Month: November 2017

From VPN to email to cloud and now IoT, digital transformation has ushered in powerful new applications for PKI. The results of Thales third annual 2017 PKI Global Trends Report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals the Internet of Things (IoT) is playing an increasingly important role in influencing public key infrastructure (PKI) planning and usage. PKIs, widely used for authentication, digital signing, and encryption, are considered a core service supporting many different use cases and applications. While a majority (54 percent) of respondents believe cloud-based services is the most important trend driving the deployment of applications using PKI, 40 percent also cited the IoT – a number that has doubled in the past three years. The findings, which reflect the responses of over 1,500 IT security practitioners worldwide, paint a picture of technological evolution and some uncertainty, but also opportunity: In the next 2 years, almost half (43%) of IoT devices will use digital certificates for authentication. 43% of respondents believe PKI deployments supporting the IoT will be a combination of cloud-based and enterprise-based PKIs – a number that reflects the scale of the IoT and resulting scale of PKIs issuing certificates for it. Over one-third of respondents (36%) cite new applications like the IoT as the fastest growing area of PKI evolution (a number that has almost tripled since 2015). On average, PKIs support more than 8 different applications within a business; SSL tops the list, followed by VPNs, public cloud apps, and device authentication. Almost two-thirds of organizations now report having a PKI and 36% of respondents use hardware security modules (HSMs) to protect their PKI Dr. Larry Ponemon, Chairman and Founder of The Ponemon Institute said, “Last year, we underscored that it is hugely important PKIs be future proofed – and we still stand by that recommendation. Not only are PKIs a core enterprise asset, but they are playing an increasingly important role supporting certificate issuance needs for cloud applications and the IoT. Smart organizations have determined that successful IoT deployment rests on trust being established from the beginning, and they’re leaning on their PKI as one component for building that trust.” PKI is an established technology which is well-positioned to address growing authentication needs and challenges as we embrace cloud applications and the IoT. While the sheer number and types of IoT devices pose security and interoperability challenges, authentication is a critical building block in transforming trust from an IoT barrier to an IoT enabler. One way a root of trust can be accomplished is through HSMs, which are high-assurance sources of credentials for both IoT and non-IoT applications. In the years to come, we expect to see even more HSM deployment and other indicators of higher PKI security maturity to help underpin the digital transformation of enterprises – John Grimm Senior Director Security Strategy, Thales e-Security  

CyberArk that protects organizations from cyber attacks across the enterprise, into the cloud and throughout the DevOps pipeline, has associated with Puppet as an advanced technology partner. They are working together to create supported modules that provide automated, enterprise-grade protection of secrets and are seamlessly integrated with Puppet’s configuration automation, enabling secure, high-velocity DevOps  workflows. In dynamic DevOps environments, tools, scripts and applications/ services are constantly being created, used and disabled. Each step requires secrets, including SSH/ API keys, passwords and certificates, which regularly go unchanged or revoked, or may not be available for a range of reasons, making the application unable to run or run properly. Because these accounts provide access to sensitive resources, they are a prime target for an external attacker or malicious insider to facilitate enterprise-wide cyber attacks. CyberArk Conjur is the only platform-independent secrets management solution that allows organizations to integrate secrets management and machine identity security into their projects with minimal effort. It is specifically architected for containerized environments and can be deployed on premises or to any cloud at massive scale. “This integration balances security and productivity by allowing Puppet users to continue to work within the familiar Puppet interface to secure and manage secrets used by Puppet Masters, nodes and users,” said Tim Zonca, Vice President of Business Development, Puppet, “The integrated solution provides security with a strong authentication mechanism for machines before granting secrets, as well as implementing least privilege for nodes.” CyberArk Conjur allows DevOps teams to integrate security best practices into their cloud-native application development projects with ease, while giving security teams assurance that security and compliance best practices are being applied to these dynamic environments, without creating new security silos. “The CyberArk Conjur module for Puppet is designed with both DevOps users and security teams in mind. It provides visibility and flexibility for Puppet secrets workflows and users can view and manage host accounts maintained by Puppet,” said Adam Bosnian, Executive Vice President, Global Business Development, CyberArk, “The integration with Puppet furthers CyberArk’s commitment to automating secrets protection and makes it easier for organizations to recognize the benefits of using Puppet to improve productivity without changing the way developers work.” As part of this integration, Puppet is also joining the CyberArk global technology partner program that brings together enterprise software, IT security and service providers to build on the power of privileged account security to better protect customers from cyber threats across multi-platform environments. CyberArk recently joined Puppet’s Technology Alliance Partner Program (TAPP).

