cl-au logo
Story image

New code-signing solution released by Venafi

30 Jul 2019

Venafi, a vendor of machine identity protection, has released Next-Gen Code Signing, a machine identity protection solution that secures code signing processes by delivering enterprise-wide visibility into all code signing operations. 

The solution provides centralised private key storage, code signing policy enforcement, and automation while reducing code signing burden on software development teams.

For decades, code signing has been used to verify the integrity of software, and nearly every organisation relies on it to confirm their code has not been corrupted with malware. 

Despite this, modern organisations often struggle to secure and protect code signing operations because they don’t have a solution that allows them to consistently enforce policies across locations, tools and processes without slowing down development teams.

“Today, every organisation is a software developer building apps, libraries, containers and other tools,” says Venafi security strategy and threat intelligence vice president Kevin Bocek.

“However, it can be very difficult to scale code signing operations. The security procedures that protect code signing are typically seen as cumbersome, and developers often ignore them. Unfortunately, this leaves security teams in the dark and it’s very advantageous for bad actors. Stolen code signing keys are powerful cyber weapons that put companies and their customers at risk. From Stuxnet to everyday malware and phishing campaigns, attacks that leverage code signing evade next-generation AV detection.”

In addition to securing enterprise code signing processes, Next-Gen Code Signing automates the management of all code signing private keys. 

Private code signing keys never leave the trusted Venafi storage platform or connected hardware security modules (HSMs). 

This new solution provides information security teams with comprehensive visibility and detailed intelligence about all aspects of code signing operations, including who signed the code and with which certificate, as well as who approved the request and when each action occurred. 

Using the intelligence gathered from code signing processes, Next-Gen Code Signing delivers compliance and audit reporting across all code signing activities.

Key benefits include:

  • Scalability that can support a few developers in one location to tens of thousands of developers distributed globally, and millions of code signing operations a week.
     
  • Automation and support for a broad range of software development processes; development teams do not need to change tools.
     
  • A central, permanent storage location for private keys so they remain protected.
     
  • Flexible, customisable policy enforcement that supports the needs of multiple software projects, including the approval of workflows, certificate types, certificate authorities, HSMs and software development tool sets.
     
  • Allows security teams to provide a code signing service that enforces policies and is transparent to developers.

“Next-Gen Code Signing lets software developers use the same code signing tools and does not require changes to their build environments,” Bocek adds.

“It provides an invisible layer of technology that keeps code signing keys safe and out of the hands of attackers. Venafi Next-Gen Code Signing gives security teams and developers an exciting way to be both fast and safe.”

Story image
VMware makes enterprise blockchain platform available
The solution provides an extensible and scalable enterprise-grade platform to unlock data silos and free up data to flow securely, privately and instantaneously.More
Story image
IT consulting services revenue to hit US$100bn mark by 2024
"Despite the negative impact of the COVID-19 outbreak, APAC might be quicker to bounce back compared to other regions owing to agile delivery and support capabilities to the global enterprises.”More
Story image
D-Link launches new router and cloud IoT management solution
The DWM-315 is a 4G LTE Cat 6 Dual SIM M2M VPN Router with EWAN and GPS and the D-ECS edge cloud management solution expands the D-Link IoT range.More
Story image
The devices that are changing the streaming game in time for Christmas
Here are some of the best products in the streaming business, used by veterans and beginners alike.More
Story image
Webinar: TLC for Kids on their usage of Nintex Drawloop DocGen
The charity is using the software to free up resources and enable its team to focus on its mission — which, simply put, is to put smiles back on sick kids’ faces. It does this through its TLC Ambulance, Rapid TLC, and distraction box programs, and its services are used over a million times each year across Australia.More
Story image
Valtatech set to be Digital Workforce's primary channel partner for APAC
“Our partnership with Digital Workforce will ensure APAC businesses have access to and can leverage the right processes, skills and technology to transform their finance and procurement functions."More