Venafi Helps Enterprises Combat Rise In Attacks on Trust Using SSH
Salt Lake City, UT
February 19, 2014
New Innovations in Venafi TrustAuthority™ and Venafi TrustForce™ Protect SSH Keys with Enforced Policy, Anomaly Detection, and Automated Response and Remediation
Venafi, the leading provider of Next-Generation Trust Protection, today unveiled powerful new cybersecurity defenses to help enterprises fight the rise in attacks using Secure Shell (SSH). New research released by the Ponemon Institute shows that 3 out of 4 Global 2000 organizations have no security system for SSH, leaving the door open for rogue, root-level access and data compromises.
Venafi TrustAuthority SSH identifies and protects all SSH cryptographic keys across networks, virtualized data centers, and in the cloud. TrustAuthority establishes a known good state, continuously monitors, and detects anomalous activity. Venafi TrustForce SSH provides automated security to remediate vulnerabilities and anomalies identified by TrustAuthority. With TrustForce, SSH keys are automatically generated and replaced, and authorized key lists are synchronized across thousands of distributed systems. According to new research, nearly half of all enterprises never rotate or change SSH keys. This makes their networks, servers, and cloud systems owned by the malicious actors in perpetuity when SSH keys are stolen, as demonstrated with the recent The Mask operation and other cyberattacks.
Tweet this: @Venafi defending enterprises from rise in attacks using #SSH keys for rogue root access #Security #TheMask
“Cybercriminals are known to steal SSH keys or manipulate which keys are trusted to gain access to source code and other valuable intellectual property,” explained Forrester Consulting. “Advanced threat detection provides an important layer of protection but is not a substitute for securing keys and certificates that can provide an attacker trusted status that evades detection” (July 2013 commissioned study entitled "Attacks on Trust: The Cybercriminal's New Weapon," conducted by Forrester Consulting on behalf of Venafi).
These new innovations expand Venafi’s industry leadership in securing and protecting any key, any certificate, anywhere. With this announcement, Venafi is also introducing the Venafi Trust Protection Platform™, the next generation security platform that replaces Venafi Director. Built on the Trust Protection Platform, TrustAuthority and TrustForce are the only security systems to protect SSL keys and certificates, SSH keys, and mobile device and application certificates. TrustAuthority and TrustForce are the first, new products built on the Trust Protection Platform and replace Venafi’s previous products: Server Certificate Manager, SSH Key Manager, and Mobile Certificate Manager.
Tweet this: @Venafi rolls out Trust Protection Platform w/ #TrustAuthority & #TrustForce to secure #SSL, #SSH & mobile keys/certs
As part of the platform, TrustAuthority and TrustForce work together to protect keys and certificates, detect anomalies, and respond and remediate quickly:
Venafi TrustAuthority SSH Identifies all SSH keys to build a comprehensive inventory for SSH keys deployed on global IT networks via agentless and agent-based technology, maps trust between systems and users, detects SSH keys that do not meet corporate standards, and reports and escalates on any key anomalies detected.
Venafi TrustForce SSH Automates policy enforcement for authorized key configuration files and access control, detects any event resulting from an anomaly, and responds with rapid remediation to rotate and replace SSH keys and authorized key lists.
Tweet this: @Venafi identifies all #SSH keys, detects anomalies, & responds automatically to remediate w/ key replacement
Cryptographic keys and certificates establish online trust for payments and transactions, data storage and access, mobile devices and applications, and even sensitive systems such as air traffic control and smart-grid technologies. However, criminals have learned to take advantage of the dependence and blind trust that organizations have placed in keys and certificates. Since Stuxnet was detected, misuse of keys and certificates has grown astronomically, at a rate of 1,600 percent year-over-year according to Intel Security Labs: McAfee 2013 Threats Report.
Venafi research identified that Edward Snowden breached the NSA by using unprotected SSH keys and certificates. Reported first in USA Today, Venafi’s research on Snowden’s use of keys and certificates has been further corroborated by NSA memos as reported by MSNBC and BBC. Not surprisingly, Ponemon Institute found that 100% of all enterprises surveyed had been attacked over the last two years using rogue keys and certificates, which included SSH keys.
“The safety, security, and privacy of ecommerce, the cloud, and mobile devices and users all depend on securing the trust established by cryptographic keys and digital certificates. Today’s cybercriminals always look for the weakest link in security defenses, and have discovered the blind dependence, lack of threat awareness, and inability to respond to attacks on trust in every business and government worldwide,” said Jeff Hudson, CEO, Venafi. “Venafi is the only cybersecurity defense standing between businesses and governments and cybercriminals attacking SSH keys, SSL keys and certificates, and mobile device and app certificates. Organizations must fight back. Venafi TrustAuthority and Venafi TrustForce are the only defenses to secure and protect keys and certificates with a single platform.”
The new cybersecurity defenses for SSH in TrustAuthority and TrustForce, will be available to customers later in Q1 of this year. For more information please visit http://www.venafi.com/products
Existing Venafi Director customers are eligible for the Trust Protection Platform that replaces Venafi Director. For more information, Venafi customers should contact their Venafi account executive directly.
To get the latest news and information about Venafi: