Hi [[ session.user.profile.firstName ]]

Auditing Machine Identity Protection

Just as we need to secure human identities, we also need to effectively manage and secure machine identities—whether those machines are servers, applications, appliances, IoT devices or other systems. Transport Layer Security (TLS) certificates and associated private keys serve as the primary method of establishing machine identities. However, organizations are not investing in machine identity protection, even though unmanaged and unsecured keys and certificates risk outages and breaches.

This session shares a 5-stage approach to TLS security, including what is achieved and can be audited at each stage. This session will enable auditors to assess the overall maturity of an organization’s machine identity protection.
Recorded Jun 14 2018 64 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kevin Bocek, Vice President, Security Strategy & Threat Intelligence, Venafi
Presentation preview: Auditing Machine Identity Protection

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Are your company’s code signing processes secure? Recorded: Jul 18 2019 61 mins
    Eddie Glenn, Sr. Product Marketing Manager & Tony Hadfield, Solution Architect, Venafi
    Could your organization be at risk for code signing compromise?

    Recently, there’s been a lot of media coverage focused on the cyber attacks that exploit unprotected code signing credentials. Although code signing technology does a good job of ensuring code is trustworthy for end users to install and run, many companies don’t secure the processes that surround code signing. This lack of oversight can leave your company, and your customers, at risk.

    How much do you really know about your organizations’ code signing practices and policies?

    Many InfoSec professionals aren’t sure which practices and policies are actually being used, so there’s no way to measure or mitigate all of the risks connected with code signing.

    Or, maybe you and your organization understands code signing risks all too well but your processes are so cumbersome that your development teams either miss their release dates or bypass key parts of the processes to get their work done.

    No matter which kind of organization you work for, this webinar can help you:

    • Understand the specific risks associated with insecure code signing processes and how they affect your security posture and leave your customers at risk.

    • Know why scaling secure code signing processes can be challenging and understand what you need to deliver processes that are flexible and secure enough to meet the unique needs of your organization.

    • Learn 5 best practices so you can deliver frictionless code signing processes your development teams will be happy to adopt.

    Register today and find out how Venafi Next-Gen Code Signing can help you move your code signing processes to the next level without slowing down your development teams.

    ***All webinar attendees will also receive a free copy of our new solution brief, How InfoSec Can Secure the Code Signing Process***
  • SSH Keys: Security Asset or Liability for Healthcare? Recorded: Jun 30 2019 44 mins
    Mike Dodson, WW Customer Security Strategy & Solutions
    With the extensive network systems found in the healthcare industry, SSH keys are widely used to provide privileged administrative access and to secure machine-to-machine automation for important business functions.
    However, SSH keys are routinely untracked, unmanaged and unmonitored. This lack of visibility and control can create HIPAA violations by not adequately restricting access to Electronic Protected Health Information (ePHI). If SSH keys are not surely managed, the organization does not know who has access. In this session, we’ll examine SSH study results that reveal widespread lack of security controls for SSH keys in the healthcare industry. We’ll discuss the common mistakes that almost all healthcare organizations make around security, policy, and auditing practices when managing SSH keys.

    Join our webinar and:
    - Know how unprotected SSH keys can create a HIPAA violation by not limiting access to ePHI and recognize the common pitfalls in SSH key management, made by nearly every healthcare organization, that can result in unprotected SSH keys.
    - Comprehend how cybercriminals are exploiting SSH keys to gain unauthorized privileged access and how SSH keys provide the ideal mechanism for cybercriminals to pivot through your environment.
    - Understand study results on how current healthcare organizations are protecting their SSH keys and know how to develop a plan to incorporate best practices into SSH key management.

    Register today!
  • Integrate, Authenticate and Accelerate: Fast IT Meets Strong Machine Identities Recorded: Jun 18 2019 49 mins
    Michael Thelander, Director of Product Marketing & Sandra Chrust, Sr. Product Marketing Mgr, Venafi
    Information security teams have long known that a robust process for creating and managing machine identities – especially X.509-based SSL/TLS certificates that enable machine-to-machine authentication and encryption – is fundamental to delivering secure applications. But they also know these methods tend to fall apart in a DevOps-driven world.

