How is Venafi combatting the machine identity crisis?

Kevin Bocek, Vice President of Security Strategy and Threat Intelligence at Venafi, spoke to Cyber magazine about the challenges in combatting cybercrime

Can you tell me about your company? 

Venafi provides a platform that enables organisations to tackle machine identity issues by using intelligent automation. With the risk of machine identity compromise so prevalent, companies must have complete visibility into every machine identity involved in their businesses and must be able to monitor these in real-time to detect potential misuse or expiries. Venafi offers a service that allows organisations to put processes into place, restricting the risks associated with compromised machine identities and protecting the information flow to trusted machines. Additionally, through offering visibility, intelligence and automation, Venafi also ensures that customers won’t experience an outage from machine identities and they can modernise for speed and agility.

What is your role and responsibilities at the company? 

I oversee Venafi’s technology ecosystem and threat intelligence initiatives. This means I get to spend 100% of my time focused on innovation, often working alongside the world's most prominent developers. But fundamentally, I'm also continuously looking for new machine identity threats that have yet to be identified and exposed. But, to me it's not work – it's fun!

With more than 16 years of industry experience, what do you think have been the most significant challenges in tackling the increase in cybercrime?

The increase in companies undergoing digital transformation has created enormous challenges for curbing cybercrime. As companies digitally transform, they have become more and more reliant on cloud-native utilising open-source components. To take advantage of this, highly adaptive malicious attackers are now shifting ‘left’ to target these developers building the software. We’ve seen this with the exponential rise in software supply chain attacks, which have enabled attackers to access machine identities and sensitive data. To take action to prevent this, security teams must build frameworks to software developers through an open-source initiative. A light weight, vendor neutral framework, like the blueprint developed by Venafi, Veracode Sophos, Cloudbees and more, can help ensure the security controls are correct for that specific software project and can be applied seamlessly within different development environments. It’s built by developers for developers. It’s what we like to call #fastsecure.

Could you explain what the machine identity crisis is and how can people combat this? 

The increasing use of machines in our digital world has driven unprecedented improvements in business efficiency and productivity, yet simultaneously is increasing the reliance on machines in enterprise networks. For each machine to communicate securely, it needs a unique identity to authenticate and protect communications. While organisations should protect evolving machine-to-machine communication, most don’t have the visibility or technology to do this and, instead, are left exposed to malicious attacks. To combat this, businesses need a machine identity control plane that uses intelligent automation to manage machine identities and provide complete visibility into every machine in a business network, allowing companies to monitor each identity in real-time.

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security