Skip to main content
banner image
venafi logo

Next Gen Code Signing Takes Machine Identity Protection to the Next Level

Next Gen Code Signing Takes Machine Identity Protection to the Next Level

Next Gen Code Signing Venafi digital thumbprint
July 23, 2019 | Eva Hanscom

For decades, code signing has been used to verify the integrity of software.
 

Nearly every organization relies on it to confirm their code is authentic and has not been corrupted with malware. As the scope of development accelerates, modern organizations often struggle to secure and protect code signing operations. Unfortunately, bad actors are eager to take advantage of this lack of protection.

 

In April, security researchers uncovered Scranos, rootkit malware that was signed with a stolen certificate. A month later, Chronicle Security published a detailed report on how abused code signing certificates were used to upload malware to VirusTool. Sadly, these incidents are not unique, from PortSmash to ShadowHammer. Cyber criminals understand the value that falsified legitimacy code signing can bring to their campaigns.

 

How can you protect your organization’s code signing process? Read the datasheet.
 

“Today, every organization is a software developer building apps, libraries, containers and other tools,” said Kevin Bocek, vice president of security strategy and threat intelligence for Venafi. “However, it can be very difficult to scale code signing operations. The security procedures that protect code signing are typically seen as cumbersome, and developers often ignore them.”


 

"Bad actors understand the power of code signing"
 

“This leaves security teams in the dark and it’s very advantageous for bad actors because they understand the power and value of code signing,” Kevin continued. “From Stuxnet to everyday malware and phishing campaigns, attacks that leverage code signing evade next-generation AV detection. Stolen code signing keys are powerful cyber weapons that put companies and their customers at risk.”

 

In order to address these issues, Venafi recently debuted Next-Gen Code Signing, a machine identity protection solution that secures code signing processes by delivering enterprise wide visibility into all code signing operations. Next-Gen Code Signing provides centralized private key storage, code signing policy enforcement, and automation while reducing code signing burden on software development teams.

 

Key benefits of Next-Gen Code Signing include:
 

  • Scalability that can support a few developers in one location to tens of thousands of developers distributed globally, and millions of code signing operations a week.
     
  • Automation and support for a broad range of software development processes; development teams do not need to change tools.
     
  • A central, permanent storage location for private keys so they remain protected.
     
  • Flexible, customizable policy enforcement that supports the needs of multiple software projects, including the approval of workflows, certificate types, certificate authorities, HSMs and software development tool sets.
     
  • Allows security teams to provide a code signing service that enforces policies and is transparent to developers.
     

In addition to securing enterprise code signing processes, Next-Gen Code Signing automates the management of all code signing private keys. Private code signing keys never leave the trusted Venafi storage platform or connected hardware security modules (HSMs). This new solution provides information security teams with comprehensive visibility and detailed intelligence about all aspects of code signing operations, including who signed the code and with which certificate, as well as who approved the request and when each action occurred. Using the intelligence gathered from code signing processes, Next-Gen Code Signing delivers compliance and audit reporting across all code signing activities.

 

"Next-Gen Code Signing automates the management of all code signing private keys"

 

“Next-Gen Code Signing lets software developers use the same code signing tools and does not require changes to their build environments” Bocek concludes. “It provides an invisible layer of technology that keeps code signing keys safe and out of the hands of attackers. Venafi Next-Gen Code Signing gives security teams and developers an exciting way to be both fast and safe.”

 

Learn more about machine identity protection. Explore now.

 

Related posts

 

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

lawyer reading from legal books on a desk, with a scale in the foreground

Do We Trust Governments to Effectively Regulate Privacy? [Ask Security Professionals]

hands reaching out of laptop screen holding ballot box, another person's hand casting a vote
Encryption

Will Encryption Backdoors Hurt Election Infrastructure? Security Professionals Say Yes.

Man standing in front of a cyber-secured world.

What If You Could Guarantee Eliminating Outages in Your Organization?

About the author

Eva Hanscom
Eva Hanscom

Eva is Public Relations Manager at Venafi. She is passionate about educating the global marketplace about infosec and machine-identity issues, and in 2018 grew Venafi's global coverage by 45%.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat