How is Venafi combatting the machine identity crisis?

Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, spoke to Cyber magazine about the challenges in combatting cybercrime

Can you tell me about your company? 

Venafi provides a platform that enables organisations to tackle machine identity issues by using intelligent automation. With the risk of machine identity compromise so prevalent, companies must have complete visibility into every machine identity involved in their businesses and must be able to monitor these in real-time to detect potential misuse or expiries. Venafi offers a service that allows organisations to put processes into place, restricting the risks associated with compromised machine identities and protecting the information flow to trusted machines. Additionally, through offering visibility, intelligence and automation, Venafi also ensures that customers won’t experience an outage from machine identities and they can modernise for speed and agility.

What is your role and responsibilities at the company? 

I oversee Venafi’s technology ecosystem and threat intelligence initiatives. This means I get to spend 100% of my time focused on innovation, often working alongside the world's most prominent developers. But fundamentally, I'm also continuously looking for new machine identity threats that have yet to be identified and exposed. But, to me it's not work – it's fun!

With more than 16 years of industry experience, what do you think have been the most significant challenges in tackling the increase in cybercrime?

The increase in companies undergoing digital transformation has created enormous challenges for curbing cybercrime. As companies digitally transform, they have become more and more reliant on cloud-native utilising open-source components. To take advantage of this, highly adaptive malicious attackers are now shifting ‘left’ to target these developers building the software. We’ve seen this with the exponential rise in software supply chain attacks, which have enabled attackers to access machine identities and sensitive data. To take action to prevent this, security teams must build frameworks to software developers through an open-source initiative. A light weight, vendor neutral framework, like the blueprint developed by Venafi, Veracode Sophos, Cloudbees and more, can help ensure the security controls are correct for that specific software project and can be applied seamlessly within different development environments. It’s built by developers for developers. It’s what we like to call #fastsecure.

Could you explain what the machine identity crisis is and how can people combat this? 

The increasing use of machines in our digital world has driven unprecedented improvements in business efficiency and productivity, yet simultaneously is increasing the reliance on machines in enterprise networks. For each machine to communicate securely, it needs a unique identity to authenticate and protect communications. While organisations should protect evolving machine-to-machine communication, most don’t have the visibility or technology to do this and, instead, are left exposed to malicious attacks. To combat this, businesses need a machine identity control plane that uses intelligent automation to manage machine identities and provide complete visibility into every machine in a business network, allowing companies to monitor each identity in real-time.


Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI