first2017 - bocek - going undetected€¦ · ©2016 venafi . confidential – do not distribute. 44...
TRANSCRIPT
![Page 1: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/1.jpg)
![Page 2: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/2.jpg)
GOINGUNDETECTED:
HOWCYBERCRIMINALS,HACKTIVISTS,AND
NATIONSTATESMISUSEDIGITALCERTIFICATES
KevinBocek
![Page 3: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/3.jpg)
The Future: Machines
![Page 4: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/4.jpg)
The future is machinesAdversaries exploiting machine identitiesGood news: guidance exists• Reduce risk• Build in agility • Respond faster
![Page 5: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/5.jpg)
WhatAreMachines?
Device Code ServiceAlgorithm
v=argmaxb�{Yes,No}Pr(b)Qi Pr(ai |b)
![Page 6: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/6.jpg)
0.0
10.0
20.0
30.0
40.0
50.0
2005 2010 2015 2020 20250.0
50.0
100.0
150.0
200.0
250.0
300.0
2005 2010 2015 2020 2025
SOFTWARE AND DEVICES EXPLODING(EST. IN BILLIONS)
DEVICES
PEOPLE
SOFTWARE
![Page 7: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/7.jpg)
An entity without an identity cannot exist because it would be nothing
AristotleLaw of IdentityMetaphysics, Book IV, Part 4
![Page 8: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/8.jpg)
Machine Identities
![Page 9: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/9.jpg)
HUMANSUser name, Password, Biometric
MACHINES
1 0 1 00 1 0 10 1 0 1
![Page 10: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/10.jpg)
WhatareMachineIdentities?
SSL/TLSCertificates
CodeSigningCertificates
SSHKeys APIKeys
TwL2iGABf9DHoTf09kqeF8tAmbihY
EncryptedTunnel
Authentication Execution
![Page 11: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/11.jpg)
![Page 12: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/12.jpg)
![Page 13: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/13.jpg)
![Page 14: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/14.jpg)
Role&LifecycleLeavesIdentitiesVulnerable
Inception Manufacture Distribution Activation Update Recycle
SSHkeyforcloud-to-cloud DevOpsorchestration
CodesigningcertificatetoauthenticatecoderunningonIoT device
TLScertificatetoauthenticatecloudapptoIoT devices
![Page 15: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/15.jpg)
MisuseofMachineIdentities
TAKEONTRUSTEDIDENTITY
PhishingeffectivenessMaliciouscodeexecution
ESTABLISHTRUSTEDIDENTITY
CreatebackdoorsBuildprivilege
RUNWITHOUTIDENTITY
Hide,stealth,cloak
![Page 16: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/16.jpg)
Problem: Machine Identities?
![Page 17: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/17.jpg)
![Page 18: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/18.jpg)
![Page 19: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/19.jpg)
Would your organization tolerate
with no awareness, policies, or control?
![Page 20: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/20.jpg)
Would your organization tolerate
with no awareness, policies, or control?keys & certificates
![Page 21: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/21.jpg)
Heartbleed:T+1Year
RED=%NOTHEARTBLEEDREMEDIATED
![Page 22: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/22.jpg)
Take On Trusted Identity
![Page 23: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/23.jpg)
![Page 24: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/24.jpg)
![Page 25: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/25.jpg)
![Page 26: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/26.jpg)
Rise of Fast & Free25M certificates
![Page 27: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/27.jpg)
![Page 28: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/28.jpg)
![Page 29: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/29.jpg)
![Page 30: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/30.jpg)
![Page 31: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/31.jpg)
![Page 32: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/32.jpg)
“Stealing Certificates will be the Next Big Market for Hackers”
![Page 33: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/33.jpg)
Up to $980/ea400x more valuable than stolen credit card or identity #
![Page 34: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/34.jpg)
Establishing a trusted identity
![Page 35: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/35.jpg)
![Page 36: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/36.jpg)
![Page 37: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/37.jpg)
Misuse Goes Kinetic
Every business and government has the same lack of awareness and control over SSH keys
![Page 38: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/38.jpg)
Run Without An Identity
![Page 39: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/39.jpg)
SSL/TLSEncryptedTunnel
![Page 40: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/40.jpg)
“70% OF MALWARE ATTACKS WILL USE SSL BY 2020”
![Page 41: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/41.jpg)
LESS THAN 20%Of Organizations
with a FW, IPS/IDS, or UTM decrypt
SSL/TLS traffic
![Page 42: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/42.jpg)
![Page 43: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/43.jpg)
BLINDTOATTACKOneUnknownCertificate
=Encryptedtunnel
=Can’tseewhat’scoming
![Page 44: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/44.jpg)
44©2016 Venafi. Confidential – do not distribute.
