How to get ahead of machine identity threats
With threats across the board rising rapidly security teams are having to fight more fires than ever before, breaches have increased by 11% since 2018, and 67% since 2014. Cybercrime is also predicted to costs the global economy $10.5 trillion USD annually. So, it’s no wonder that infosec teams often struggle to get ahead of threats and end up focused purely on just putting out imminent fires.
To make the problem even more complex our global reliance on software is growing rapidly. Many businesses are now undertaking digital transformation initiatives to prioritise speed. Each one of these digital connections is a machine, which often collect data, share information with other machines, and make autonomous decisions based on the situation they find themselves. And every one of these machine connections requires a machine identity to secure its communications – whether they are systems, applications, APIs or cloud native. On average each organisation now has twice as many machine identities as they did just 24 months ago. Yet, infosec teams have not applied the same digital transformation strategies as the rest of their businesses, to the management of these machine identities.
Hackers know where the weak spots are
Cybercriminals have become savvy to the gaps in many organisations machine identity strategies. As a result, we have seen a string of attacks taking advantage of poor machine identity management and protection. In the past year alone, we have seen a range of attacks leveraging machine identities. The malware dubbed Hildegard utilised SSH machine identities attack Kubernetes clusters and launch a crypto miner, the attack on SolarWinds bypassed code signing machine identities to deploy malicious code, while the attack on MonPass’s web server used TLS/SSL machine identities to evade detection.
Malicious actors often use machine identities to make them appear legitimate and circumvent security controls. Stolen machine identities can give a hacker privileged access to critical systems, so they can move laterally through the network and stay hidden for extended periods of time. These attacks are also becoming more sophisticated as techniques trickle down from nation state groups to the everyday cybercrime gang. Further, most (79%) of enterprises have had an identify-related breach within just two years, and only 35% of enterprise IT teams and security leaders are confident they have prevent data breaches relating to machine identities.
How can your organisation fight back?
Organisations must act now to mitigate the risks of machine identity attacks. Otherwise, weak machine identities will continue to let hackers wreak havoc. Enterprises need to improve their practices across three keys areas: visibility, intelligence and automation.
Visibility: To ensure all policies are enforced efficiently there must be a complete inventory of machine identities. This is so security teams can be confident they have the visibility into their network and processes in place to respond quickly to security threats.
Intelligence: Having comprehensive and actionable intelligence across the entire machine identity lifecycle that includes certificate enrolment, installation, renewal, and revocation will help enterprises protect and secure authorised, encrypted communications between machines. This level of machine identity intelligence will enable much of the cost associated with managing the certificates in the machine landscape to be avoided.
Automation: By automating machine identity management, it reduces the pressure on the security team, as well as errors and mistakes that can result from oversights, such as forgetting to perform activities. Automation lets the security team orchestrate a set of rapid actions that can be focused on a single machine identity or an entire group of identities at machine speed. It also minimises the overhead of manually switching certificate authorities (CAs) and replacing vulnerable machine identities.
By combining these three elements it enables organisations secure the entire machine identity lifecycle. This includes enforcing strong certificate security policies, streamlining and expediting remediation, validating that machine identities are properly installed and working correctly, and continuously monitoring the strength and security of certificates. Machine identity management should also be made more visible and easier for everyone across the enterprise to understand. Security is not one person or team’s job, but everyone’s job.