Weak practices around protecting SSH keys expose businesses to costly risk, impacting the most sensitive systems and data. Then incomplete auditing practices allow that risk to go unaddressed.
SSH keys are often used for routine administrative tasks by system administrators, and privileged access management (PAM) systems ensure proper oversight. However, SSH keys are also used for secure machine-to-machine automation of critical business functions. PAM solutions don’t help secure these machine identities, and most audit programs overlook this important risk.
This session discusses the common mistakes that almost all enterprises make around security, policy and auditing practices when managing SSH keys, including current survey results.
RecordedJun 14 201864 mins
Your place is confirmed, we'll send you email reminders
Tony Scott, CEO, Tony Scott Group, Hari Nair, Sr. Director, Product Mgmt, Venafi
In a digitally transforming world, reliance on cloud migration strategies has embedded itself in the foundation of securing and optimizing our nation’s defense and intelligence systems. Additionally, the maturity and security of cloud migration programs and cloud dependencies across the DoD are being heavily deliberated. This makes getting ahead of the identity management crisis more imperative than ever.
In this webcast, attendees heard from industry experts on how mission critical demands for securing Non Person Entities (NPEs) are accelerated rather than reduced as more hybrid cloud infrastructures are deployed across the services. They will also share some practical steps you can begin to take now in order to secure the identities of your own NPEs.
This webinar covered:
- The NPE identity management crisis
- How transitioning to cloud deployments impact your NPE challenges
- What NPE management functionality is offered natively within popular cloud providers
Best practices for identity management of NPE to ensure visibility, intelligence, and automation
NPE identity management requirements – differences between traditional and cloud/hybrid infrastructures
Digital transformation has propelled a wave of new technological advancement that has arguably enriched people's lives. By the same token, the proliferation of machines - physical, virtual and in the cloud - has posed many security challenges and threats across industries, banking being the most noteworthy. As this "rise of machines" expands the threat vector, most banks and financial institutions are faced with increased pressure to protect their customer data and brand.
In this webinar, we'll explore some of the key trends impacting machine identity protection in the financial sector. We'll look at how managing security risk has taken on a new meaning for the enterprise in today's threat landscape.
Join our webinar and you'll also learn:
- How machine identity protection has evolved within DevOps and in the Cloud
- Ways to enforce a sound, enterprise-wide security policy
- Recent data breaches in the financial sector and the aftermath
- The next stage of machine identity protection
Eddie Glenn, Sr. Product Marketing Manager & Tony Hadfield, Solution Architect, Venafi
Could your organization be at risk for code signing compromise?
Recently, there’s been a lot of media coverage focused on the cyber attacks that exploit unprotected code signing credentials. Although code signing technology does a good job of ensuring code is trustworthy for end users to install and run, many companies don’t secure the processes that surround code signing. This lack of oversight can leave your company, and your customers, at risk.
How much do you really know about your organizations’ code signing practices and policies?
Many InfoSec professionals aren’t sure which practices and policies are actually being used, so there’s no way to measure or mitigate all of the risks connected with code signing.
Or, maybe you and your organization understands code signing risks all too well but your processes are so cumbersome that your development teams either miss their release dates or bypass key parts of the processes to get their work done.
No matter which kind of organization you work for, this webinar can help you:
• Understand the specific risks associated with insecure code signing processes and how they affect your security posture and leave your customers at risk.
• Know why scaling secure code signing processes can be challenging and understand what you need to deliver processes that are flexible and secure enough to meet the unique needs of your organization.
• Learn 5 best practices so you can deliver frictionless code signing processes your development teams will be happy to adopt.
Register today and find out how Venafi Next-Gen Code Signing can help you move your code signing processes to the next level without slowing down your development teams.
***All webinar attendees will also receive a free copy of our new solution brief, How InfoSec Can Secure the Code Signing Process***
Mike Dodson, WW Customer Security Strategy & Solutions
With the extensive network systems found in the healthcare industry, SSH keys are widely used to provide privileged administrative access and to secure machine-to-machine automation for important business functions.