    DevOps teams can’t wait hours for an appropriate certificate to be delivered by the PKI team, not when new builds are being created every few seconds. They also can’t be expected to maintain and update the tens of thousands of certificate-enabled identities they create every day as containers, applications, and templates.

    What they can do is improvise. This often results in the creation of weak or misconfigured keys, improper or non-compliant certificates, and the short-circuiting of InfoSec policies. There is another way.

    In this talk, experts in machine identity and PKI (public key infrastructure) will show:
    1. How machine identities can be delivered as a fast “certificate-as-a-service” solution
    2. How they can be configured according to sound InfoSec policies
    3. How they can be integrated with existing DevOps tools such as Kubernetes, Ansible, and HashiCorp Vault

    Importantly, this can all be done within existing continuous integration and continuous delivery (CI/CD) toolchains, giving developers programmatic, automated TLS certificate issuance and provisioning. And it allows them to go faster: they no longer need to “hotwire” certificate management processes for each application or service.

    We’ll also show how large Global 5000 organizations have implemented:
    • A single source of “truth and control” for machine identities that manages X.509 certificates across both cloud providers and on-premise infrastructure
    • A “machine identity platform” that reduces security risks and prevents costly delays to the high-speed DevOps processes
    • A system that defends against increasingly dangerous cybersecurity threats
  • Stopping DNSpionage In Its Tracks: An Active Response to ED 19-01 Recorded: Jun 10 2019 60 mins
    Michael Thelander, Director of Product Marketing, Venafi
    The international Domain Name System isn’t just infrastructure. It works hand-in- hand with SSL/TLS-based authentication and encryption systems to provide a foundation of trust and privacy across the internet.

    Earlier this year, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency detected an ongoing threat to federal agencies and issued the Emergency Directive 19-01. The attacks compromised DNS records and created fake, but legitimate-seeming websites, with valid SSL/TLS certificates that spoofed real agency sites.

    Join us for a webinar on June 6th to learn more about the breadth and depth of these attacks, as well as:
    - How these attacks unfold, with details on attack vectors and anatomy
    - How DNSpionage is related to the new DNS-focused Sea Turtle attacks
    - How you can review your certificates and domains to find affected sites
    - How to remediate sites that have been compromised
    - How new tools enable a proactive response to SSL and DNS based attacks

    These attacks highlight real and present dangers to government agencies of all types. Learn how to protect yourself by registering for this webinar today.
  • Use the Same Certificate Process Across Your DevOps Toolchain Recorded: May 31 2019 61 mins
    Sandra Chrust, Sr. Product Mkt Mgr, Venafi & Helen Beal, DevOpsologist, Ranger4
    Application development teams need to move fast. Yet they often need to reinvent the wheel when it comes to machine identities such as SSL/TLS certificates. They frequently create their own security infrastructure, using a combination of Open SSL, secrets management tools, DevOps platforms, and scripts. Then, as environments and tools change, apps are migrated, and regulatory frameworks change, those same developers need to spend time re-coding applications, updating scripts, or learning new certificate authority APIs.

    To lighten the load for developers, security teams must offer a ready-made, consumable service for machine identities.

    In this webinar, we will explore the best practices that allow organizations to scale digital certificate provisioning while looking at the challenges facing security and DevOps. Join us and you’ll also learn:

    - How the proliferation of machines complicates security
    - Where machine identity protection sits in the DevSecOps toolchain
    - Recent examples of breaches and outages due to a flawed security posture
    - How a standardized set of consumable services supports enterprise-wide visibility and compliance, AND helps DevOps save time

    Develop a game plan to help security and DevOps work together and improve the security posture of your organization.

    ***Attendees will receive a complimentary copy of the white paper, “Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps.”
  • Clés SSH: Actif ou passif de sécurité? Recorded: May 16 2019 58 mins
    Stephane Dorchin, Directeur Europe du Sud
    La faiblesse des pratiques de gestion et de protection des clés SSH expose les entreprises à des risques importants, qui ont des répercussions sur les systèmes et les données les plus sensibles. De plus, les programmes d'audit ne traitent que trop rarement ce problème, et donc ne contribuent pas à le rendre visible.

