Data center computer racks showing machine identities

Just How Risky Are Your Machine Identities?

We’re at the inflection point in cybersecurity where machine identity-related attacks are moving higher on CISOs’ lists of top worries. The most obvious reason for attackers’ interest in hacking machine identities is there are so very many machines – and very more yet to come. By 2023, there will be more than 29 billion networked devices in use globally, according to the Cisco Annual Internet Report. The attack surface may be increasing faster than CISOs can build barriers to hackers.

The specter of machine identity attacks is also worrying beyond security teams. Poor protection of machine identities causes U.S. economic losses of $15.4 to 21.5 billion every year, according to research from AIR Worldwide – affecting every part of the business. Meanwhile, a recent survey we did at Venafi found that 94% executives believe there should be fines or other legal consequences for software vendors who fail to protect the integrity of their software build pipelines, which can provide a clear path for attackers compromising machine identities.

To avoid the likelihood of these impacts, security teams need to keep an eye out for faulty practices and missing policies that could leave machine identities as sitting ducks for attackers. The weaknesses below could lead to greater risks of security breaches – but with care and maintenance, the security gaps can be closed.

Lack of network segmentation

Without segmentation, hackers only need to get a foot in the door, and they’re rewarded with an entire network to browse through. Lack of network segmentation makes a hacker’s job easy. You can make that job much, much harder with network segmentation, which offers security by design. In this way, hackers would have to breach each network segment individually, which usually isn’t worth their time or effort. Segmentation offers more benefits, such as a smaller attack surface, since each network segment has its own hardware.

Missing access control policies

Privilege abuse is the primary cause of data breaches, according to Verizon’s 2021 Data Breach Investigations Report – yet this is one of the easier risks to eliminate. Simply put, access control policies for machine identities determine who can access what. If you need guidance, read the NIST publication, Assessment of Access Control Systems, to get a handle on commonly used access control services, where they should be used, and the advantages and disadvantages of each method.

Intermittent monitoring

Piecemeal monitoring, such as the kind provided by traditional monitoring solutions using point-in-time methods, doesn’t offer an up-to-date view of security gaps. Consistent monitoring provides a better view into cybersecurity posture, along with the status of machine identities. Monitoring tools with SIEM and GRC capabilities are better equipped to deliver continuous monitoring, threat prioritization, a patching schedule, and a culture of cyber awareness.

Better monitoring also drives improved visibility over all certificates and other machine identities within your organization. With 20/20 visibility, security teams can identify certificates that are languishing, expired, or simply hiding in departments. A certificate management platform can track expiration dates, certificate keys and passwords – far more efficient than listing these items on a spreadsheet.

Weak encryption

If data in transit isn’t properly encrypted, attackers have an opportunity to gain entry to infrastructure, or the infrastructure between the sender and receiver. The solution is to encrypt data in transit using at least TLS 1.2 or greater, and ideally, TLS 1.3. A WAN service, TLS or IPsec VPN gateway, or bonded fiber optic connection can also help improve security.

Poor authentication

Without appropriate protocols, machine-to-machine (M2M) communications are at risk from hackers exploiting weak authentication. Beyond using usernames and logins to authenticate users, consider adopting a private PKI, be your own Certificate Authority, and utilize mutual authentication based on public/private key pairs for SSL/TLS.

Cumbersome manual processes

It’s just about impossible to orchestrate and provision the tasks associated with machine-identity maintenance manually. It’s also a bad idea, since it’s highly unlikely a cybersecurity team can manage these tasks, given the rapid increase in volume of machine identities – and any failures of oversight create all the opportunity that hackers need. Automation is the modern, state-of-the-industry, best practice for machine identity management.

Security leaders throw a lot of time and money at protecting usernames and passwords, but very little at protecting the keys and certificates used by machines to identify and authenticate themselves. As the number of machines grows to the tens of billions, security needs to catch up to this rapid growth with the intelligence and automation necessary to manage these critical security assets.