CASE STUDY
Venafi is a cyber security firm which develops software to secure and protect cryptographic keys and digital certificates. This includes security assets such as SSL certificates and SSH keys used to authorise and control machine-to-machine connections and communications. The Venafi platform targets enterprises in the Global 5000 looking to manage these security assets at scale – including many companies in finance and other highly regulated industries.
Make it easier to acquire, analyse and visualise key cyber security events related to machine identity protection.
Today’s tech revolution is seeing an explosion in the number of interconnected devices which all require keys and certificates to securely communicate with one another. This presents significant challenges in managing the security of machine-to-machine communications as detailed in the Venafi machine identity crisis whitepaper.
Venafi setup the Machine Identity Protection Fund as a means to empower development organisations to find ways to address these challenges through new and innovative solutions. OpenCredo was invited to contribute to this ecosystem as one of the inaugural developer organizations.
Two data driven solutions contributed to the Venafi Ecosystem.
Early identification of potential vulnerabilities and violations is critical. In order to do this, companies must be able to make sense of this ever-increasing volume of data and how it is connected. Building on our data engineering expertise, we developed two distinct, yet related solutions. Both solutions seek to humanise security data for Venafi’s clients by making it easier for them to acquire and use their machine identity data more intelligently. This resulted in the development and delivery of the Kafka Connector for Venafi Platform, and the data-driven Machine Identity Network Explorer Tool (MINEr).
The open source Kafka connector for the Venafi Platform provides a standard way to extract security events from the Venafi platform and make them available for further analysis and processing via Kafka. Developed as an official Confluent gold verified connector, it enables flexible intelligent real-time processing of security and machine identity data by a variety of different Kafka consumers – regardless of whether the target is a downstream SIEM, a new real-time machine learning platform or some combination thereof.
MINEr is a crypto-data analytics platform used to intuitively visualize and analyze the securely connected machines managed by the Venafi platform. With an initial focus on SSH based connections, the platform extracts core security information and events via the Venafi HTTP API. A representation of the network is generated and stored in the graph database Neo4j. This is then made available for visualisation as well as further advanced in-depth analysis and insight processing.
The web-based frontend provides an easy way to explore the network. It includes features to identify potential network risks within the organisation – for example, detecting SSH pivot paths and lateral movement scenarios.
MINEr goes beyond simple statistical analysis, it leverages innovative graph algorithms and other approaches from the field of network science to provide advanced insights. Developed to run in the cloud (initially targeting the Google Cloud Platform) or as a standalone installation behind a corporate firewall, it helps make sense of this complex connected data in a way human users can understand.
Technologies employed included Java, Kafka, Neo4j, NodeJS, Python and various GCP services.
As a result of our contributions via the machine identity protection fund, we delivered:
Also available via the Venafi Technology Marketplace