However, SSH keys are routinely untracked, unmanaged and unmonitored. This lack of visibility and control can create HIPAA violations by not adequately restricting access to Electronic Protected Health Information (ePHI). If SSH keys are not surely managed, the organization does not know who has access. In this session, we’ll examine SSH study results that reveal widespread lack of security controls for SSH keys in the healthcare industry. We’ll discuss the common mistakes that almost all healthcare organizations make around security, policy, and auditing practices when managing SSH keys.
Join our webinar and:
- Know how unprotected SSH keys can create a HIPAA violation by not limiting access to ePHI and recognize the common pitfalls in SSH key management, made by nearly every healthcare organization, that can result in unprotected SSH keys.
- Comprehend how cybercriminals are exploiting SSH keys to gain unauthorized privileged access and how SSH keys provide the ideal mechanism for cybercriminals to pivot through your environment.
- Understand study results on how current healthcare organizations are protecting their SSH keys and know how to develop a plan to incorporate best practices into SSH key management.
Michael Thelander, Director of Product Marketing & Sandra Chrust, Sr. Product Marketing Mgr, Venafi
Information security teams have long known that a robust process for creating and managing machine identities – especially X.509-based SSL/TLS certificates that enable machine-to-machine authentication and encryption – is fundamental to delivering secure applications. But they also know these methods tend to fall apart in a DevOps-driven world.
DevOps teams can’t wait hours for an appropriate certificate to be delivered by the PKI team, not when new builds are being created every few seconds. They also can’t be expected to maintain and update the tens of thousands of certificate-enabled identities they create every day as containers, applications, and templates.
What they can do is improvise. This often results in the creation of weak or misconfigured keys, improper or non-compliant certificates, and the short-circuiting of InfoSec policies. There is another way.
In this talk, experts in machine identity and PKI (public key infrastructure) will show:
1. How machine identities can be delivered as a fast “certificate-as-a-service” solution
2. How they can be configured according to sound InfoSec policies
3. How they can be integrated with existing DevOps tools such as Kubernetes, Ansible, and HashiCorp Vault
Importantly, this can all be done within existing continuous integration and continuous delivery (CI/CD) toolchains, giving developers programmatic, automated TLS certificate issuance and provisioning. And it allows them to go faster: they no longer need to “hotwire” certificate management processes for each application or service.
We’ll also show how large Global 5000 organizations have implemented:
• A single source of “truth and control” for machine identities that manages X.509 certificates across both cloud providers and on-premise infrastructure
• A “machine identity platform” that reduces security risks and prevents costly delays to the high-speed DevOps processes
• A system that defends against increasingly dangerous cybersecurity threats
Michael Thelander, Director of Product Marketing, Venafi
The international Domain Name System isn’t just infrastructure. It works hand-in- hand with SSL/TLS-based authentication and encryption systems to provide a foundation of trust and privacy across the internet.
Earlier this year, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency detected an ongoing threat to federal agencies and issued the Emergency Directive 19-01. The attacks compromised DNS records and created fake, but legitimate-seeming websites, with valid SSL/TLS certificates that spoofed real agency sites.
Join us for a webinar on June 6th to learn more about the breadth and depth of these attacks, as well as:
- How these attacks unfold, with details on attack vectors and anatomy
- How DNSpionage is related to the new DNS-focused Sea Turtle attacks
- How you can review your certificates and domains to find affected sites
- How to remediate sites that have been compromised
- How new tools enable a proactive response to SSL and DNS based attacks
These attacks highlight real and present dangers to government agencies of all types. Learn how to protect yourself by registering for this webinar today.
Application development teams need to move fast. Yet they often need to reinvent the wheel when it comes to machine identities such as SSL/TLS certificates. They frequently create their own security infrastructure, using a combination of Open SSL, secrets management tools, DevOps platforms, and scripts. Then, as environments and tools change, apps are migrated, and regulatory frameworks change, those same developers need to spend time re-coding applications, updating scripts, or learning new certificate authority APIs.
To lighten the load for developers, security teams must offer a ready-made, consumable service for machine identities.
