Skip to main content
banner image
venafi logo

Identity Wars Episode I: The Phantom Menace

Identity Wars Episode I: The Phantom Menace

HSM security and code signing
July 2, 2020 | Paul Cleary

In the hit saga Star Wars, the series begins with Episode I: The Phantom Menace which introduces viewers to the two sides of the galaxy and sets the stage for the remaining films in the series. The epic battle between the Republic and the Empire, each with their own plans for the galaxy, plays out on a variety of diverse battlefields, employing both overt and covert tactics. In this first Episode, the phantom threat is a behind-the-scenes power struggle driven by greed and opportunity, and really doesn’t start to make itself known until it’s already too late.

In this blog, and in a blog next week by Juan Asenjo, from nCipher, titled “Identity Wars Episode II: The Clone Wars,” we will take a look at some of the challenges organizations face when orchestrating machine identities within their infrastructure, and how proper tools can be used to mitigate the risks associated with those challenges.




Phantom Threats


Today, enterprises across the globe are facing similar threats, which are mostly driven by those same factors—greed and opportunity. Often those threats are phantom in the sense that they are typically hiding just below the surface, pivoting silently throughout an infrastructure, and compromising the security of organization. When the threat is finally detected, the damage has already been done. Data has been exfiltrated. Usernames and passwords have been stolen. Machine identities have been compromised.

Add to this scenario the fact that the overwhelming majority of organizations have had to dramatically speed up their digital transformation to enable workforces to continue collaborating on projects, accessing shared company resources, and preventing interruptions to business processes, all while working remotely. It's a daunting task that requires thorough planning from the beginning to ensure the security of the organization is just as strong, if not stronger than it was pre-pandemic.

Identities, both human and machine, play an extremely critical role inside an organization because identities establish trust. They identify an entity that is requesting access to something. This could be a systems administrator logging into a web server to perform maintenance, perhaps to manually install a renewed TLS certificate. This could be a service account using SSH to access a server in order to scale an application. This could be a developer initiating a build pipeline that will push an update to production. In all these scenarios, a compromised identity is a phantom menace that will continue to wreak havoc until it's either discovered and remediated, or the damage becomes too great to recover from.

Both the attack vectors and the desired outcomes for these threat actors can vary greatly from incident to incident. Sometimes the goal is to locate and steal an SSH key that might be exposed and unprotected. At minimum, the attacker now has an invisible entry point to delve deeper into the organization looking for larger targets. Other times hackers target build servers looking for unprotected code signing certificates. Once obtained, it's possible to use the code signing certificate to embed malware in code and then sign that code with a legitimate certificate. It's easy to imagine the damage that can do, both to a company's financial situation and public reputation.

By adopting industry-standard hardware and enforcing best-practice security policies, it's possible to mitigate against these hidden threats and prevent them from happening in the first place.


Hardware Security Modules provide



  • Greater entropy for cryptographic keys
  • A FIPS 140-2 secure boundary to store cryptographic material, making it exponentially harder to exfiltrate
  • Integrations to products and tooling that enable automating the delivery of machine identities to the devices, services and applications that are secured by them

A robust Machine Identity Management strategy provides:

  • Visibility into an organization's machine identities—things like TLS certificates, SSH keys, code signing certificates, etc. And where those identities are being used?
  • Intelligence about those machine identities. Who is requesting them? Do they adhere to the policy set by the InfoSec team?
  • Automation capabilities gained from native integrations with technology partners can mitigate accidental human errors, provide crypto agility, and are able to scale as the organization grows

In closing, it's important to reiterate that organizations today are under constant attack from these phantom menaces that hide inside encrypted traffic. These hidden threats increasingly target identities because of the inherent trust they provide. As nice as it would be to wave a forceful hand and say "these aren't the identities you're looking for," it's not quite that simple. Organizations must be aware of these threats and have plans in place to identify potential risks and prevent attacks before they begin.

To learn more about how Venafi & nCipher partner to provide greater security to the organization, while protecting against these phantom menaces, click here to download the solution brief.

To find out more about Machine Identity Management, visit

To learn more about Hardware Security Modules, visit



Related posts

Like this blog? We think you will love this.
Featured Blog

Moving PKI to the Cloud: Overcoming 3 Tough Challenges [Axiad and Venafi]

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Paul Cleary
Paul Cleary

Paul is an experienced Solutions Architect with a demonstrated history of working both with technology partners and end users in the data security industry. He currently works to architect Venafi's expanding ecosystem of partners. Protecting machine identities for the Global 5000, his skillset includes Customer Service, Sales, Software Implementation, and Project Planning & Management.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more