SOURCE: Venafi


February 19, 2014 08:00 ET

Venafi Helps Enterprises Combat Rise in Attacks on Trust Using SSH

New Innovations in Venafi TrustAuthority™ and Venafi TrustForce™ Protect SSH Keys With Enforced Policy, Anomaly Detection, and Automated Response and Remediation

SALT LAKE CITY, UT--(Marketwired - Feb 19, 2014) - Venafi, the leading provider of Next-Generation Trust Protection, today unveiled powerful new cybersecurity defenses to help enterprises fight the rise in attacks using Secure Shell (SSH). New research released by the Ponemon Institute shows that 3 out of 4 Global 2000 organizations have no security system for SSH, leaving the door open for rogue, root-level access and data compromises.

Venafi TrustAuthority SSH identifies and protects all SSH cryptographic keys across networks, virtualized data centers, and in the cloud. TrustAuthority establishes a known good state, continuously monitors, and detects anomalous activity. Venafi TrustForce SSH provides automated security to remediate vulnerabilities and anomalies identified by TrustAuthority. With TrustForce, SSH keys are automatically generated and replaced, and authorized key lists are synchronized across thousands of distributed systems. According to new research, nearly half of all enterprises never rotate or change SSH keys. This makes their networks, servers, and cloud systems owned by the malicious actors in perpetuity when SSH keys are stolen, as demonstrated with the recent The Mask operation and other cyberattacks.

Tweet this: @Venafi defending enterprises from rise in attacks using #SSH keys for rogue root access #Security #TheMask

"Cybercriminals are known to steal SSH keys or manipulate which keys are trusted to gain access to source code and other valuable intellectual property," explained Forrester Consulting. "Advanced threat detection provides an important layer of protection but is not a substitute for securing keys and certificates that can provide an attacker trusted status that evades detection" (July 2013 commissioned study entitled "Attacks on Trust: The Cybercriminal's New Weapon," conducted by Forrester Consulting on behalf of Venafi).

These new innovations expand Venafi's industry leadership in securing and protecting any key, any certificate, anywhere. With this announcement, Venafi is also introducing the Venafi Trust Protection Platform™, the next generation security platform that replaces Venafi Director. Built on the Trust Protection Platform, TrustAuthority and TrustForce are the only security systems to protect SSL keys and certificates, SSH keys, and mobile device and application certificates. TrustAuthority and TrustForce are the first, new products built on the Trust Protection Platform and replace Venafi's previous products: Server Certificate Manager, SSH Key Manager, and Mobile Certificate Manager.

Tweet this: @Venafi rolls out Trust Protection Platform w/ #TrustAuthority & #TrustForce to secure #SSL, #SSH & mobile keys/certs

As part of the platform, TrustAuthority and TrustForce work together to protect keys and certificates, detect anomalies, and respond and remediate quickly:

  • Venafi TrustAuthority SSH Identifies all SSH keys to build a comprehensive inventory for SSH keys deployed on global IT networks via agentless and agent-based technology, maps trust between systems and users, detects SSH keys that do not meet corporate standards, and reports and escalates on any key anomalies detected.

  • Venafi TrustForce SSH Automates policy enforcement for authorized key configuration files and access control, detects any event resulting from an anomaly, and responds with rapid remediation to rotate and replace SSH keys and authorized key lists.

Tweet this: @Venafi identifies all #SSH keys, detects anomalies, & responds automatically to remediate w/ key replacement

Cryptographic keys and certificates establish online trust for payments and transactions, data storage and access, mobile devices and applications, and even sensitive systems such as air traffic control and smart-grid technologies. However, criminals have learned to take advantage of the dependence and blind trust that organizations have placed in keys and certificates. Since Stuxnet was detected, misuse of keys and certificates has grown astronomically, at a rate of 1,600 percent year-over-year according to Intel Security Labs: McAfee 2013 Threats Report.

Venafi research identified that Edward Snowden breached the NSA by using unprotected SSH keys and certificates. Reported first in USA Today, Venafi's research on Snowden's use of keys and certificates has been further corroborated by NSA memos as reported by MSNBC and BBC. Not surprisingly, Ponemon Institute found that 100% of all enterprises surveyed had been attacked over the last two years using rogue keys and certificates, which included SSH keys.

"The safety, security, and privacy of ecommerce, the cloud, and mobile devices and users all depend on securing the trust established by cryptographic keys and digital certificates. Today's cybercriminals always look for the weakest link in security defenses, and have discovered the blind dependence, lack of threat awareness, and inability to respond to attacks on trust in every business and government worldwide," said Jeff Hudson, CEO, Venafi. "Venafi is the only cybersecurity defense standing between businesses and governments and cybercriminals attacking SSH keys, SSL keys and certificates, and mobile device and app certificates. Organizations must fight back. Venafi TrustAuthority and Venafi TrustForce are the only defenses to secure and protect keys and certificates with a single platform."

The new cybersecurity defenses for SSH in TrustAuthority and TrustForce, will be available to customers later in Q1 of this year. For more information please visit

Existing Venafi Director customers are eligible for the Trust Protection Platform that replaces Venafi Director. For more information, Venafi customers should contact their Venafi account executive directly.

To get the latest news and information about Venafi:

Visit the blog at
Follow us on Twitter: @Venafi
Follow us on LinkedIn:
Follow us on Google+:
Like us on Facebook:

About Venafi
Venafi is the market leading cybersecurity company in Next-Generation Trust Protection (NGTP). Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. As part of an enterprise infrastructure protection strategy, Venafi Director prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity and increased threats, and remediates errors and attacks by automatically replacing keys and certificates. Venafi Threat Center provides research and threat intelligence for trust-based attacks. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit