Venafi
![OpenCredo-Case Study Banner - Venafi](https://cdn.prod.website-files.com/65f178221acfb3ab01f09d6a/666c6f52982229b614843232_Venafi%20(1).png)
The Challenge
Today’s tech revolution is seeing an explosion in the number of interconnected devices which all require keys and certificates to securely communicate with one another. This presents significant challenges in managing the security of machine-to-machine communications as detailed in the Venafi machine identity crisis whitepaper.
Venafi set up the Machine Identity Protection Fund as a means to empower development organisations to find ways to address these challenges through new and innovative solutions. OpenCredo was invited to contribute to this ecosystem as one of the inaugural developer organisations.
The Solutions
Early identification of potential vulnerabilities and violations is critical. In order to do this, companies must be able to make sense of this ever-increasing volume of data and how it is connected. Building on our data engineering expertise, we developed two distinct, yet related solutions. Both solutions seek to humanise security data for Venafi’s clients by making it easier for them to acquire and use their machine identity data more intelligently. This resulted in the development and delivery of the Kafka Connector for Venafi Platform, and the data-driven Machine Identity Network Explorer Tool (MINEr).
For more detailed technical descriptions, please see our related blog - Addressing Machine Identity Challenges With Intelligent Data. (maybe)
Kafka Connector for Venafi Platform
The open source Kafka connector for the Venafi Platform provides a standard way to extract security events from the Venafi platform and make them available for further analysis and processing via Kafka. Developed as an official Confluent gold verified connector, it enables flexible intelligent real-time processing of security and machine identity data by a variety of different Kafka consumers - regardless of whether the target is a downstream SIEM, a new real-time machine learning platform or some combination thereof.
![OpenCredo-Case Study Diagram-Kafka](https://cdn.prod.website-files.com/65f178221acfb3ab01f09d6a/664731375a0c611a6658f8a3_unnamed.png)
![OpenCredo-Case Study Diagram-Venafi](https://cdn.prod.website-files.com/65f178221acfb3ab01f09d6a/664731e3915bd1f1620b070d_unnamed%20(1).png)
Machine Identity Network Explorer Tool (MINEr)
MINEr is a crypto-data analytics platform used to intuitively visualise and analyse the securely connected machines managed by the Venafi platform. With an initial focus on SSH based connections, the platform extracts core security information and events via the Venafi HTTP API. A representation of the network is generated and stored in the graph database Neo4j. This is then made available for visualisation as well as further advanced in-depth analysis and insight processing.
The web-based frontend provides an easy way to explore the network. It includes features to identify potential network risks within the organisation - for example, detecting SSH pivot paths and lateral movement scenarios.
MINEr goes beyond simple statistical analysis, it leverages innovative graph algorithms and other approaches from the field of network science to provide advanced insights. Developed to run in the cloud (initially targeting the Google Cloud Platform) or as a standalone installation behind a corporate firewall, it helps make sense of this complex connected data in a way human users can understand.
Technologies employed included Java, Kafka, Neo4j, NodeJS, Python and various GCP services.
![OpenCredo-Case Study Diagram-Venafi](https://cdn.prod.website-files.com/65f178221acfb3ab01f09d6a/664731f2ac30f6f2e4ea94d2_unnamed%20(2).png)
The Outcome
As a result of our contributions via the machine identity protection fund, we delivered:
- A fully working, open source, Confluent gold verified Venafi Kafka connector
- A crypto data analytics platform capable of:
Exploration and visualisation of the machine identity network space
Detecting and highlighting SSH based pivot paths and scenarios
Uncovering hidden patterns within the data such as detecting groups or clusters as well as identification of potential anomalies
Looking for a hands-on software delivery partner?
Book in a quick 20 minute discovery call with our consultants to discuss your specific project and objectives.
![OpenCredo-Photo-Nicki Watt & Consultants](https://cdn.prod.website-files.com/65f178221acfb3ab01f09d6a/6659cbdc589d6b97b9a66810_Data%20Eng%20CTA%20Software%20del%20partner.jpg)