TMCnet News
Venafi Media Alert: 2017 Data Breaches Point to Weak Machine Identity ProtectionThis was a banner year for mega data breaches; according to Gemalto's (News - Alert) Breach Level Index, over 900 data breaches occurred during the first half of 2017, which compromised 1.9 billion records. More data was stolen in the first six months of 2017 than the entirety of 2016. According to experts at security market leader Venafi, this massive exfiltration of data is a critical symptom of weak machine identity protection. Machine identities are used to authenticate encrypted communication between machines. The cryptographic keys and digital certificates that comprise machine identities are one of the least understood and poorly protected parts of enterprise security infrastructure. Today, organizations spend over $7 billion protecting usernames and passwords, but they spend a fraction of that amount protecting machine identities. In the aftermath of major security incidents, experts often wonder how cybercriminals were able to exfiltrate large amounts of data while remaining undetected. Compromised machine identities allow attackers to use encrypted tunnels where traffic is only sporadically inspected - an approach that permits them to evade security controls. In fact, a recent study from A10 Networks (News - Alert) found that 41 percent of cyberattacks use encryption to evade detection. "Organizations increasingly rely on encrypted communication between rapidly changing networks of machines for a wide range of critical business functions," said Nick Hunter, senior technical manager for Venafi. "To protect encrypted communications between machines, it's vital that we protect each machine's unique identity with at least the same rigor and precision we use to protect the online identities of humans. Unfortunately, most organizations don't have the technology or intelligence necessary to do this, and because the number of machines on enterprise networks is exploding, this problem is rapidly getting worse." To highlight the role that compromised machine identities played in the data breaches revealed in 2017, Venafi examined security incidents where large amounts of data were extracted without detection. Due to their massive scope and duration, it's likely machine identities played a pivotal role in these breaches:
For more information, please visit: About Venafi Venafi is the cyber security market leader in machine identity protection, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise - on premises, mobile, virtual, cloud and IoT - at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted. With 31 patents currently in its portfolio, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 2000 organizations. Venafi is backed by top-tier investors, including Foundation Capital, Intel Capital (News - Alert), Origin Partners, Pelion Venture Partners, QuestMark Partners, Mercato Partners and NextEquity. For more information, visit: www.venafi.com.
View source version on businesswire.com: http://www.businesswire.com/news/home/20171219005272/en/ |