Wave Systems Corp. (fka WAVXQ)

[Genz2]

Machine Identity Failings Expose Firms

https://www.infosecurity-magazine.com/news/firms-failing-crucial-machine/?utm_source=dlvr.it&utm_medium=twitter

Nearly all IT decision makers believe that protecting machine identities is as important or more important that human identity management, but most struggle to deliver that protection, according to a new Forrester study.

The analyst firm was commissioned by Venafi to poll 350 global IT leaders about the challenges facing them from securing machine identities, which 80% said they are having difficulties with.

In this context, “machine” could mean any kind of digital entity on a network, according to Venafi vice-president of security strategy and threat intelligence, Kevin Bocek.

“This means that everything including websites software, applications, devices, even algorithms, are machines,” he told Infosecurity. “And every single one of them needs an identity in order to communicate with other machines securely.”

Unfortunately, while IAM in the context of human identities is maturing, this failure to protect digital entities represents a coming security storm.

Nearly half (47%) of respondents said protecting machine identities and human identities will be equally important to their organizations over the next 12-24 months, while 43% claimed machine identity protection will be more important.

The vast majority (70%) admitted they are tracking fewer than half of the most common types of machine identities found on their networks, including cloud instances (56%), mobile devices (49%), SSH keys (29%) and containers and microservices (25%).

This could expose them to the risk of customer and corporate data theft, process disruption, downtime and customer attrition, the report claimed.

Bocek explained that machine identity attacks typically follow one of three methods.

“In the first, hackers steal machine identities for spoofing purposes, using them to establish themselves as trusted inside a network or to move around without being detected. Last year, for example, saw over 14,000 fake PayPal sites set up by scammers abusing machine identity to help them trick unsuspecting web users,” he said.

“The second scenario sees the misuse of machine identity to cause havoc across the victim’s entire network — a classic example of this would be the 2015 Ukrainian power grid attack when Russia managed to insert a valid SSH key into the grid and used it to shut down power across the country. Lastly, stolen machine identities are also used by hackers who want either to infiltrate an organization without being noticed and exfiltrate large amounts of data, hit targets with malware such as SQL injection attacks or cross-scripting attacks or to escalate privileges.”


Mitigating machine identity attacks requires IT teams to gain visibility into the location of every digital entity on the network and ensure their keys and certificates are valid and up-to-date.

“Organizations need to automate the process of securing machine identities, since in today’s environment, they’re being created and used on a scale that only other machines can keep up with,” Bocek added. “For any mid- to large-size organization, centralizing and automating the discovery, replacement and remediation of all machine identities on a network is the only realistic defense.”
==================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.

Token-free, password-free user authentication

We know you’ve dreamt about shredding your list of passwords. Go on and do it.

Because you are starting the authentication process in the device’s hardware, the user doesn’t have to interact with it. All users see is their usual Windows log-in screen – no more additional passwords to access the VPN or other resources. They just sign in once, and the secure credentials in their TPMs securely and quickly connect them to everything they need. Say goodbye to user frustration and slow OS performance.

Decrease expenses with virtual smart cards

You know what else happens when you take passwords out of the equation? A lot fewer calls to IT. Imagine if you took password resets out of the picture – that frees up a chunk of IT time, lowering your operating expenses significantly.

If your organization currently uses traditional tokens or smart cards, switching to virtual smart cards takes an even bigger burden off of IT – we use the hardware-protected credentials in the TPM to create a virtual smart card, which performs the same functionality as traditional smart cards. That means no need to purchase, deploy, replace or maintain external tokens, smart cards or smart card readers. Because virtual smart cards are already on your machines and can’t be forgotten, lost or stolen, you have lower capital expenses and lower operating expenses.

Key features at the link above-
================================================================
https://www.wavesys.com/data-sheet-embassy%C2%AE-remote-administration-server-eras