Protecting your IoT software delivery against malware insertion

Presented by

Eddie Glenn, Venafi

About this talk

In December 2020, it was reported that a software supply chain cyber-attack occurred against SolarWinds which caused infections in numerous businesses and government agencies. While complex in nature, this involved vulnerabilities in the build cycle at SolarWinds. For an IoT manufacturer, securing your software supply chain and your build process is as critical as is securely delivering updates to your IoT devices. In this session, we’ll cover: • A review of how SUNBURST was introduced into the software supply chain • Steps that can be taken by software developers to minimize this from happening to you • How digitally signing source code and other intermediate artifacts during your software build process can minimize these risks • The benefits of securing a code signing process for your company

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (107)
Subscribers (9288)
There are two actors on a network: people and machines. People rely on usernames and passwords to identify themselves and gain access to machines, applications and devices. Machines use digital keys and certificates to authenticate for secure machine-to-machine communication. While organizations spend billions of dollars each year on identity and access management and protecting usernames and passwords, very little is spent on protecting machine identities, which is essential to securing critical systems and data. The Venafi Platform delivers the machine identity intelligence and automation necessary to automatically safeguard the flow of information to trusted machines and prevent communication with untrusted ones—all at machine speed and scale. Venafi protects the largest, most sensitive networks in the world, and our more than 280 customers include 4 of the Top 5 US Banks, 4 of the Top 5 UK Banks, 5 of the Top 5 US Health Insurers and 4 of the Top 5 US Retailers. Venafi solutions help organizations: - Prevent breaches - Eliminate outages - Orchestrate PKI - Protect SSH access - Pass compliance audits - Automate DevOps Visit