• Latest
  • Trending
How to get ahead of machine identity threats

How to get ahead of machine identity threats

January 3, 2022
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 23 May, 2025
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

How to get ahead of machine identity threats

by ITECHNEWS
January 3, 2022
in Leading Stories, Tech
0 0
0
How to get ahead of machine identity threats

YOU MAY ALSO LIKE

ATC Ghana supports Girls-In-ICT Program

Vice President Dr. Bawumia inaugurates ICT Hub

Kevin Bocek, VP security strategy and threat intelligence at Venafi speaks about mitigating cyberattacks and securing your organisation

With threats across the board rising rapidly security teams are having to fight more fires than ever before, breaches have increased by 11% since 2018, and 67% since 2014. Cybercrime is also predicted to costs the global economy $10.5 trillion USD annually. So, it’s no wonder that infosec teams often struggle to get ahead of threats and end up focused purely on just putting out imminent fires.

To make the problem even more complex our global reliance on software is growing rapidly. Many businesses are now undertaking digital transformation initiatives to prioritise speed. Each one of these digital connections is a machine, which often collect data, share information with other machines, and make autonomous decisions based on the situation they find themselves. And every one of these machine connections requires a machine identity to secure its communications – whether they are systems, applications, APIs or cloud native. On average each organisation now has twice as many machine identities as they did just 24 months ago. Yet, infosec teams have not applied the same digital transformation strategies as the rest of their businesses, to the management of these machine identities.

 

Hackers know where the weak spots are

Cybercriminals have become savvy to the gaps in many organisations machine identity strategies. As a result, we have seen a string of attacks taking advantage of poor machine identity management and protection. In the past year alone, we have seen a range of attacks leveraging machine identities. The malware dubbed Hildegard utilised SSH machine identities attack Kubernetes clusters and launch a crypto miner, the attack on SolarWinds bypassed code signing machine identities to deploy malicious code, while the attack on MonPass’s web server used TLS/SSL machine identities to evade detection.

Malicious actors often use machine identities to make them appear legitimate and circumvent security controls. Stolen machine identities can give a hacker privileged access to critical systems, so they can move laterally through the network and stay hidden for extended periods of time. These attacks are also becoming more sophisticated as techniques trickle down from nation state groups to the everyday cybercrime gang. Further, most (79%) of enterprises have had an identify-related breach within just two years, and only 35% of enterprise IT teams and security leaders are confident they have prevent data breaches relating to machine identities.

 

How can your organisation fight back?

Organisations must act now to mitigate the risks of machine identity attacks. Otherwise, weak machine identities will continue to let hackers wreak havoc. Enterprises need to improve their practices across three keys areas: visibility, intelligence and automation.

Visibility: To ensure all policies are enforced efficiently there must be a complete inventory of machine identities. This is so security teams can be confident they have the visibility into their network and processes in place to respond quickly to security threats.

Intelligence: Having comprehensive and actionable intelligence across the entire machine identity lifecycle that includes certificate enrolment, installation, renewal, and revocation will help enterprises protect and secure authorised, encrypted communications between machines. This level of machine identity intelligence will enable much of the cost associated with managing the certificates in the machine landscape to be avoided.

Automation: By automating machine identity management, it reduces the pressure on the security team, as well as errors and mistakes that can result from oversights, such as forgetting to perform activities. Automation lets the security team orchestrate a set of rapid actions that can be focused on a single machine identity or an entire group of identities at machine speed. It also minimises the overhead of manually switching certificate authorities (CAs) and replacing vulnerable machine identities.

By combining these three elements it enables organisations secure the entire machine identity lifecycle. This includes enforcing strong certificate security policies, streamlining and expediting remediation, validating that machine identities are properly installed and working correctly, and continuously monitoring the strength and security of certificates. Machine identity management should also be made more visible and easier for everyone across the enterprise to understand. Security is not one person or team’s job, but everyone’s job.

Source: KEVIN BOCEK
Via: VP security strategy and threat intelligence
Tags: MaliciousSecurityThreats
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version