Venafi

Venafi is a cyber security firm which develops software to secure and protect cryptographic keys and digital certificates. This includes security assets such as SSL certificates and SSH keys used to authorise and control machine-to-machine connections and communications. The Venafi platform targets enterprises in the Global 5000 looking to manage these security assets at scale - including many companies in finance and other highly regulated industries. 
Data engineering
Kafka
Neo4j
Industry
Cyber Security Management
Project Type
Data Solutions
Technologies
Java, Kafka, Neo4j, NodeJS, Python
OpenCredo-Case Study Banner - Venafi

The Challenge

Today’s tech revolution is seeing an explosion in the number of interconnected devices which all require keys and certificates to securely communicate with one another. This presents significant challenges in managing the security of machine-to-machine communications as detailed in the Venafi machine identity crisis whitepaper.

Venafi set up the Machine Identity Protection Fund as a means to empower development organisations to find ways to address these challenges through new and innovative solutions. OpenCredo was invited to contribute to this ecosystem as one of the inaugural developer organisations.

The Solutions

Early identification of potential vulnerabilities and violations is critical. In order to do this, companies must be able to make sense of this ever-increasing volume of data and how it is connected. Building on our data engineering expertise, we developed two distinct, yet related solutions. Both solutions seek to humanise security data for Venafi’s clients by making it easier for them to acquire and use their machine identity data more intelligently. This resulted in the development and delivery of the Kafka Connector for Venafi Platform, and the data-driven Machine Identity Network Explorer Tool (MINEr). 

For more detailed technical descriptions, please see our related blog - Addressing Machine Identity Challenges With Intelligent Data. (maybe) 

Kafka Connector for Venafi Platform

The open source Kafka connector for the Venafi Platform provides a standard way to extract security events from the Venafi platform and make them available for further analysis and processing via Kafka. Developed as an official Confluent gold verified connector, it enables flexible intelligent real-time processing of security and machine identity data by a variety of different Kafka consumers - regardless of whether the target is a downstream SIEM, a new real-time machine learning platform or some combination thereof.

OpenCredo-Case Study Diagram-Kafka
OpenCredo-Case Study Diagram-Venafi
Machine Identity Network Explorer Tool (MINEr)

MINEr is a crypto-data analytics platform used to intuitively visualise and analyse the securely connected machines managed by the Venafi platform. With an initial focus on SSH based connections, the platform extracts core security information and events via the Venafi HTTP API. A representation of the network is generated and stored in the graph database Neo4j. This is then made available for visualisation as well as further advanced in-depth analysis and insight processing. 

The web-based frontend provides an easy way to explore the network. It includes features to identify potential network risks within the organisation - for example, detecting SSH pivot paths and lateral movement scenarios. 

MINEr goes beyond simple statistical analysis, it leverages innovative graph algorithms and other approaches from the field of network science to provide advanced insights. Developed to run in the cloud (initially targeting the Google Cloud Platform) or as a standalone installation behind a corporate firewall, it helps make sense of this complex connected data in a way human users can understand. 

Technologies employed included Java, Kafka, Neo4j, NodeJS, Python and various GCP services. 

OpenCredo-Case Study Diagram-Venafi

The Outcome

As a result of our contributions via the machine identity protection fund, we delivered:

- A fully working, open source, Confluent gold verified Venafi Kafka connector
- A crypto data analytics platform capable of:

OpenCredo-Icon-bright coral

Exploration and visualisation of the machine identity network space

OpenCredo-Icon-Check green

Detecting and highlighting SSH based pivot paths and scenarios

OpenCredo-Icon-Check purple

Uncovering hidden patterns within the data such as detecting groups or clusters as well as identification of potential anomalies

OpenCredo-Case Study Banner: Livy Ai
"OpenCredo's collaboration was transformative for Livy AI. Their creative vision, engineering excellence, and seamless communication elevated our project, making them the ideal partner for turning innovative ideas into reality. "

Jonathan Browne

Founder & CEO

OpenCredo-Case Study Banner: National Journal
"OpenCredo helped us integrate that data, seamlessly flow it into our data visualization tool, and deal with a massive amount of data duplication issues. The experience of working with OpenCredo couldn’t have been better – they were highly professional, organized, and supremely competent in delivering this work to us.”.

Luke Hartig

Executive Director

OpenCredo-Case Study Banner: Sedex
"Since we’re a data platform provider, it’s essential we are perceived as best in class for CSR and compliance. Average would never be good enough. We wanted to move to the next level and offer Big Data services."

José Copovi-King

Director of Products & Services

Looking for a hands-on software delivery partner?

Book in a quick 20 minute discovery call with our consultants to discuss your specific project and objectives.

Book now
OpenCredo-Photo-Nicki Watt & Consultants