Skip to main content
banner image
venafi logo

Venafi CEO: Creating Trust in the Machine

Venafi CEO: Creating Trust in the Machine

May 25, 2017 | Scott Carter

In a recent interview with Computer Business Review, Venafi CEO Jeff Hudson spoke about the growing awareness of machine identities and the need to manage and protect them. As he notes, the number of machines is growing exponentially faster than the number of people who are using them. Yet, organizations still focus the bulk of their identity protection on users and passwords, rather than on the bourgeoning population of machines. This disparity creates a sweet spot for cyber criminals. 

At the risk of stating the obvious, machines represent a much broader attack surface. Predictably, cyber criminals have not overlooked this low hanging fruit. Over half of all network attacks misuse machine identities to hide in encrypted traffic. This is not all that surprising, because access to machine identities provides rich and varied payloads for attackers. Targets range from cash to theft of intellectual property, elevation of privileged access, eaves dropping on confidential communication, insertion of malware, exfiltration of data and cyber espionage.

Given the scope of valuable information that is safeguarded by machine identities, protecting them plays a pivotal role in overall security. According to Hudson, “If you think about the foundation of security, it is really identity, because if you can’t identify something, how can you protect it? You have got to be able to identify it. If I was the police and I was going to protect you out of 10 million people in the London area, I would have to identify you and know how to protect you. It starts with knowing you and who you are.”

How does a machine identify itself before sharing information? Digital certificates and cryptographic keys authenticate the identity of machines before a connection is authorized. However, if that certificate is forged or stolen, then it can be used by cyber criminals to impersonate a valid identity. Attackers can then use compromised keys and certificates to break into private, encrypted tunnels where confidential communications are a necessity. These fake machine identities can also be used to create fraudulent encrypted tunnels on corporate networks to hide malicious traffic.

Given the potential impact of machine identity compromises, you may want to take a closer look at how well managed they are in your organization. Want to know more about machine identities and how they impact your security? See the full article on Computer Business Review.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Scott Carter
Scott Carter

Scott is Senior Manager for Content Marketing at Venafi. With over 20 years in cybersecurity marketing, his expertise leads him to help large organizations understand the risk to machine identities and why they should protect them

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more