Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  News  >  Companies  >  All News

News : Companies
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance ProfessionalsCalendarSectors

Venafi Study: Only 28 Percent of Organizations Enforce Security for Code Signing Machine Identities

share with twitter share with LinkedIn share with facebook
share via e-mail
0
06/11/2019 | 08:13am EDT

Half of security professionals concerned cyber criminals are using code signing to breach their organizations

Venafi®, the leading provider of machine identity protection, today announced the results of a study of over 320 security professionals in the U.S., Canada and Europe on code signing security practices. According to the study, only 28 percent of organizations consistently enforce a defined security process for code signing certificates.

“When the code signing keys and certificates that serve as machine identities fall into the hands of attackers, they can inflict enormous damage,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Secure code signing processes enable apps, updates, and open source software to run safely, but if they’re not protected attackers can turn them into powerful cyber weapons. Code signing certificates were the key reason Stuxnet and ShadowHammer were so successful. The reality is that every organization is now in the software development business, from banks to retailers to manufacturers. If you’re building code, deploying containers, or running in the cloud, you need to get serious about the security of your code signing processes to protect your business.”

The Venafi study found that although security professionals understand the risks of code signing, they are not taking proper steps to protect their organization from attacks. Key findings include:

  • Fifty percent are concerned cyber criminals are using forged or stolen code signing certificates to breach the security of their organizations.
  • Globally, only 29 percent consistently enforce code signing security policies, and this problem is much more acute in Europe, with only 14 percent doing so.
  • Thirty-five percent do not have a clear owner for the private keys used in the code signing processes at their organizations.
  • Sixty-nine percent expect their usage of code signing to grow in the next year.

Code signing processes are used to secure and assure the authenticity of software updates for a wide range of software products, including firmware, operating systems, mobile applications and application container images. However, over 25 million malicious binaries are enabled with code signing certificates, and cyber criminals are misusing these certificates in their attacks. For example, security researchers recently discovered bad actors hiding malware in anti-virus tools by signing uploads with valid code signing certificates.

Bocek added: “Security teams and developers look at code signing security in radically different ways. Developers are primarily concerned about being slowed down because of their security teams’ methods and requirements. This disconnect often creates a chaotic situation that allows attackers to steal keys and certificates. In order to protect themselves and their customers, organizations need a clear understanding of where code signing is being used, control over how and when code signing is allowed, and integrations between code signing and development build systems. This comprehensive approach is the only way to substantially reduce risk while delivering the speed and innovation that developers and businesses need today.”

Resources

Blog: Study: How Well Are You Protecting Code Signing Certificates?
Blog: Crypto Mining, Code Signing Compromise: Are Your Certificates Safe?
Blog: Code Signing Certificates: A Dark Web Best Seller

About Venafi

Venafi is the cybersecurity market leader in machine identity protection, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise – on premises, mobile, virtual, cloud and IoT – at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With over 30 patents, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S., U.K., Australian and South African banks; and four of the top five U.S. retailers. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.

For more information, visit: www.venafi.com.


© Business Wire 2019
share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news "Companies"
05:00aSTMicroelectronics Announces Status of Common Share Repurchase Program
GL
05:00aBROADBAND FORUM : and ONF Ease the Path to Automated and Open Virtualized Access Networks
BU
05:00aACCENTURE : Again Recognized by Gartner for Critical Capabilities for Life Insurance Policy Administration Systems, North America
BU
04:59aTRYG A/S : Reporting of trading in Tryg shares by Carl-Viggo Östlund
AQ
04:58aGlobal stocks slip amid lack of detail on trade deal
RE
04:58aJYSKE BANK A/S : Transactions by persons discharging managerial responsibilities and persons closely associated with them
AQ
04:58aROCHE : Phase III PEMPHIX study shows Roche's MabThera/Rituxan (rituximab) superior to mycophenolate mofetil in patients with pemphigus vulgaris
AQ
04:57aAviation Week Network and CAPA Announce Airline Operation Leaders Summit December 2-3, Seville, Spain
GL
04:56aWTO clears U.S. to target EU goods with tariffs over Airbus
RE
04:56aSAVILLS : Director/PDMR Shareholding
PU
Latest news "Companies"