{"id":3743,"date":"2024-05-23T17:21:23","date_gmt":"2024-05-23T22:21:23","guid":{"rendered":"https:\/\/www.darkreading.com\/identity-access-management-security\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal"},"modified":"2024-05-23T17:21:23","modified_gmt":"2024-05-23T22:21:23","slug":"cyberark-goes-all-in-on-machine-identity-with-venafi-deal","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/05\/23\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal\/","title":{"rendered":"CyberArk Goes All In on Machine Identity with Venafi Deal"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

Identity-based attacks aren’t just limited to breached credentials of people with rights to sensitive information or privileged access to critical systems. Machine identities are increasingly being targeted in attacks, and organizations need to expand their defenses to include both user and machine identity.<\/span><\/p>\n

Identity security and access management company CyberArk’s announcement it is spending <\/span>$1.54 billion to acquire Venafi<\/a><\/span> from private equity firm Thoma Bravo reflects the shift to protect machine identities. CyberArk over the past few years has added machine identity management capabilities via Secrets Manager and Secrets Hub to its privilege access management (PAM) platform and identity and access management (IAM) tools. Venafi specializes in machine identity management, and will allow CyberArk to expand its capabilities once the deal closes in the second half of 2024.  <\/span><\/p>\n

Analysts say CyberArk has zeroed in on machine identity security more aggressively than other established identity providers among the significant providers of IAM and PAM platforms. “Machine identities haven’t been an area of focus for [most IAM] vendors,” says TechVision Research CEO Gary Rowe.<\/span><\/p>\n

Machine Identity Management Heats Up<\/h2>\n

Several security companies have already made this shift. <\/span>Ping Identity merged with ForgeRock<\/a><\/span> last fall. Providers of certificate lifecycle management platforms have also added machine identity security capabilities, including AppViewX, Keyfactor and HashiCorp, which IBM recently <\/span>agreed to acquire<\/a><\/span> for $6.4 billion. <\/span><\/p>\n

Numerous smaller players and startups have also surfaced with machine identity offerings. For example, startup Token Security <\/span>launched<\/a><\/span> a machine centric IAM platform earlier this month on the heels of receiving $7 million in seed funding from TLV Partners, SNR, and angel investors. Also, in February 2024, Entro <\/span>extended<\/a><\/span> its machine secrets and identity protection with a machine identity lifecycle management offering. <\/span><\/p>\n

Forrester principal analyst Geoff Cairns says other startups with machine identity management offerings include Aembit, Astrix and Natoma. “We’ve been seeing a growing number of machine identity management startups recently, while established PAM vendors have mainly been approaching machine identity management from a DevOps-secrets management standpoint,” Cairns says. <\/span><\/p>\n

Secrets Hub With Certificate Lifecycle Management<\/h2>\n

Indeed, that was the case for CyberArk, whose secrets management offerings protect, discover, secure, and manage the secrets machines use to access data, infrastructure and systems. Yet, that only covers some of the potential machine identities that organizations manage. <\/span><\/p>\n

“We’re focused there, but that’s only a sliver of the extensive and very long-tailed set of non-human identities,” Clarence Hinton, CyberArk’s chief strategy officer, tells Dark Reading. Hinton explains that adding Venafi will let CyberArk expand its ability to manage and protect other machine identity types with Venafi’s certificate lifecycle management platform. <\/span><\/p>\n

“They have a massive, powerful certificate discovery engine that defines certificates throughout your estate,” he says. <\/span><\/p>\n

Specifically, Venafi’s platform encrypts and locks down the certificates and ensures that any outdated, obsolete, or unused ones are destroyed. Also, Venifi keeps the rest of the certificates up to date, which includes automatically renewing them before they expire, Hinton says. “If you don’t renew an inactive and needed certificate, obviously you will have downtime that can be tremendously expensive,” he emphasizes. <\/span><\/p>\n

After the deal closes, CyberArk plans to integrate its secrets management offerings with Venafi’s control plane. In addition to certificate lifecycle management, the Venafi control plane offers cloud-based PKI, identity management of IoT nodes and cryptographic code signing. The Venafi control plane secures machine identity types by orchestrating cryptographic keys and digital certificates using machine-to-machine communications. <\/span><\/p>\n

“We will deliver an end-to-end machine identity security platform at enterprise scale,” CyberArk CEO Matt Cohen said during the investor call announcing the deal. “We are confident this acquisition will help us set a new standard for machine identity security.”<\/span><\/p>\n

More Machine Identities Than Human<\/h2>\n

Cohen emphasized the growth of machine identities in the past two to three years, noting that large organizations can have 40 machine identities for every human identity. “The threat landscape has increased at such a quick vector, where machine identities are actually a target in the attack landscape–actually a significant target and a cause of several of the most recent, most prominent breaches.”<\/span><\/p>\n

The number of machine identities is expected to accelerate as companies expand their digital transformation efforts replacing legacy software with microservices, and they deploy IoT-based applications, In the next 12 months, CyberArk is forecasting a 2.4x rise in machine identities, based on a survey of 2,400 security leaders polled for the company’s 2024 Identity Security Threat Landscape.  <\/span><\/p>\n

According to the report released this week, 68% noted that up to half of all machine identities have access to sensitive data, compared with 64% claiming that half of the human identities have that access. <\/span><\/p>\n

CyberArk’s acquisition of Venafi underscores the growth of machine identities and the challenges that will put on large organizations, which require resilient operations and agile environments for developers, according to Forrester’s Cairns. “Longer term,” Cairns says, “it should enable organizations to take a more cohesive approach to identity security\u2014across a diverse set of both human and machine use cases\u2014with a single platform.”<\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Identity-based attacks aren’t just limited to breached credentials of people<\/p>\n","protected":false},"author":12,"featured_media":3744,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-3743","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?fit=2560%2C1491&ssl=1",2560,1491,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?fit=300%2C175&ssl=1",300,175,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?fit=640%2C373&ssl=1",640,373,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?fit=640%2C373&ssl=1",640,373,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?fit=1536%2C895&ssl=1",1536,895,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?fit=2048%2C1193&ssl=1",2048,1193,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?fit=1024%2C596&ssl=1",1024,596,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/05\/cyberark-goes-all-in-on-machine-identity-with-venafi-deal-scaled.jpg?fit=2560%2C1491&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=3743"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/3743\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/3744"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=3743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=3743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=3743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}