EEJournal

industry news
Subscribe Now
July 10, 2019

Keyfactor and Thales Address Code Signing Cyber-Attacks Targeting Businesses

Security leaders announce industry-first code signing product

CLEVELAND, Ohio, June 17, 2019 – Keyfactor, a leading provider of secure digital identity management solutions, today announced a new integration with Thales that combines Keyfactor’s code signing platform with the high-assurance key protection of Thales’ SafeNet Cloud HSM On-Demand. The result of this partnership, KeyfactorTM Code Assure, delivers secure code signing to software vendors, mobile app developers, enterprise IT organizations, and manufacturers of IoT devices.

“We’re seeing a rise in threats against code signing operations, like the recent ASUS hack where attackers exploited code to plant and deploy malware when businesses ran standard updates,” said Jordan Rackie, Chief Executive Officer at Keyfactor. “These attacks erode the fabric of trust that consumers and business users alike place in software publishers and device manufacturers. This partnership and our highly integrated, hybrid approach uphold digital trust, making end-to-end protection against evolving code signing-based attacks simpler for innovative DevOps teams and software providers.”

Code signing certificates are used to digitally sign applications, drivers and software, allowing end users to verify the authenticity of the publisher. Cyber-attackers can forge and compromise vulnerable certificates and keys, often planting malware that detonates once a firmware or software update is installed on a user’s system. Recent research pegs the cost of code signing certificate and key misuse at $15 million and estimates a 29 percent likelihood that organizations will experience code signing incidents over the next two years.

“Complete protection and control of code signing keys is challenging for most businesses, especially as infrastructure and development teams are widespread across the globe,” said Ted Shorter, Chief Technology Officer and Co-founder at Keyfactor. “Faster release cycles and frequent code changes in DevOps environments leave security teams fighting to keep pace. Thales and Keyfactor designed Keyfactor Code Assure to empower innovators, enabling them to secure code signing at the speed of DevOps.”

Keyfactor Code Assure stores all code signing certificates from disparate network locations (i.e. developer workstations, build servers, and thumb drives) in a centralized and secure HSM, Thales’ SafeNet Cloud HSM On-Demand. Once inside, the certificates never leave the vault. Only developers with the right access can request code signage, where it is then signed and returned to the user. Access controls ensure that only developers with the right privileges can sign software and firmware during the time windows designated by the certificate owner.

“The Keyfactor platform has many applications for helping secure the Internet of Things, manufacturing, connected automobiles as well as code signing. The flexibility of these cloud solutions means customers can move their enterprise services to the cloud and get all the benefits of owning PKI while minimizing the risks,” said Todd Moore, Senior Vice President of Encryption Products at Thales.

Gartner Inc., a research and advisory firm, recommends companies “leverage code repositories by enabling signing and time stamping code when it’s checked in to build up a history over time that can inform specific secure coding behaviors.”*

Keyfactor Code Assure has already been adopted by Fortune 500 leaders that value security and trust as utmost priority. This integration allows these organizations to:

  • Defend their business and users against the rising threat of code signing hacks
  • Get complete visibility and control of keys and certificates for security teams
  • Enable DevSecOps with simple and secure workflows for developers
  • Deploy with zero disruption to existing SDLC or build processes
  • Support secure code signing of virtually any code, anywhere – including Windows binaries, Java, IoT firmware, and more
  • Empower distributed development teams with a unique, patented technology to sign code from build servers and workstations – without the private keys ever leaving the auditable, protected confines of a Hardware Security Module (HSM)

For more information on Keyfactor Code Assure, please visit www.keyfactor.com/keyfactor-code-assure

Leave a Reply

featured blogs
Must-Have Reads from No Starch Press
Jul 20, 2024
If you are looking for great technology-related reads, here are some offerings that I cannot recommend highly enough....
More from Max's Cool Beans...

featured video

How NV5, NVIDIA, and Cadence Collaboration Optimizes Data Center Efficiency, Performance, and Reliability

Sponsored by Cadence Design Systems

Deploying data centers with AI high-density workloads and ensuring they are capable for anticipated power trends requires insight. Creating a digital twin using the Cadence Reality Digital Twin Platform helped plan the deployment of current workloads and future-proof the investment. Learn about the collaboration between NV5, NVIDIA, and Cadence to optimize data center efficiency, performance, and reliability. 

Click here for more information about Cadence Data Center Solutions

featured chalk talk

Advantech Industrial AI Camera: Small but Mighty
Sponsored by Mouser Electronics and Advantech
Artificial intelligence equipped camera systems can be a great addition to a variety of industrial designs. In this episode of Chalk Talk, Amelia Dalton and Ryan Chan from Advantech explore the components included in an industrial AI camera system, the benefits of Advantech’s AI ICAM-500 Industrial camera series and how you can get started using these solutions in your next industrial design. 
Click here for more information Advantech ICAM-500 AI Camera
Aug 23, 2023
39,230 views