Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Machine Identities Are Dangerously Vulnerable

    Attackers can usurp machine identities in numerous ways, but detecting abnormal behavior in real time can significantly reduce the level of risk.

    By
    eWEEK EDITORS
    -
    April 14, 2022
    Share
    Facebook
    Twitter
    Linkedin
      security

      Identity security is in the spotlight these days, and it’s easy to see why. The most recent Verizon Data Breach Investigations Report found that 61% of all breaches involve credential data.

      Whether those credentials were stolen from endpoints, obtained using social engineering, or purchased on the dark web, the message is the same: Infiltrating a network using a compromised identity is a highly successful tactic for today’s attackers. Until organizations prove they can consistently stop it, attackers have little reason to abandon the technique.

      Much of the conversation about identities revolves around user identities. And while user identities are vulnerable, there are literally billions of nonhuman entities populating today’s networks.

      In 2020, Cisco published a report estimating that by 2023, there will be almost 30 billion networked devices in use around the world, up from 18 billion just a few years ago. Nonhuman identities now outnumber human users by a significant margin, and most of today’s communication over the Internet isn’t between humans – it’s between machines.

      Unfortunately, a compromised machine identity can have consequences just as serious as a compromised human identity. It’s a problem that today’s organizations need to recognize – and address – before it is too late.

      Also see: The Successful CISO: How to Build Stakeholder Trust

      Understanding Machine Identities

      The term user identity is fairly intuitive, but machine identity can apply to a wide range of devices, applications, and processes.

      Essentially, a machine identity is anything that has the means to operate or communicate over the Internet and is not a human. That includes smartphones, laptops, web applications, servers, databases, industrial control systems, and countless other nonhuman entities. These devices talk to each other all the time, which means they need to be able to verify that the entity they are communicating with is what it claims to be.

      How many times has the average user logged into an online account from a new laptop (or even just a new browser) and been greeted with “this device is unrecognized”? When that happens, the system is prompting the user to re-authenticate. When the account holder’s identity is verified, the application will then hold the new device ID and recognize it in the future.

      The need for proper authentication is even clearer when areas like critical infrastructure are considered. A manufacturing plant might have hundreds of different machines working on an assembly line, and there is usually a structured system that serves as a controller for multiple systems beneath it.

      Those systems need to be able to authenticate every device on the factory floor. After all, when a device receives an instruction, it needs to be certain that the system giving it that instruction has the proper authorization. Without that authentication, it would be easy for an intruder to give a device incorrect – or even damaging – instructions.

      Also see: Secure Access Service Edge: Big Benefits, Big Challenges

      Why Attackers Target Machine Identities

      If a machine identity is compromised, it opens the door to several different attack actions. Attackers might use the device to conduct man-in-the-middle attacks, or listen to data going back and forth over the network and steal information. Others might perform acts of sabotage, as in the factory floor example. Still others might leverage the compromised identity to move laterally throughout the network, the same way they would with a compromised user identity.

      Tying those identities together with what should be proper authorized access for legitimate resources requests is Microsoft’s Active Directory (AD). It’s kind of like a GPS – a directory of information sources, all very complex in structure. More than 90% of enterprises today use AD as their identity service, and attackers will often target AD in an attempt to escalate their privileges even further.

      The soaring number of machine identities in use today makes them considerably more difficult to secure. It isn’t easy to make sure that every system is patched and updated on a continuous basis. Identities are secured using digital certificates, and those certificates also need to be managed. Some enterprises today use millions of such certificates, and keeping track of expiration and renewal dates can be a significant challenge at scale.

      Automated tools have helped address some of these issues, but they also add a layer of complexity, which creates vulnerabilities of its own. After all, the more complex the system, the more difficult it is to notice when something is amiss. Most organizations already lack visibility into the machine identities on their networks, which means that an attacker who compromises a machine identity could collect data where no one is looking, often for a long period of time.

      Also see: Best Website Scanners 

      Securing Machine Identities

      One area where automation shines is in identifying and tracking vulnerabilities. With machine identities numbering in the millions, manually accounting for each one simply isn’t possible. Instead, organizations can use modern cybersecurity tools to automate the process of tracking credentials.

      Additionally, while the nature of Active Directory makes it notoriously difficult to secure, there are automated tools capable of monitoring AD for potential attack paths and even attacks in progress. Keeping machine identities secure requires the ability to continuously monitor AD and other areas for vulnerabilities and misconfigurations. Detecting and remediating these issues before an attacker can exploit them remains one of the most effective ways to keep identities – machine or otherwise – secure.

      Attackers can usurp machine identities in a number of ways, but the ability to shut down potential attack paths and detect abnormal behavior in real time can significantly reduce the level of risk an organization faces. Attackers won’t stop targeting identities anytime soon, and savvy organizations should ensure their identity security tools have the necessary visibility and protections in place to guard their machine identities as well as their user identities.

      About the Author: 

      Tony Cole, CTO at Attivo Networks

      eWEEK EDITORS
      eWeek editors publish top thought leaders and leading experts in emerging technology across a wide variety of Enterprise B2B sectors. Our focus is providing actionable information for today’s technology decision makers.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×