Venafi launches Stop Unauthorized Code Solution

By leveraging the combined power of Venafi’s CodeSign Protect product, trusted team of security experts and expansive technology ecosystem, the end-to-end solution enables organizations to significantly reduce their attack surface, prevent potential malware and cyber attacks, and minimize security breaches through improved application control.

"Modern software development often brings increasingly complex security threats, with unauthorized code and malicious software emerging as a favored attack vector for cybercriminals today. In fact, in a recent Venafi research study, 70% of security leaders reported that software supply chain attacks are their biggest security blind spot," said Shivajee Samdarshi, chief product officer at Venafi. “Unauthorized code can introduce significant security risk into any organization, with major business implications. Venafi’s industry-first Stop Unauthorized Code Solution helps security teams tackle this growing challenge by stopping unauthorized code in its tracks, effectively hardening systems and networks.”

The integrated, end-to-end solution enables security teams and administrators to maintain their code signing trust chain across all environments – from modern, cloud native environments such as Kubernetes to environments such as Windows, Linux, Apple and Android. It gives teams strict control over code use and execution by verifying that software originates from an approved source and has not been altered. Coupled with stringent execution policy controls, the solution permits only authorized code to run and blocks any unauthorized code throughout the enterprise.

Venafi’s Stop Unauthorized Code Solution features:

Secure Code Signing Process – Security teams can automate and secure the entire code signing lifecycle while also reducing the burden on development teams. Code is signed using private digital certificates or those issued by trusted Certificate Authorities.

Dynamic Certificate-Based Application Control – A dynamic, certificate-based approach to application control minimizes the burden on security teams while improving compliance and security. Teams have ultimate flexibility to maintain this list through their operating system or existing security solutions – such as endpoint protection platforms or intrusion prevention systems – which have built-in capabilities to manage certificate-based allowlists.

Certificate Verification – Before code can execute, the organization’s security solution is configured to check the digital signature against trusted code signing certificates. The integrated solution permits only authentic and unaltered software to be executed.

Unauthorized Code Blocking – To prevent unauthorized software from running, the solution blocks code if it does not use valid, trusted code signing certificates or if it is not on the list of approved certificates.

Optimization and Integration Services – Comprehensive, ongoing support and guidance from Venafi’s trusted team of security experts helps customers tailor the solution to specifically meet their organization’s needs. This includes configuring and optimizing third-party technology integrations with an organization’s existing security vendors and workflows.

"As part of Ferguson's ongoing efforts to build and improve our DevSecOps tools and automation, we are beginning an initiative with Venafi to partner on integration of its Stop Unauthorized Code Solution for its end-to-end capabilities for Kubernetes container signing, signature verification, policy configuration and enforcement, and runtime verification to prevent the execution of unsigned or tampered images," said Shawn Irving, CISO and VP of infrastructure & security at Ferguson. "As a long-time customer of Venafi for TLS Protect and SSH Protect at multiple companies, I am confident that this addition to our portfolio of security capabilities will complement our existing investments and help us to leap forward in combating software supply chain threats with continued machine identity management."