How is Venafi combatting the machine identity crisis?

Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, spoke to Cyber magazine about the challenges in combatting cybercrime

Can you tell me about your company? 

Venafi provides a platform that enables organisations to tackle machine identity issues by using intelligent automation. With the risk of machine identity compromise so prevalent, companies must have complete visibility into every machine identity involved in their businesses and must be able to monitor these in real-time to detect potential misuse or expiries. Venafi offers a service that allows organisations to put processes into place, restricting the risks associated with compromised machine identities and protecting the information flow to trusted machines. Additionally, through offering visibility, intelligence and automation, Venafi also ensures that customers won’t experience an outage from machine identities and they can modernise for speed and agility.

What is your role and responsibilities at the company? 

I oversee Venafi’s technology ecosystem and threat intelligence initiatives. This means I get to spend 100% of my time focused on innovation, often working alongside the world's most prominent developers. But fundamentally, I'm also continuously looking for new machine identity threats that have yet to be identified and exposed. But, to me it's not work – it's fun!

With more than 16 years of industry experience, what do you think have been the most significant challenges in tackling the increase in cybercrime?

The increase in companies undergoing digital transformation has created enormous challenges for curbing cybercrime. As companies digitally transform, they have become more and more reliant on cloud-native utilising open-source components. To take advantage of this, highly adaptive malicious attackers are now shifting ‘left’ to target these developers building the software. We’ve seen this with the exponential rise in software supply chain attacks, which have enabled attackers to access machine identities and sensitive data. To take action to prevent this, security teams must build frameworks to software developers through an open-source initiative. A light weight, vendor neutral framework, like the blueprint developed by Venafi, Veracode Sophos, Cloudbees and more, can help ensure the security controls are correct for that specific software project and can be applied seamlessly within different development environments. It’s built by developers for developers. It’s what we like to call #fastsecure.

Could you explain what the machine identity crisis is and how can people combat this? 

The increasing use of machines in our digital world has driven unprecedented improvements in business efficiency and productivity, yet simultaneously is increasing the reliance on machines in enterprise networks. For each machine to communicate securely, it needs a unique identity to authenticate and protect communications. While organisations should protect evolving machine-to-machine communication, most don’t have the visibility or technology to do this and, instead, are left exposed to malicious attacks. To combat this, businesses need a machine identity control plane that uses intelligent automation to manage machine identities and provide complete visibility into every machine in a business network, allowing companies to monitor each identity in real-time.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security