    Les clés SSH sont souvent utilisées par les administrateurs système pour les tâches administratives de routine, et les systèmes PAM (Gestion des accès privilégiés) garantissent une surveillance adéquate. Cependant, les clés SSH sont également utilisées pour automatiser de manière sécurisée des fonctions critiques de l'entreprise. Les solutions PAM n’aident pas à sécuriser ces identités machine et l’entreprise se trouve démunit pour surveiller l’utilisation et contrôler le cycle de vie des clés SSH.

    Cette session traite des erreurs courantes que presque toutes les entreprises commettent concernant les pratiques de sécurité, de stratégie et d'audit lors de la gestion de clés SSH.

    Date: Jeudi 16 Mai
    Heure: 14H00 – 14H45
  • Prenez le contrôle de la sécurité des certificats SSL/TLS Recorded: May 2 2019 60 mins
    Stephane Dorchin, Directeur Europe du Sud
    Avec des exigences accrues en matière de cryptage et des réglementations de plus en plus nombreuses et strictes, la majorité des entreprises a besoin d'une meilleure sécurité des certificats SSL / TLS pour prendre en charge la protection des identités machine. Mais qu'est-ce qu'une feuille de route et un calendrier réalistes ? Cette session vous aidera à concevoir une feuille de route pour les prochains 18 mois sur 4 niveaux de maturité pour déployer une sécurité des certificats à l'échelle de l'entreprise.

    Chaque niveau comprendra :
    • Le calendrier et les exigences
    • Les avantages techniques et opérationnels
    • Des retours d’expériences

    Découvrez comment évaluer la maturité de la gestion des certificats SSL / TLS de votre entreprise et comment personnaliser une feuille de route pour faire face à vos problèmes de sécurité et opérationnels.

    Date: Jeudi 2 Mai
    Heure: 14H00 - 14H45
  • Perform Like a Conductor – Automated and Secure Key Orchestration with Venafi Recorded: May 1 2019 11 mins
    Ben Rogers,Senior Solutions Architect, Venafi
    nFinity partners spoke at nCipher RSA booth to highlight strengths of a combined nCipher / partner product integration.
  • Assessing Machine Identity Risk with the New Audit Work Program Recorded: Apr 30 2019 43 mins
    Steven Armstrong, Consultant/CISSP
    Today’s organizations are using internal and external audits to routinely inspect key and certificate security, as they enable machine-to-machine authentication. Conducting an audit of machine identity risk highlights the effectiveness of a Machine Identity Protection program. But what exactly should be audited to assess this risk? This session discusses a new Audit Work Program for Machine Identity Protection that assess risk and focuses on remediation.

    Join our webinar to learn:
    • Influences of machine identity risk
    • The 3 lines of defense in effective risk management and control
    • Details of the Audit Work Program

    The session will start with a discussion of risk influencers as well as the factors of machine identity risk that should be reviewed as part of the audit. The session then introduces the Audit Work Program and outlines a 30-60-90-day next steps plan for implementation.

    All webinar attendees will receive a free copy of the Machine Identity Audit Work Program!

    Register today!

    Date: Tues, April 30, 2019
    Time: 8 am PT/11 am ET/4 pm CET (UK)
  • Audit de la protection des identités machines Recorded: Apr 18 2019 57 mins
    Stéphane Dorchin, Directeur Europe du Sud
    Tout comme nous devons sécuriser les identités humaines, nous devons également gérer et sécuriser efficacement les identités machine, qu'il s'agisse de serveurs, d'applications, d'appliances, d'appareils IoT ou d'autres systèmes. Les certificats TLS (Transport Layer Security) et les clés privées associées servent de méthode principale pour établir les identités machine. Cependant, les entreprises n'investissent pas dans la protection de l'identité de la machine, même si des clés et des certificats non gérés et non sécurisés sont autant de risques d’arrêt de services et de vulnérabilités.

    Cette session présente une approche en 5 étapes de la sécurité TLS, y compris ce qui est réalisé et peut être audité à chaque étape. Cette session permettra aux auditeurs d’évaluer la maturité globale de la protection des identités machine de leur organisation.

