• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Black Hat 2022: Why machine identities are the most vulnerable
Security

Black Hat 2022: Why machine identities are the most vulnerable

August 16, 2022No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Each public cloud platform has its unique approach to IAM, which exposes machine identities to attack when combined with hybrid cloud configurations.
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


Enterprises are struggling to secure machine identities because hybrid cloud configurations are too complex to manage, leading to security gaps cyberattackers exploit. Adding to the confusion are differences between public cloud providers’ approaches to defining machine-based identities using their native identity access management (IAM) applications. Additionally, due to differences in how IAM and machine identity management are handled across cloud platforms, it can be challenging to enforce zero-trust principles, enabling least-privileged access in a hybrid cloud environment.

Managing certificate lifecycles on hybrid cloud deployment models for machine identities is a technical challenge that many enterprise IT teams don’t have the resources to take on. According to Osterman Research, 61% of organizations cannot track certificates and keys across their digital assets. Given how quickly workload-based machine identities can be created, including containers, transaction workflows and virtual machines (VMs), it is understandable that only about 40% of machine identities are being tracked. IAM is becoming more challenging every day as the average employee has, on average, over 30 digital identities, with a typical enterprise having over 45 times more machine identities than human ones.  

Machine identities are high risk in hybrid clouds 

Two sessions at the Black Hat 2022 cybersecurity conference explained why machine identities are a high-risk attack surface, made more vulnerable in hybrid cloud configurations. The first session, titled IAM The One Who Knocks, presented by Igal Gofman, head of research at Ermetic and Noam Dahan, research lead at Ermetic. The second was titled I AM whomever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit, presented by Steven Seeley, a security researcher at the 360 Vulnerability Research Institute. Both presentations provided recommendations on what enterprises can do to reduce the risk of a breach.

See also  A number of Safety Flaws Discovered In Nuki Sensible Locks

In the presentation, IAM The One Who Knocks, researchers IGofman and Dahan illustrated how different the dominant cloud platforms’ approaches to IAM are. Protecting machine identities with native IAM support from each public cloud platform just isn’t working, as gaps in hybrid cloud configurations leave machines vulnerable. Their presentation provided insights into what makes Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform’s (GCP) approaches to IAM different. 

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

“IAM systems in all three cloud providers we discussed are complex,” Dahan said during the session. “We find that organizations will make mistakes. One of the most important things you can do is stick to one AWS account or GCP project per workload.” 

AWS, Microsoft Azure and GCP provide enough functionality to help an organization get up and running yet lack the scale to fully address the more challenging, complex areas of IAM in hybrid cloud configurations.

Each public cloud platform has its unique approach to IAM, which exposes machine identities to attack when combined with hybrid cloud configurations.
Each public cloud platform has a unique approach to IAM, which exposes machine identities to attack when combined with hybrid cloud configurations.

Cloud providers claim their machine identities are secure, yet in hybrid cloud configurations, that breaks down fast.  Gofman and Dahan pointed out that enterprises are responsible for breached machine identities because every platform provider defines its scope of services using the shared responsibility model. 

AWS and other cloud providers offer essential IAM support. Their IAM solutions are specific to their platforms and don't scale across third-party, public cloud providers, leaving enterprises to close hybrid cloud gaps or risk a breach.
AWS and other cloud providers offer essential IAM support. Their IAM solutions are specific to their platforms and don’t scale across third-party, public cloud providers, leaving enterprises to close hybrid cloud gaps or risk a breach.

Steps to secure machine identities

Black Hat’s sessions on IAM detailed insights and recommendations on how to better protect machine identities, including the following:

Understanding that AWS, Microsoft Azure and Google Cloud Platforms’ IAM systems do not protect privileged access credentials, machine identity, endpoint or threat surface in a hybrid cloud configuration. As the shared responsibility model pictured above illustrates, AWS, Azure and GCP only secure the core areas of their respective platforms, including infrastructure and hosting services only. CISOs and CIOs rely on the shared responsibility model to create enterprise-wide security strategies that will make the least privileged access achievable across hybrid cloud configurations. The eventual goal is to enable a zero-trust security framework enterprise-wide.

See also  Begin as you imply to go on: the highest 10 steps to securing your new pc

Hybrid cloud architectures that include AWS, Microsoft Azure and Google Cloud Platforms do not need an entirely new identity infrastructure. Creating new and often duplicate machine identities increases cost, risk, overhead and the burden of requiring additional licenses. On the other hand, enterprises with standardized identity infrastructure need to stay with it. Besides having the taxonomy engrained across their organization, changing it will most likely create errors, leave identities vulnerable and be expensive to fix. 

Enterprises need to consider IAM platforms that can scale across hybrid cloud configurations to reduce the risk of a breach. The latest generation of IAM systems provides tools for managing machine lifecycles synchronized to certificate management. IAM architectures also support customized scripts for protecting workflow-based identities, including containers, VMs, IoT, mobile devices and more. 

Leading vendors working to secure IAM for machine identities include Akeyless, Amazon Web Services (AWS), AppViewX, CrowdStrike, Ivanti, HashiCorp, Keyfactor, Microsoft, Venafi and more.

Source link

Black Hat identities Machine vulnerable
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

De’Longhi Rivelia automatic bean-to-cup coffee machine review

February 1, 2024

WD Black SN770M review

November 1, 2023

Smeg EGF03 Espresso Coffee Machine with Grinder review

October 17, 2023

It Costs Just $400 to Build an AI Disinformation Machine

August 29, 2023
Add A Comment

Comments are closed.

Editors Picks

Buick will buy out dealers who don’t want to invest in its all-electric future

September 6, 2022

Three Things That Would Have Improved Our House Moving Experience

July 9, 2022

Dell, Nvidia and VMware partner to boost data center speed

August 30, 2022

Chrome for Android will ask if you really want to close every tab at once

June 24, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.