blog

The growing threat of machine identity attacks – is your business ready?

Most businesses are aware of the importance of cybersecurity, but some areas are perhaps given more focus than others. Today a lot of work is done around ensuring usernames and passwords are kept safe and firewall systems are secure. However, there’s another area that is often overlooked – machine identity.

A machine identity refers to any non-human user in your IT infrastructure. Much like how we as people use a system of usernames and passwords to verify our identity, machines use keys and certificates to request access and verify themselves. Machines – that is every single application, website, device or even algorithm – use their identities to communicate with one another.

As we now rely on machines more than ever for a lot of business functions, we’ve seen a growing number of machine identity-related cyber attacks.

This number reportedly grew by over 400% in the last two years according to Venafi, a leading provider of machine identity management solutions. This is likely down to more people moving to the cloud and taking advantage of Internet of Things to support remote working. But even though they’re working with more applications and devices, protecting machine identity is not on people’s radar.

Here’s why it should be and some of the steps you can take to secure your machine identities.

What can cyber criminals do?

If cybercriminals get hold of machine access keys or certificates, it’s an open door into your company data and resources. Machine identities can also be used for phishing, to impersonate or spoof websites, making them appear genuine and secure to victims. Importantly, machine identities might be used to infect machines with malware.

Ever come across a website with a “cannot be trusted” warning? Or found that it just won’t load? It’s likely a machine identity has expired and has essentially been removed from the Internet as untrustworthy.

How can you reduce your risk of machine identity attack?

  1. Know what you are working with

It’s not unusual for companies to be unaware of how many keys and certificates they have, who they belong to, what policies they comply with, or when they expire.

The teams responsible for monitoring this need to be aware of cryptographic keys and digital certificates that your machines use. Most companies will use Secure Shell (SSH) keys to secure connections to their cloud-based systems, VPNs and connected devices.

  1. Machine Identity Management

Machine Identity Management should be a key element of your cybersecurity strategy. Up to this point, as mentioned above, many organisations might not be aware of their machine identities or been using other tools or spreadsheets to keep track.

Machine identity management or Identity Management system is software to handle the discovery, management, and automation of credentials used by machines. Lots of specialist companies such as Venafi, offer this kind of solution.

After you’ve established a process, and your machine identity usage, you can start monitoring machine identities and flagging anomalies in their uses that can indicate a problem. You’ll be able to have automated alerts and notifications in place to inform you of unauthorised changes or actions that need to be taken.

  1. Automation

Automation can come as part of your Machine Identity Management, which allows you to set actions that can be focused on a single machine identity or an entire group. These actions can be scheduled in advance, or they can be triggered by a specific set of conditions.

It’s important that you automate the entire machine identity life cycle, including the management of certificate requests and installation. Automating the life cycle allows you to avoid error-prone, manual actions, while improving operations and security. Automation can also validate that every machine identity is installed properly and working correctly.

  1. Set up and enforce security policies

To keep your machine identities safe, you need to set up machine identity security policies and workflows. This helps you monitor every aspect of machine identities— configuration, use, ownership, management and security. Enforcing policies also ensures that every machine identity your organisation complies with relevant industry and government regulations.

As the number of machines in businesses increases, so does the number of machine identities. This growth complicates the already tough challenge of machine identity protection, so it’s important to be aware of how you can manage this. If you have any questions about machine identity management, please contact us at info@auratechnology.com.