    Date: Jeudi 18 Avril 2019
    Heure: 14H30 – 15H15

    Enregistrez-vous
  • What You Need to Know: Machine Identity Protection Development Fund Recorded: Apr 16 2019 29 mins
    Kevin Bocek, VP of Ecosystem & Threat Intelligence
    Machine identities are exploding. Complexity, speed, and risk will only increase. Venafi envisions were all machine identities are protected. Where there is complete intelligence and the highest speed automation. To accelerate this vision for customers, Venafi launched the Machine Identity Protection Development Fund. With $12.5 Million, the Development Fund sponsors the development of integrations with the Venafi Platform accelerating the expansion of the Venafi ecosystem.

    The Development Fund enables you to expand your strategy for machine identity from DevOps, cloud, analytics, and much more. And it delivers these technology outcomes quickly so you and your team can successfully to protect more machine identities faster – now and in the future.

    Join this webinar and learn:
    • How the Development Fund will future-proof your investment in technology infrastructure
    • What funded integrations are currently in development
    • Where the Development Fund will invest in DevOps, cloud, and the ecosystem of the future
    • How you can help identify technology needs and developers for consideration

    Register now!
  • Protection des identités machines Recorded: Apr 4 2019 60 mins
    Stephane Dorchin, Directeur Europe du Sud
    Il existe deux acteurs sur chaque réseau – les personnes et les machines - et les deux doivent être sécurisés. Les personnes (utilisateurs) utilisent des identifiants et des mots de passe pour se connecter et s’authentifier sur un réseau. Les machines quant à elles utilisent des clés et des certificats pour la communication et l'authentification machine à machine. Des milliards d’Euros sont dépensés chaque année pour sécuriser la gestion des identités et des accès, mais la quasi-totalité des dépenses est consacrée à la sécurisation des identifiants et des mots de passe, et pratiquement rien pour la protection des clés et des certificats. 


    Les identités machine non protégées sont des cibles faciles et lucratives pour les cybercriminels. Ils utilisent des clés et des certificats non protégés pour écouter des communications privées, rendre les sites de phishing plus efficaces, des codes malicieux valides, et masquer leurs activités néfastes dans le trafic crypté, notamment pour faciliter l’introduction de logiciels malveillants et l’extraction de données confidentielles.

    Dans cette présentation, nous aborderons les différents types d'identités machine et leurs proliférations sur votre réseau. Vous verrez le rôle et le cycle de vie des identités machine, ainsi que le niveau insuffisant de leur protection. Nous examinerons ensuite les risques actuels et les nouveaux risques qui y sont liés. Nous conclurons avec les mesures que vous pouvez prendre immédiatement pour maîtriser ces risques.

    Date: Jeudi 4 Avril 2019
    Heure : 14H00 – 15H00

    Enregistrez-vous
  • Extend the Reach of Your Venafi Platform Recorded: Mar 27 2019 47 mins
    Michael Thelander, Director of Product Marketing
    Your Venafi Platform provides visibilty, intelligence and automation for the thousands of machine identities used by your enterprise. But what about machine identities out “in the wild” you know nothing about? Think about rogue certificates spun up by your own development teams or malicious certificates meant to phish your customers and employees. And then there’s the separated networks or cloud workloads that are impossible to reach or difficult to scan.

    Venafi TrustNet is an add-on for your Venafi Platform that continually assesses global IPv4 addresses to find two things: 1) SSL/TLS certificates that are yours (but that you may not know about) and 2) “Look-alike”certificates that are meant to manipulate or spoof your brand and domains.

    Attend this webinar and learn how Venafi TrustNet can help you identify hard-to-find SSL/TLS certificates associated with your brand or domain:

    -Global, Serverless Certificate Discovery: Find external-facing certificates your Venafi TrustAuthority implementation can’t see
    -Certificate Compliance Scores: Identify non-compliant certificates wherever they are
    -Increased Risk Awareness: Highlight weak or risky cryptography and configurations in certificates beyond those in your on-premises Venafi solution
    -Trusted Domain Protection: Identify suspicious variations of your trusted domain names

    Register today to see how Venafi TrustNet can broaden your SSL/TLS certificate security coverage and protect your brand.

