Machine Identities | Breaking Cybersecurity News | The Hacker News

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets . According to reports such as the Verizon DBIR , attackers are more commonly using stolen credentials to gain their initial foothold, rather than exploiting a vulnerability or misconfiguration. Attackers are not just after human identities that they can assume, though. More commonly, they are after Non-Human Identities (NHIs), which outnumber human identities in the enterprise by at least 50 to one . Unlike humans, machines have no good way to achieve multi-factor authentication, and we, for the most part, have been relying on credentials alone, in the form of API keys, bearer tokens, and JWTs.  Traditionally, identity and access management (IAM) has been built on the idea of...

The rise of  DevOps culture  in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However,  containerization and the rise of cloud software development  are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity debt, and increasing security risks.  Let's take a look at three of the top security risks which machine identities create – and how you can combat them. Certificate renewal issues Machine identities are secured differently from human ones. While human IDs can be verified with login and password credentials, machine IDs use certificates and keys. A huge issue with these types of credentials is they have expiration dates.  Generally, certificates remain valid for two years, but the rapid pace of technological improvement has reduced some lifespans to 13 mon...