Venafi, the inventor and leading provider of machine identity management, today released its predictions for the cybersecurity landscape in 2023, indicating that this will be one the most challenging years yet for the cybersecurity industry.
“With economic uncertainty casting a heavy shadow across the globe, the geopolitical landscape the most unstable it’s been in decades and cloud migration marching on relentlessly, cybersecurity has never been more important. This will present unprecedented challenges for security teams in 2023,” comments Kevin Bocek, VP of security strategy and threat intelligence at Venafi.
The predictions include insights from Bocek; Matt Barker, president of cloud native solutions; Yana Blachman, threat intelligence specialist; Sitaram Iyer, senior director of cloud native solutions; and Pratik Savla, lead security engineer, on the year ahead. Highlights include:
- “The ransomware cash cow may stop mooing in 2023, forcing hackers to pivot to other revenue generators – like selling stolen machine identities. We’ve already seen a high price for code signing machine identities on dark web markets, and groups like Lapsus$ regularly use them to launch devastating attacks. Their value will only increase this coming year.” – Kevin Bocek
- “In 2023, we will see continued efforts to manage the risk posed by software supply chain attacks, with more start-ups and open source tools – like cosign and sigstore – designed to help in this area. Biden’s SBOM initiative has helped bring attention to the requirement, with The OpenSSF leading the charge. As a result, we expect to see some positive movement in this space.” – Matt Barker
- “Russian cyberattacks will aim to disrupt the West’s greatest asset – their economies – as Russia is excluded from the international finance community. Cyber-enabled economic warfare will be crucial to Russia’s geopolitical strategy, with the aim of either generating revenue or disrupting rival economies. We’ve already started to see this with recent attacks on the US Treasury.” – Yana Blachman
- “Nation state attacks will become more feral as ground war tactics become more untamed and unpredictable, bringing the cyber and physical worlds into a collision course. These will have the potential to spill over into other nations, as Russia becomes more daring, trying to win the war by any means – and could be used as a distraction to target other nations with cyberattacks.” – Kevin Bocek
- “The rise of the platform engineering team will be one of the big trends of 2023. Cloud Native reimagines how companies think about building and operating infrastructure; they require a totally new team to build and support it. Platform engineering teams will build on the learnings of DevOps culture, encompassing every persona needed to build and run IT infrastructure – including Dev, Security and Operations.” – Matt Barker
- “As we build our knowledge of cloud risk, we’ll start to uncover breaches we knew nothing about. We’ll find that threat actors are ahead of the curve and have already infiltrated cloud networks – perhaps weeks, months or even years ago.” – Yana Blachman
- “There will be more failed audits in regulated industries as multi-cloud, multi-cluster complexity causes companies to breach compliance requirements. The increased volume of machine identities in cloud native environments will make compliance with regulations on machine identity management a real challenge. If this process isn’t automated via a control plane, failed audits will become commonplace.” – Sitaram Iyer
- “With cloud costs predicted to rise by as much as a third in the coming year, we will see an increased focus on FinOps – i.e., financial operations – a management practice to promote shared responsibility for an organization’s cloud computing infrastructure and costs. How FinOps is implemented in Cloud Native and which tools you should use to help manage it, including security solutions, will come into sharp focus in 2023.” – Matt Barker
- “In 2023, API security will rise to the top as one of the biggest concerns and priorities for enterprises as organizations increasingly move to an API-first software development approach. This exponential adoption of APIs will exacerbate security concerns, with the potential to cause significant security breaches.” – Pratik Savla
- “As recession bites, we expect to see more everyday people turning to cybercrime as a source of income in 2023. Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) will rise, as they enable people that don’t have technical skills to launch attacks.” – Yana Blachman
Venafi Announces TLS Protect For Kubernetes
Posted in Commentary with tags Venafi on January 24, 2023 by itnerdVenafi, the inventor and leading provider of machine identity management, today introduced TLS Protect for Kubernetes. As part of the Venafi Control Plane for machine identities, TLS Protect for Kubernetes enables security and platform teams to easily and securely manage cloud native machine identities, such as TLS, mTLS and SPIFFE, across all of an enterprise’s multi-cloud and multi-cluster Kubernetes environments. By delivering increased visibility, control and automation over machine identity management within more complex cloud native infrastructures, it helps enterprises improve application reliability and reduce development and operational costs.
Built with a fully supported version of the cert-manager open source project – the de facto cloud native solution designed by Jetstack, a Venafi company, for developers to automate TLS and mTLS certificate issuance and renewal – TLS Protect for Kubernetes provides in-cluster observability to identify and remediate security risks stemming from poorly configured certificates, as well as offers options for security controls over certificate issuance to meet the security team policy for enforcing trust. It also includes a management interface that provides full visibility of public trusted certificates for ingress TLS, as well as private certificates for inter-service mTLS for pod-to-pod and service mesh use cases. By building a detailed view of the enterprise security posture across multiple clusters and cloud platforms, including certificates that have been manually created by developers, it proactively identifies operational issues that help platform teams maintain cluster integrity and prevent outages.
Features in TLS Protect for Kubernetes include:
TLS Protect for Kubernetes is generally available today to all customers. To learn more about the new product, please visit https://venafi.com/tls-protect-for-kubernetes/ or join the upcoming “Using Venafi for policy and control of certificate lifecycle management in Kubernetes” webinar on February 23 at 8:00am PST/11:00am EST/4:00pm GMT. Register for the webinar at https://trust.venafi.com/automate-certificate-policy-in-kubernetes/.
Leave a comment »