Skip to main content
banner image
venafi logo

Why Machine Identity Intelligence Is the Cream on the Cake

Why Machine Identity Intelligence Is the Cream on the Cake

machine identity intelligence
January 28, 2020 | Stephane Dorchin


In my first blog, I explained the need of visibility for all security professionals. In this analogy, visibility was the cake. But cake alone is a bit dull. As a good French man who loves "patisseries," I know that the flavor of a good cake is enhanced by cream. The cream is the heart of the cake, taking the taste to a new level. This cream is intelligence.
 

But, before I speak more about the “cream” of intelligence, you will also remember that I talked of the cherry on the cake. And the cherry was the image of the automation that all my customers want to achieve. But the cherry without the cake loses its context. Just as the ‘’French Pâtissier’’ must cook his cake and his cream before putting the cherries on, the security professional will have to get full visibility and apply intelligence before thinking about automation.
 

How Much of Your Data Can You Analyze?

Now that I’ve got the cake analogy clarified, it’s time to talk about intelligence, the second step of our journey into the world of Machine Identity Management. The first thing we need to do is to align ourselves around the definition of intelligence in the context of machine identities. I propose this working definition: a set of information which can be processed, analyzed and classified in order to better protect the organization’s machine identities. 



In other words, if intelligence lets me know which machine identities are active and using which cryptographic attributes, then I will be equipped to understand what my risks are, what is the level of compliance of my IT systems and where my priorities should be. Once I have answered all of those questions, then—thanks to automation capabilities—I will be able to remediate.
 

Easy?
 

Yes it should be easy if you can take the control of your legacy machine identities and, at the same time, put into place processes to apply your policies for all new request of machine identities. Intelligence starts here, more precisely when you have done your first inventory and collected data about your machine identities. Only after you have conquered visibility.


"We are not always able to see the problem"

I remember one customer saying, ‘’We does have a lot of tools for building inventories but only a small percentage of our data collected are analyzed. For the rest, we remain stupid and blind. If we are not always able to see the problem, it’s very difficult to know how to remediate.’’ He was and still is right.
 

If you can see the wall and decide not to avoid it, day after day you will continue to bump your head. In cybersecurity, bumps can cost a lot—to the security professional, as well as to the organization and even upper management.
 

Visibility without intelligence is almost useless. Intelligence without visibility is not possible
 

So let’s be smart and cook a very smart cream (intelligence) to and create harmony with the cake (visibility).
 

What type of data will you need to manage and protect your machine identities? Let me share an example based on SSL certificates: An inventory will discover the huge number of certificates that are active on your network. These will include certificates issued by your PKIs, auto signed and shared by your third parties. You will also need usage data, such as how often the same certificate is installed in your IT, where a certificate is being used, and who is responsible for it. In addition, you’ll need access to cryptographic attributes, such as key length, crypto algorithm, issuing Certificate Authority and, of course, the critical expiration date.


"A prodigious quantity of information"

A huge number of certificates will mean a prodigious quantity of information to analyze. And many large organizations have tens, and even hundreds of thousands of certificates in scattered throughout their environments. Intelligence starts with the analysis of this information, with an objective to make that analysis continuous.  
 

Your main interest is to be sure that a certificate that is discovered will be categorized, more or less automatically, and only the exceptions will be manually analyzed, before being placed into a category. 
 

Armed with this information, CISOs will be able to identify their vulnerabilities and non-compliance (with security policies). Based on that knowledge they will design policies for machine identities.
 

By moving away from a reactive mode (or not reactive at all), the security teams become proactive, having capabilities to analyze trends and engage actions of mitigation or anticipation more than those of remediation. Furthermore, all actions will be done in compliance with the policies set. And with automation, all actions can be done from 1 to N machines simultaneously.


Putting the Cream and Cake Together


By putting intelligence in motion, CISOs and security teams are able to govern and control their strategy for machine identity management across the organization. I would call this putting the cream and the cake together.
 

When I told a CIO in a few words what you just read, he responded, ‘’Do you know how much effort your dream involves?’’ Of course, I know. And that is why I will talk about the cherries in my next blog on automation.
 

PS: This CIO became a Venafi customer right after the POC showed him how streamlined the process could be. J In my next blog, I’ll talk more about how the cherry of automation will make your cake the envy of the enterprise.
 


 

Related posts

 

Like this blog? We think you will love this.
orchestration-and-automation-machine-identities
Featured Blog

Orchestration and Automation are Critical for Machine Identities

The challenges of identity-based zero trust security

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Stephane Dorchin
Stephane Dorchin

Stephane is the Southern European Director for Venafi and has over 20 years of experience in the cybersecurity industry. His career has included key player roles at Nasdaq BWise, Iron Mountain Digital and Symantec.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more