TMCnet News
Study: SSH Key Weaknesses Overlooked in Privileged Access AuditsVenafi®, the leading provider of machine identity protection, today announced the results of a study on how well audits measure Secure Shell (SSH) security in their environments. Over 400 IT security professionals participated in the study, which reveals a widespread lack of SSH audits. Cyber criminals, such as malicious insiders, use SSH keys to access systems from remote locations, evade security tools and escalate privileges. Auditing SSH entitlements as part of Privileged Access Management (PAM) policies can help organizations understand how well they control access to sensitive data. However, fifty-five percent of the respondents said SSH entitlements are not featured in their PAM policies and are rarely audited. Without proper auditing and effective SSH security policies, SSH key weaknesses can go undetected, leaving organizations vulnerable to a wide range of cybersecurity attacks. Key findings of Venafi's study include:
"Proper oversight from auditors and policy makers would go a long way toward helping organizations understand SSH security risks," said Steven Armstrong, enterprise information security and risk management consultant and former Federal eserve Bank Examiner. "Sadly, without detailed insight into the impact of lax SSH policy enforcement, most organizations do not have the information or the catalysts they need to strengthen SSH security." The study was conducted by Dimensional Research and completed in July 2017. It analyzed responses from 411 IT and security professionals with in-depth knowledge of SSH from the U.S., U.K. and Germany. Mike Dodson, senior director of global sales engineering for Venafi, will be giving a presentation on auditing SSH keys at the Information Systems Audit and Control Association (ISACA) Asia Pacific CACS 2017 Conference. For more information, please visit: https://www.isaca.org/Education/Conferences/Pages/asia-pacific-cacs-presentations-and-descriptions.aspx#223. Additional Resources: Blog: SSH Study: Who's Auditing Your SSH Entitlements? E-book: How Safe Are Your SSH Keys? Executive Brief: 2017 SSH Study Webinar: OH SSH IT! Where Are My SSH Keys? About Venafi Venafi is the cybersecurity market leader in machine identity protection, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise-on premises, mobile, virtual, cloud and IoT - at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted. With 31 patents currently in its portfolio, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 2000 organizations. Venafi is backed by top-tier investors, including Foundation Capital, Intel Capital (News - Alert), Origin Partners, Pelion Venture Partners, QuestMark Partners, Mercato Partners and NextEquity. For more information, visit www.venafi.com. View source version on businesswire.com: http://www.businesswire.com/news/home/20171116005322/en/ |