Ask most people to describe a cyberattack and you’re likely to hear stories about crippled servers, network outages and business disruption. Yet, while these events certainly cause issues for many organisations, the most damaging attacks are actually the ones that go unnoticed.
If criminals can gain access to corporate IT infrastructures, they can spend time jumping from system to system and extracting as much data as possible. This could happen for weeks – or even months – as the organisation continues to function normally.
Rather than finding ways to steal passwords or other personal credentials, cybercriminals undertake these types of attacks by stealing machine identities. This allows them to pose as legitimate actors on a network and minimises their chances of being discovered.
Just like staff members, every machine (be it a server, a device, an app or an algorithm) needs an identity with permission to communicate in a private, encrypted and secure way on a corporate network. Gaining such an identity therefore gives a cybercriminal significant powers.
The power of keys
Effectively protecting machine identities is therefore very important, and a task that can be likened to how someone might protect their home. After putting locks on all doors and installing an alarm system, they then require people to used keys and codes to gain access and disable the alarm. In other words, individuals are given access because the keys they have are recognised and trusted.
Machine identity protection works in a similar way, although the keys used tend to be digital rather than physical. Defences like anti-virus or firewalls operate just like door locks and use machine identities to know which traffic is authorised and which should be locked out.
This means that, if a cybercriminal has hold of a machine identity, they also have the right key and will be granted access to the system. The defence mechanisms in place will base their decision to allow access on the key rather than who happens to be controlling it.
Effective key protection is critical
Most people carry their house keys with them at all times, and quickly notice if they become lost. Yet people also tend to have a spare set stored somewhere, perhaps for guests or a cleaner. If this set goes missing it might not be noticed for an extended period.
If a criminal was to steal this spare set, they would be able to enter the house as they pleased, combing through documents and even stealing small items. This activity could go on for weeks before anyone noticed that something was wrong.
The same thing could happen if a machine identity was stolen, and most organisations have thousands of machine identities that need to be tracked. In fact, research has shown that the average enterprise has more than 16,500 undiscovered machine identities that are unprotected, and IT professionals expect the number of identities to increase exponentially each year.
Protecting digital keys
If a set of home keys are lost, the home owner wastes no time getting the locks changed. However, when it comes to the digital world, the process is much more complicated. It’s often made particularly challenging because many organisations keep track of all their machine identities using nothing more than an Excel spreadsheet.
Trying to manage machine IDs in this way is a recipe for disaster. There is significant chance of errors, from recording incomplete data to failing to assign responsibility for remediation and replacement. Also, if a key goes missing, it could make things more challenging and take years before the theft comes to light.
Automation is the best defence
The solution to this challenge is for organisations to take the same care of their machine identities as they do their physical security.
Because the task is much too large and complex to handle manually, organisations need to deploy an automated solution that can identify when a key is created and manage it throughout its life cycle.
Just as a homeowner might install a closed-circuit television (CCTV) system to make sure nobody is creeping around a house, organisations need to be able to monitor their encrypted network traffic to ensure there isn’t anyone gaining access that should not be there.
To achieve this, an organisation needs to provide its selected security tools with access to the keys of private corridors within the enterprise. Such systems can then quickly react and replace any compromised certificates that might be used by attackers, helping boot out the burglars before they have a chance to do any damage.
As modern business becomes increasingly reliant on network-connected devices to support daily operations, keeping machine identities protected and secure is vital. By taking the required steps now, an organisation can be confident it can protect against the activities of cybercriminals in the future.