    ***Upcoming Webinar***
    April 16 - What you need to know: Machine Identity Protection Development Fund: http://bit.ly/2OfKyP5-venafi-mipdf
  • Best Practices for Protecting Your Business from Cybercrime Recorded: Feb 19 2019 62 mins
    Michelle Drolet (Towerwall), Michael Thelander (Venafi), William Peteroy (Gigamon), Kalani Enos (kenos)
    Cybercrime has evolved from random activities being carried out by individuals into a billion dollar illegal industry that continues to grow. How is cybersecurity keeping up with the rise of cybercrime?

    Join this panel of security experts to learn more about:
    - Trends in cybercrime and lessons learned in 2018
    - The cost of data breaches
    - Rise of cryptojacking and ransomware
    - Who are the players who make up the world of cybercrime (e.g. programmers, distributors, fraudsters, etc.)
    - The CISO vs the cybercriminal
    - Best practices for protecting your business

    Speakers:
    - Michelle Drolet, CEO, Towerwall
    - Michael Thelander, Director of Product Marketing, Venafi
    - William Peteroy, Security CTO, Gigamon
    - Kalani Enos, Founder & CEO, kenos Technologies (Moderator)
  • What Works in Certificate and Key Management: Enabling Secure Digital Business Recorded: Feb 5 2019 49 mins
    John Pescatore, Dr. of Emerging Sec Trends @ SANS Institute & Troels Oerting, Head of Global Center for Cyber Sec @ WEF
    Encryption through SSL/TLS and VPNs can help raise the bar for attackers looking to capture or compromise your sensitive information. However, doing encryption badly can lead to a false sense of security. Plus, SSL/TLS certificate management errors can disrupt your business, triggering outages when certificates expire or are revoked. Effective key and certificate management is critical to enabling secure business and maintaining high service levels.

    During this SANS WhatWorks webcast, Troels Oerting, Head of Global Center for Cyber Security of World Economic Forum, shares details of why he selected Venafi and how he deployed the solution to enable discovery and management of encryption keys and certificates.

    Watch the webinar to learn the following:
    •How to avoid business disruption from expired certificates
    •The benefits of securing SSL/TLS certificates to protect sensitive information
    •Metrics used to demonstrate the value of improved key and certificate management

    Get behind-the-scenes insights from this true security leader – register for the webinar today!
  • Machine Identity Protection LIVE Recorded: Dec 13 2018 54 mins
    Jeff Hudson, CEO, Venafi
    As the number of machines on our networks continues to explode how can we make sure that connections and communications between them remain secure? A new era of machine identity protection begins on December 13 at 9 pmPT/12 pm ET.

    Join top industry analysts and executives for an hour of innovative and groundbreaking insights about bold new ways to extend your machine identity protection. Hear directly from industry leaders who are excited about this new development, including:

    •Rich Baich, CISO, Wells Fargo
    •Andras Cser, Vice President and Principal Analyst, Forrester Research
    •Armon Dadgar, Co-founder and CTO, HashiCorp
    •Jeff Hudson, CEO, Venafi
    •John Morgan, GM, Security Business Unit, F5 Networks
    •Jake Reynolds, General Partner, TCV
    •Dan Timpson, CTO, DigiCert

    Venafi’s goal is to provide organizations the freedom to operate with confidence through secure communication and connections, with a high level of trust in their machine identities on their network. Please join this innovative and ground breaking discussion about Machine Identity Protection. Register now!
  • Government Investigations of a Breach: When Machine Identity Protection Fails Recorded: Dec 12 2018 47 mins
    Kevin Bocek, VP, Security Strategy & Threat Intelligence, Venafi
    What was the biggest breach in 2017? How did it happen? Regulators in the U.S. and U.K. have released a detailed analysis, highlighting how a failure in Machine Identity Protection enabled this complex, lengthy, hidden attack.