Weaponizing Machine Identities
• SSH & server key theft
• Code-signing certificate theft
• MITM by CA compromise
• Targeted key & certificate theft
• Sold on Underground
• Multi-year campaigns
• SSL & SSH vulnerabilities
• Price increases on underground
• Digitally-signed malware doubles quarterly
• SSL/TLS used to hide activity
• MitM attacks
• SSH pivoting
• SSL/TLS used to bypass security
• Encrypt Everywhere grows attack surface
• SHA-1 deprecation• SHA-1 collision
succesful
ThreatscapeExpands
• 2010: Blueprint -Stuxnet and Duqu
• 2011: CAs Attacked
• 2012: Online Trust Questioned by Experts
2010-2012 Attacks Become Mainstream
2013 Advanced Campaigns
Launch
2014 Online Trust Crumbles
2015
2016-2017
Attacks Begin
![Page 45: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/45.jpg)
Preparing Your Plans
![Page 46: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/46.jpg)
Crypto-Agility
![Page 47: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/47.jpg)
Crypto-agility
![Page 48: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/48.jpg)
CA Recovery Plan
![Page 49: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/49.jpg)
Find What’s Out There
Automate Response
Set, Enforce a Policy
Good News: this can be business as usual process
![Page 50: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/50.jpg)
Venafi Maturity Roadmap for TLS/SSLRoadmap: Control of Machine Identities
Level0:
ChaosHaveunquantifiedsecurityrisk,outages,expensiveand
manualprocesses,andcompliancechallenges
Level1:
ControlBuildasecurity
foundationwithfocusonknownandtrustedkeysandcertificates
Level2:CriticalSystems
Secureandprotectallkeysandcertificateson
business-criticalinfrastructure
Level3:EnterpriseProtection
Protectandautomateallkeysandcertificates
enterprise-wideandfurtherreducecostsandextractmorebusinessvalue
Level4:MachineIdentity
ProtectionRapidlyrespondtointernalandexternalthreatsandsecurity
incidentsrelatedtokeysandcertificates
Endpoint/MobileServersVirtual MachinesCloud
![Page 51: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/51.jpg)
StartChange
![Page 52: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/52.jpg)
GOINGUNDETECTED:
HOWCYBERCRIMINALS,HACKTIVISTS,ANDNATIONSTATES
MISUSEDIGITALCERTIFICATES
KevinBocek
![Page 53: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/53.jpg)
![Page 54: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/54.jpg)
Threats of the Future
![Page 55: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/55.jpg)
![Page 56: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/56.jpg)
Taking Action
![Page 57: FIRST2017 - Bocek - Going Undetected€¦ · ©2016 Venafi . Confidential – do not distribute. 44 Weaponizing Machine Identities ... 44 Weaponizing Machine Identities • SSH &](https://reader036.vdocuments.net/reader036/viewer/2022071000/5fbcda300aebe65619258b21/html5/thumbnails/57.jpg)
57©2016Venafi.Confidential– donotdistribute.
• SSL/TLSEncryption
• WiFi &VPNAccess
• Cloud
• DevOps
• Mobility
• InternetofThings
• SSHPrivilegedAccess
KeysandCertificatesAretheFoundationof
YourSecurityInfrastructure