The result of the merger of Oberthur Technologies (OT) and Safran Identity & Security (Morpho), the OT-Morpho group recently became IDEMIA. The group’s ambition is to empower citizens and consumers to interact, pay, connect, travel and even vote securely while taking advantage of the opportunities of an increasingly connected world. At an event that brought together nearly 2,000 guests at the Seine musicale (an iconic cultural venue in the west of Paris, France), Didier Lamouche, Chairman CEO of OT-Morpho, officially renamed the group IDEMIA. In a world directly impacted by the exponential growth of connected objects, the increasing globalisation of exchanges, the digitalisation of the economy and the consumerisation of technology, IDEMIA stands as the new leader in trusted identities placing ‘Augmented Identity’ at the heart of its actions. As an expression of this innovative strategy, the group has been renamed IDEMIA in reference to powerful terms – Identity, Idea and the Latin word idem, reflecting its mission to guarantee everyone a safer world thanks to its expertise in trusted identities. This event furthermore provided an opportunity to discover all of the group’s latest innovations. These include the automated air passenger boarding process, the new generation biometric payment card, and embedded security systems to equip the connected cars of tomorrow. Supported by a workforce of 14,000 employees from all over the world, including 2,000 in the Research and Development department, IDEMIA is the result of the merger between OT and Morpho completed 31 May 2017. Today a leading player in the identification and authentication sector, the group serves clients in 180 countries and provides services to five main customer segments – financial institutions, mobile operators, connected objects, citizen identity, and public security. “Our future will be built through innovation and disruption which will revolutionise our daily lives. Our vision when we merged OT and Morpho was to build a new offer capable of revisiting the world of digital security. And this is what the creation of IDEMIA has achieved. Thanks to our talented people and the solutions they invent, citizens and consumers can now connect, interact, exchange, pay, travel or even vote in total confidence, drawing on the benefits of a connected world,” explained Didier Lamouche, CEO of IDEMIA, “The accomplishment of this promise is what we call Augmented Identity. It is about using the biometric characteristics of each person as a unique signature of individual identity, thus facilitating exchanges. It fosters confidentiality and trust and guarantees secure, authenticated and verifiable transactions. This is a decisive step towards a more frictionless, safer world.”

Senstar announced the beginning of a transition period to bring Aimetis under the Senstar brand. Senstar acquired Aimetis in April 2016. Since that time the two companies have worked in parallel to continue to provide market-leading PIDS and VMS solutions, but over the coming months, Senstar and Aimetis will become one company, resulting in reduced complexity, improved performance, and unified support. “Bringing together the PIDS expertise of Senstar with the VMS and analytics knowledge of Aimetis enables us to offer an unrivaled range of innovative security solutions and world-class support,” said Senstar President Brian Rich, “Throughout the transition period we are committed to ensuring as little disruption as possible to our business. Our customers and partners can expect the same accessible, responsive and flexible sales and support they have always relied on, and to be well-informed regarding any changes that may affect them.” The combination of PIDS and VMS addresses a growing trend in the security industry to reduce complexity by enabling customers and partners to source comprehensive security solutions from a single provider, resulting in reduced costs and greater accountability. Senstar also introduces the integration of its Network Manager alarm reporting system and Symphony VMS (formerly Aimetis). Network Manager is a software gateway that allows communication with a wide array of Senstar sensors, including FlexZone®, FiberPatrol®, OmniTrax®, and UltraWave™. Symphony, the new benchmark for intelligent video management, is an ideal software solution for recording, monitoring and analyzing video from both single server installations and multi-server deployments. The integration enables Symphony to receive the full range of alarm and status information from Senstar sensors via an IP connection. For each sensor alarm the full range of Symphony’s security responses can be initiated, including commanding camera actions and providing visual and audio alerts.

Palo Alto Networks® Cloud Access Security Broker (CASB) offering, Aperture™ SaaS security service, now provides application protections for several Amazon Web Services (AWS) solutions, including Amazon Elastic Compute Cloud (Amazon EC2), AWS Identity and Access Management (IAM) and Amazon Simple Storage Service (Amazon S3). The new protections address sensitive data loss, enable monitoring for risky or suspicious administrator behavior, and provide additional protection against security misconfigurations and malware propagation. When combined with the preventive capabilities of the Palo Alto Networks Next-Generation Security Platform, these advancements will enable organizations to achieve even more protection for AWS, as well as address critical cloud security needs to deliver the most complete application and data security for cloud environments. Additionally, Aperture support for Office 365 and Google applications has been enhanced to include cloud-based email services and G Suite Marketplace applications. Data and applications reside everywhere – on the network, on endpoints, and in the cloud. As part of the migration to the cloud, many enterprises are adopting a multi-cloud strategy that includes storing large amounts of business-critical data within cloud environments, which requires advanced protections that complement basic native cloud offering controls to achieve comprehensive and consistent security. Palo Alto Networks Aperture controls enterprise SaaS applications and associated data by examining and controlling how data is shared, all without impacting user experience or changes to network infrastructure. If a policy violation occurs, Aperture enables quick enforcement of security policies to quarantine folders and data while immediately alerting security teams of suspicious behavior. “Our Aperture service secures business-critical data residing within today’s most important cloud-based enterprise SaaS applications. With extensive capabilities across our security platform and our latest application protections for Amazon Web Services, our customers benefit from complete visibility and granular control, instant classification, and enforcement across users, folders, and file activities, enabling them to prevent cyber breaches and protect their data no matter where it resides,” said Lee Klarich, Executive Vice President, Product Management, Palo Alto Networks.