    A single untracked, unmanaged digital certificate was left to expire and became the foundation of this attack. Certificates authenticate machine identities for trusted machine-to-machine connections and, when compromised, create a gaping hole in an otherwise well-layered defense.

    Join this webinar and learn how cybercriminals:

    • Use an expired certificate to hide in encrypted traffic
    • Exploit additional vulnerabilities and pivot deeper into the network
    • Continue their attack for months and pilfer millions of files

    Today, well over half of attacks hide in encrypted traffic—and analysts warn that this will only increase. Learn how to defend against these types of attacks and architect effective machine identity protection for your organization. Register now!
  • Machine Identities: The Next Step for IAM Recorded: Nov 14 2018 47 mins
    Michael Thelander, Director of Product Marketing @ Venafi
    People rely on user names and passwords to identify themselves to machines so they can get access to networks and data.

    Machines also need to identify themselves to each other, but they don’t use user names and passwords. Instead, they use machine identities.

    We all know that the number of machines on networks is growing exponentially because the digital transformation that is happening is completely dependent on machines, not people.

    We spend over eight billion dollars protecting human identities (IAM), but almost nothing protecting machine identities.

    Bad guys know this. They now devote more time and resources to stealing machine identities.
  • What Works in Certificate and Key Management: Enabling Secure Digital Business Recorded: Oct 3 2018 49 mins
    John Pescatore and Troels Oerting
    Encryption through SSL/TLS and VPNs can help raise the bar for attackers looking to capture or compromise your sensitive information. However, doing encryption badly can lead to a false sense of security. Plus, SSL/TLS certificate management errors can disrupt your business, triggering outages when certificates expire or are revoked. Effective key and certificate management is critical to enabling secure business and maintaining high service levels.

    During this SANS WhatWorks webcast, Troels Oerting, former Chief Security Officer at Barclays Bank, shares details of why he selected Venafi and how he deployed the solution to enable discovery and management of encryption keys and certificates.

    Watch the webinar to learn the following:
    •How to avoid business disruption from expired certificates
    •The benefits of securing SSL/TLS certificates to protect sensitive information
    •Metrics used to demonstrate the value of improved key and certificate management

    Get behind-the-scenes insights from this true security leader – register for the webinar today!
  • SSH Keys: Security Asset or Liability? Recorded: Jun 14 2018 64 mins
    Mike Dodson, VP WW Customer Security Strategy & Solutions, Venafi
    Weak practices around protecting SSH keys expose businesses to costly risk, impacting the most sensitive systems and data. Then incomplete auditing practices allow that risk to go unaddressed.

    SSH keys are often used for routine administrative tasks by system administrators, and privileged access management (PAM) systems ensure proper oversight. However, SSH keys are also used for secure machine-to-machine automation of critical business functions. PAM solutions don’t help secure these machine identities, and most audit programs overlook this important risk.

    This session discusses the common mistakes that almost all enterprises make around security, policy and auditing practices when managing SSH keys, including current survey results.
Intelligent Protection for Machine Identities
There are two actors on a network: people and machines. People rely on usernames and passwords to identify themselves and gain access to machines, applications and devices. Machines use digital keys and certificates to authenticate for secure machine-to-machine communication. While organizations spend billions of dollars each year on identity and access management and protecting usernames and passwords, very little is spent on protecting machine identities, which is essential to securing critical systems and data. The Venafi Platform delivers the machine identity intelligence and automation necessary to automatically safeguard the flow of information to trusted machines and prevent communication with untrusted ones—all at machine speed and scale. Venafi protects the largest, most sensitive networks in the world, and our more than 280 customers include 4 of the Top 5 US Banks, 4 of the Top 5 UK Banks, 5 of the Top 5 US Health Insurers and 4 of the Top 5 US Retailers. Venafi solutions help organizations:
- Prevent breaches
- Eliminate outages
- Orchestrate PKI
- Protect SSH access
- Pass compliance audits
- Automate DevOps

Visit www.venafi.com

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Auditing Machine Identity Protection
  • Live at: Jun 14 2018 4:00 pm
  • Presented by: Kevin Bocek, Vice President, Security Strategy & Threat Intelligence, Venafi
  • From:
Your email has been sent.
or close