they’d found.

Online perpetrators are also turning tools that were designed to provide online protection into means of attack. For example, the nonprofit Let’s Encrypt strives to help organizations by giving away free TLS certificates. However, cybercriminals now use those digital certificates to create fully trusted phishing sites. They also subvert techniques like code signing to attack software supply chains and use SSH keys to create backdoors.

Security professionals can gain insights into cybercriminals’ tactics by accessing Venafi’s machine identity threat model . In addition, ensuring that machine identities are updated in threat protection systems, next generation firewalls, etc. will reduce the possibility of undetected attacks (once Equifax updated the information in its threat protection system, the cyber criminals became visible).

Another important security concern is the tendency of development teams and ops teams to work with (and even obtain) machine identities in disparate ways. Those dissimilar approaches increase the risk of unknown identities and the issues previously mentioned. As Erik Wahlstrom, a senior research director at Gartner, states, “Organizations need an enterprise-wide strategy for managing their machine identities in their hybrid and multi-cloud environment.”

Given the explosive growth in the use of machine identities, effective management will require an automation tool (such as Venafi’s). Whatever the resources and tactics used, security teams’ main objective should be to help developers work quickly but safely.

If you are interested in attending live webinars or viewing the latest recordings of more like this one, be sure to subscribe to (ISC)² Security Briefings on BrightTALK.