Are You Protecting Your Machine Identities?
ISSA Theater 3 - Incident Response, Threat, IAM & Security Awareness Theatre
Thu 18th Oct 03:00 to 03:50
There are two kinds of actors on every network—people and machines—and both need to be secured. People rely on usernames and passwords, but machines use keys and certificates for machine-to-machine communication and authentication. Billions are spent each year securing identity and access management, but virtually all of it is spent securing usernames and passwords, almost none on protecting keys and certificates. Unprotected machine identities are lucrative targets for cyber criminals. They use unprotected keys and certificates to eavesdrop on private communications, make phishing sites or malicious code look valid, and hide their nefarious activity in encrypted traffic—getting malware in and sensitive data out. In this presentation, we’ll discuss the different types of machines identities and where they proliferate in your network. You’ll see the role and lifecycle of machine identities, and where we’re falling short in protecting them. We’ll then look at where there are current risks as well as where new risks are emerging. We’ll conclude with steps you can take immediately to get these risks under control.