SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Venafi launches solution to combat software supply chain attacks
Fri, 26th Jan 2024

Venafi, an expert in machine identity management, has launched the Stop Unauthorized Code Solution to strengthen enterprise security against software supply chain attacks. The innovative solution is designed to help security teams prevent unauthorised code in any operating system.

The solution uses Venafi's CodeSign Protect product, its expert security team, and a wide-ranging technology ecosystem which reduces a company's attack surface, blocks potential malware, and minimises security breaches through improved application control.

Shivajee Samdarshi, chief product officer at Venafi, outlined the growing threats businesses face. "Modern software development often brings increasingly complex security threats, with unauthorised code and malicious software emerging as a favored attack vector for cybercriminals today. In fact, in a recent Venafi research study, 70% of security leaders reported that software supply chain attacks are their biggest security blind spot."

The Stop Unauthorized Code Solution by Venafi aims to tackle this challenge, stopping unauthorised code in its tracks and hardening systems and networks.

The integrated solution provides security teams and administrators with control over their code signing trust chain across all environments - from modern, cloud-native platforms such as Kubernetes to Windows, Linux, Apple, and Android-based environments.

The solution verifies the software's origin and checks for unauthorised modifications, allowing only authorised code to run and blocking unauthorised code throughout the enterprise.

Venafi's solution also offers a robust secure code signing process, dynamic certificate-based application control, certificate verification, and unauthorised code blocking. It enables security teams to automate and secure the entire code signing lifecycle, reduce development team's workload, and improve compliance and security.

Only authentic and unaltered software is allowed to execute, and all unauthorised code is blocked. It also provides comprehensive, ongoing support and guidance from Venafi’s trusted team of security experts to help organisations tailor the solution to their needs, including configuring and optimising third-party technology integrations.

Highlighting the faith in the new Venafi solution, Shawn Irving, CISO and VP of Infrastructure & Security at Ferguson said, "As part of Ferguson's ongoing efforts to build and improve our DevSecOps tools and automation, we are beginning an initiative with Venafi to partner on integration of its Stop Unauthorized Code Solution for its end-to-end capabilities for Kubernetes container signing, signature verification, policy configuration and enforcement, and runtime verification to prevent the execution of unsigned or tampered images."

Irving, who has used other Venafi offerings in previous organisations, showed confidence in the new addition's potential to bolster Ferguson's efforts against software supply chain threats.

The Venafi Stop Unauthorized Code Solution is available from today for those organisations seeking to secure their digital infrastructure against the increasing threat from unauthorised code and software supply chain attacks.