In this webinar, we will explore the best practices that allow organizations to scale digital certificate provisioning while looking at the challenges facing security and DevOps. Join us and you’ll also learn:
- How the proliferation of machines complicates security
- Where machine identity protection sits in the DevSecOps toolchain
- Recent examples of breaches and outages due to a flawed security posture
- How a standardized set of consumable services supports enterprise-wide visibility and compliance, AND helps DevOps save time
Develop a game plan to help security and DevOps work together and improve the security posture of your organization.
***Attendees will receive a complimentary copy of the white paper, “Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps.”
La faiblesse des pratiques de gestion et de protection des clés SSH expose les entreprises à des risques importants, qui ont des répercussions sur les systèmes et les données les plus sensibles. De plus, les programmes d'audit ne traitent que trop rarement ce problème, et donc ne contribuent pas à le rendre visible.
Les clés SSH sont souvent utilisées par les administrateurs système pour les tâches administratives de routine, et les systèmes PAM (Gestion des accès privilégiés) garantissent une surveillance adéquate. Cependant, les clés SSH sont également utilisées pour automatiser de manière sécurisée des fonctions critiques de l'entreprise. Les solutions PAM n’aident pas à sécuriser ces identités machine et l’entreprise se trouve démunit pour surveiller l’utilisation et contrôler le cycle de vie des clés SSH.
Cette session traite des erreurs courantes que presque toutes les entreprises commettent concernant les pratiques de sécurité, de stratégie et d'audit lors de la gestion de clés SSH.
Avec des exigences accrues en matière de cryptage et des réglementations de plus en plus nombreuses et strictes, la majorité des entreprises a besoin d'une meilleure sécurité des certificats SSL / TLS pour prendre en charge la protection des identités machine. Mais qu'est-ce qu'une feuille de route et un calendrier réalistes ? Cette session vous aidera à concevoir une feuille de route pour les prochains 18 mois sur 4 niveaux de maturité pour déployer une sécurité des certificats à l'échelle de l'entreprise.
Chaque niveau comprendra :
• Le calendrier et les exigences
• Les avantages techniques et opérationnels
• Des retours d’expériences
Découvrez comment évaluer la maturité de la gestion des certificats SSL / TLS de votre entreprise et comment personnaliser une feuille de route pour faire face à vos problèmes de sécurité et opérationnels.
Today’s organizations are using internal and external audits to routinely inspect key and certificate security, as they enable machine-to-machine authentication. Conducting an audit of machine identity risk highlights the effectiveness of a Machine Identity Protection program. But what exactly should be audited to assess this risk? This session discusses a new Audit Work Program for Machine Identity Protection that assess risk and focuses on remediation.
Join our webinar to learn:
• Influences of machine identity risk
• The 3 lines of defense in effective risk management and control
• Details of the Audit Work Program
The session will start with a discussion of risk influencers as well as the factors of machine identity risk that should be reviewed as part of the audit. The session then introduces the Audit Work Program and outlines a 30-60-90-day next steps plan for implementation.
All webinar attendees will receive a free copy of the Machine Identity Audit Work Program!
Date: Tues, April 30, 2019
Time: 8 am PT/11 am ET/4 pm CET (UK)
Tout comme nous devons sécuriser les identités humaines, nous devons également gérer et sécuriser efficacement les identités machine, qu'il s'agisse de serveurs, d'applications, d'appliances, d'appareils IoT ou d'autres systèmes. Les certificats TLS (Transport Layer Security) et les clés privées associées servent de méthode principale pour établir les identités machine. Cependant, les entreprises n'investissent pas dans la protection de l'identité de la machine, même si des clés et des certificats non gérés et non sécurisés sont autant de risques d’arrêt de services et de vulnérabilités.
Cette session présente une approche en 5 étapes de la sécurité TLS, y compris ce qui est réalisé et peut être audité à chaque étape. Cette session permettra aux auditeurs d’évaluer la maturité globale de la protection des identités machine de leur organisation.
