Skip to main content
banner image
venafi logo

Protecting the Software Supply Chain Against Next-Gen Attacks

Protecting the Software Supply Chain Against Next-Gen Attacks

protect-software-supply-chain-from-next-gen-attacks
October 13, 2021 | Eddie Glenn
Significant advances in the 21.3 release of Venafi Trust Protection Platform for Protecting Machine Identities

It seems that with every passing week, a new software supply chain attack is announced. Everyone gets hurt by these attacks: the producers of the software that was breached where reputation, customer trust, stock price, market share is often impacted or the consumers of the infected software where sensitive company data or customer information is siphoned off and misused.

By now, we’ve all heard about the attacks at SolarWinds, Codecov, and Kaseya. According to VentureBeat, software supply chain attacks have increased by 650% in the past year. The European Union Agency for Cybersecurity (ENISA) has concluded that strong security protection is no longer enough and that more action is needed. ENISA expects that these types of attacks are just going to get worse and are going to involve more types of machine identities.

For example, earlier this year in an incident dubbed Facefish Secure Shell (SSH) machine identities and user keys were leveraged to inject malicious code into Linux systems that injected malicious code to hijack SSH servers to install a backdoor to steal sensitive information and other SSH keys. This is especially concerning since SSH keys play a critical role in providing the highest level of privileged access to a machine.

Another concerning SSH-related attack in the past year occurred in SaltStack. Again, this shows that attackers are targeting SSH keys. Why? Traditional SSH keys are like master keys to the mansion. Once generated, they do not expire, and they provide the highest level of privileged access between machines.
 

SolarWinds: Anatomy of a Supersonic Supply Chain Attack. Read the white paper.
Venafi Trust Protect Platform Helps Protect Against Next-Gen Attacks

In Venafi’s latest release of its Trust Protection Platform, new capabilities have been added to help our customers address these next-gen type of attacks. For those unfamiliar with the Venafi Trust Protection Platform, it provides machine identity management for TLS/SSL certificates, SSH certificates and keys, code signing certificates and keys, and end user device certificates.

While there are too numerous of new capabilities to mention in this blog, I will mention the following:

  • Safer SSH usage & easier policy enforcement. Organizations need to reduce the management complexity of their SSH access. This includes simplified on- and off-boarding process of users and servers and less complex enforcement of policies. They also want to improve the security of their SSH access by ensuring that the SSH credentials that they have are used only for the purpose that were initially created. Customers are also beginning to get recommendations to move toward an SSH strategy that includes SSH certificates. Organizations can now use Venafi SSH Protect to issue SSH certificates for client and host authentication. The certificates are signed by the built-in certificate authority. InfoSec teams can create multiple certificate authorities and define specific issuance restrictions. To achieve perfect isolation between the different environments or groups of servers, teams can use individual certificate authorities for each of the. Consumers can request and retrieve SSH certificates via REST API which simplifies the integration with a variety of solutions and tools.
  • Quickly identify risks associated with code signing across the enterprise. When an InfoSec team is monitoring code signing activities across an entire enterprise, they may be dealing with millions of code signing operations, on hundreds of projects spread across dozens of geographically dispersed development teams. A new dashboard helps InfoSec as well as development team owners and managers spot unusual activity in code signing such as frequency and usage of specific keys/certificates. In addition, administrators are now able to create custom tags/attributes for code signing projects, keys, and certificates to enable them to more easily identify things like: which keys are associated with this business unit, which certificates should be charged to this cost center, etc.
  • Token authentication for Adaptable Framework scripts. One of the strengths of the Venafi Trust Protection Platform is its extendibility using its powerful REST API. This enables customers and partners alike to integrate their solutions to the Trust Protection Platform. Venafi encourages all who use our APIs to transition from using API keys for authentication to token authentication. Leveraging token authentication instead of API keys reduces risk of password compromise and can also limit access within the Venafi Platform to what users and applications have access. Developers will be able to implement scripts easier and transition to the more secure token authentication.

If you are a current Venafi customer, please check your Inbox for an email that provides more details on all of the new features that this latest release has to offer as well as a registration link to a customer-only webinar where we’ll discuss these features in detail. For a detailed list of changes in this release, customers may visit here.

If you’re not currently a Venafi customer and want to find out more about our award-winning machine identity management platform, Venafi Trust Protection Platform, click here.
 

Related Posts             

Like this blog? We think you will love this.
what-is-identity-based-zero-trust
Featured Blog

What Is Identity-Based Zero Trust?

What is identity-based Zero Trust?  In a business environment where applications a

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS MIM For Dummies
eBook

TLS Machine Identity Management for Dummies

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Eddie Glenn
Eddie Glenn

Eddie is the Product Marketing Manager over Code Signing at Venafi. A product marketing professional in SaaS, Enterprise, and Embedded Software, he has a strong technical background and experience with inbound and outbound marketing, business and marketing strategy, and marketing operations.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more