For a long time now, SSH keys have essentially been impossible to tie to an individual’s user identity.
Even though an employee, let’s call him Mike, might create a key-pair, he can copy that and give it to someone else who can then log in with the same credentials.
Tying key to individual identity
That’s why it was so intriguing to talk with Craig Riddell, Sr. Solutions Architect at SSH Communications Security.
“One of the things we’re addressing is identifying and tying key based access to an individual’s identity,” he says.
But when the company accomplished that, he says customers wanted more.
Combating shadow IT
They asked for help to combat shadow IT, to be sure the devices being used to log into endpoints are company approved assets. And furthermore, they wanted help making sure that the endpoint logging into the cloud is actually a company approved endpoint and not some bad actor’s server.
Customer requests, granted.
“We are able to deploy certificates to client side and endpoint devices. With this authentication chain we can now identify the user and validate their credentials through multi-factor authentication,” Riddell says.
“And we can also identify the client they’re using to authenticate to the endpoint as well as the endpoint itself, to be sure that we have an entire chain of trust through PKI and SSH to make sure that there are no bad actors at any point in the environment.”
Shining a light on encrypted traffic
And during our interview, the company's leaders also talked about its ability to fight the black hole caused by encryption. “We can actually look into the SSH tunnel in real-time and show customers a full video replay of every command that was run, and also help gain visibility to encrypted traffic through security solutions they probably already own, like their DLP, IDS, IPS, and SIEM solutions."
That kind of visibility can help in a number of ways, but one timely example is the ability to prevent PII (personally identifiable information) at an office in the UK from being sent to a colleague or customer’s laptop in the U.S.
Adds Joe Scaff, VP of Americas Operations for the company, “We want it to be as seamless as possible, for all our customers. And not only them, but also our customer’s customers. The whole idea is to make it a more secure world.”
Did he just say “make it a more secure world?” Yes, indeed he did.
Those of us here at SecureWorld certainly stand behind that idea!