Kevin Bocek, VP of Ecosystem & Threat Intelligence
Machine identities are exploding. Complexity, speed, and risk will only increase. Venafi envisions were all machine identities are protected. Where there is complete intelligence and the highest speed automation. To accelerate this vision for customers, Venafi launched the Machine Identity Protection Development Fund. With $12.5 Million, the Development Fund sponsors the development of integrations with the Venafi Platform accelerating the expansion of the Venafi ecosystem.
The Development Fund enables you to expand your strategy for machine identity from DevOps, cloud, analytics, and much more. And it delivers these technology outcomes quickly so you and your team can successfully to protect more machine identities faster – now and in the future.
Join this webinar and learn:
• How the Development Fund will future-proof your investment in technology infrastructure
• What funded integrations are currently in development
• Where the Development Fund will invest in DevOps, cloud, and the ecosystem of the future
• How you can help identify technology needs and developers for consideration
Il existe deux acteurs sur chaque réseau – les personnes et les machines - et les deux doivent être sécurisés. Les personnes (utilisateurs) utilisent des identifiants et des mots de passe pour se connecter et s’authentifier sur un réseau. Les machines quant à elles utilisent des clés et des certificats pour la communication et l'authentification machine à machine. Des milliards d’Euros sont dépensés chaque année pour sécuriser la gestion des identités et des accès, mais la quasi-totalité des dépenses est consacrée à la sécurisation des identifiants et des mots de passe, et pratiquement rien pour la protection des clés et des certificats.
Les identités machine non protégées sont des cibles faciles et lucratives pour les cybercriminels. Ils utilisent des clés et des certificats non protégés pour écouter des communications privées, rendre les sites de phishing plus efficaces, des codes malicieux valides, et masquer leurs activités néfastes dans le trafic crypté, notamment pour faciliter l’introduction de logiciels malveillants et l’extraction de données confidentielles.
Dans cette présentation, nous aborderons les différents types d'identités machine et leurs proliférations sur votre réseau. Vous verrez le rôle et le cycle de vie des identités machine, ainsi que le niveau insuffisant de leur protection. Nous examinerons ensuite les risques actuels et les nouveaux risques qui y sont liés. Nous conclurons avec les mesures que vous pouvez prendre immédiatement pour maîtriser ces risques.
Your Venafi Platform provides visibilty, intelligence and automation for the thousands of machine identities used by your enterprise. But what about machine identities out “in the wild” you know nothing about? Think about rogue certificates spun up by your own development teams or malicious certificates meant to phish your customers and employees. And then there’s the separated networks or cloud workloads that are impossible to reach or difficult to scan.
Venafi TrustNet is an add-on for your Venafi Platform that continually assesses global IPv4 addresses to find two things: 1) SSL/TLS certificates that are yours (but that you may not know about) and 2) “Look-alike”certificates that are meant to manipulate or spoof your brand and domains.
Attend this webinar and learn how Venafi TrustNet can help you identify hard-to-find SSL/TLS certificates associated with your brand or domain:
-Global, Serverless Certificate Discovery: Find external-facing certificates your Venafi TrustAuthority implementation can’t see
-Certificate Compliance Scores: Identify non-compliant certificates wherever they are
-Increased Risk Awareness: Highlight weak or risky cryptography and configurations in certificates beyond those in your on-premises Venafi solution
-Trusted Domain Protection: Identify suspicious variations of your trusted domain names
Register today to see how Venafi TrustNet can broaden your SSL/TLS certificate security coverage and protect your brand.
April 16 - What you need to know: Machine Identity Protection Development Fund: http://bit.ly/2OfKyP5-venafi-mipdf
Michelle Drolet (Towerwall), Michael Thelander (Venafi), William Peteroy (Gigamon), Kalani Enos (kenos)
Cybercrime has evolved from random activities being carried out by individuals into a billion dollar illegal industry that continues to grow. How is cybersecurity keeping up with the rise of cybercrime?
Join this panel of security experts to learn more about:
- Trends in cybercrime and lessons learned in 2018
- The cost of data breaches
- Rise of cryptojacking and ransomware
- Who are the players who make up the world of cybercrime (e.g. programmers, distributors, fraudsters, etc.)
- The CISO vs the cybercriminal
- Best practices for protecting your business
- Michelle Drolet, CEO, Towerwall
- Michael Thelander, Director of Product Marketing, Venafi
- William Peteroy, Security CTO, Gigamon
- Kalani Enos, Founder & CEO, kenos Technologies (Moderator)
John Pescatore, Dr. of Emerging Sec Trends @ SANS Institute & Troels Oerting, Head of Global Center for Cyber Sec @ WEF
Encryption through SSL/TLS and VPNs can help raise the bar for attackers looking to capture or compromise your sensitive information. However, doing encryption badly can lead to a false sense of security. Plus, SSL/TLS certificate management errors can disrupt your business, triggering outages when certificates expire or are revoked. Effective key and certificate management is critical to enabling secure business and maintaining high service levels.
During this SANS WhatWorks webcast, Troels Oerting, Head of Global Center for Cyber Security of World Economic Forum, shares details of why he selected Venafi and how he deployed the solution to enable discovery and management of encryption keys and certificates.
Watch the webinar to learn the following:
•How to avoid business disruption from expired certificates
•The benefits of securing SSL/TLS certificates to protect sensitive information
•Metrics used to demonstrate the value of improved key and certificate management
Get behind-the-scenes insights from this true security leader – register for the webinar today!
As the number of machines on our networks continues to explode how can we make sure that connections and communications between them remain secure? A new era of machine identity protection begins on December 13 at 9 pmPT/12 pm ET.
Join top industry analysts and executives for an hour of innovative and groundbreaking insights about bold new ways to extend your machine identity protection. Hear directly from industry leaders who are excited about this new development, including:
•Rich Baich, CISO, Wells Fargo
•Andras Cser, Vice President and Principal Analyst, Forrester Research
•Armon Dadgar, Co-founder and CTO, HashiCorp
•Jeff Hudson, CEO, Venafi
•John Morgan, GM, Security Business Unit, F5 Networks
•Jake Reynolds, General Partner, TCV
•Dan Timpson, CTO, DigiCert
Venafi’s goal is to provide organizations the freedom to operate with confidence through secure communication and connections, with a high level of trust in their machine identities on their network. Please join this innovative and ground breaking discussion about Machine Identity Protection. Register now!
Kevin Bocek, VP, Security Strategy & Threat Intelligence, Venafi
What was the biggest breach in 2017? How did it happen? Regulators in the U.S. and U.K. have released a detailed analysis, highlighting how a failure in Machine Identity Protection enabled this complex, lengthy, hidden attack.
A single untracked, unmanaged digital certificate was left to expire and became the foundation of this attack. Certificates authenticate machine identities for trusted machine-to-machine connections and, when compromised, create a gaping hole in an otherwise well-layered defense.
Join this webinar and learn how cybercriminals:
• Use an expired certificate to hide in encrypted traffic
• Exploit additional vulnerabilities and pivot deeper into the network
• Continue their attack for months and pilfer millions of files
Today, well over half of attacks hide in encrypted traffic—and analysts warn that this will only increase. Learn how to defend against these types of attacks and architect effective machine identity protection for your organization. Register now!
There are two actors on a network: people and machines. People rely on usernames and passwords to identify themselves and gain access to machines, applications and devices. Machines use digital keys and certificates to authenticate for secure machine-to-machine communication. While organizations spend billions of dollars each year on identity and access management and protecting usernames and passwords, very little is spent on protecting machine identities, which is essential to securing critical systems and data. The Venafi Platform delivers the machine identity intelligence and automation necessary to automatically safeguard the flow of information to trusted machines and prevent communication with untrusted ones—all at machine speed and scale. Venafi protects the largest, most sensitive networks in the world, and our more than 280 customers include 4 of the Top 5 US Banks, 4 of the Top 5 UK Banks, 5 of the Top 5 US Health Insurers and 4 of the Top 5 US Retailers. Venafi solutions help organizations:
- Prevent breaches
- Eliminate outages
- Orchestrate PKI
- Protect SSH access
- Pass compliance audits
- Automate DevOps