Cybersecurity software and services provider Venafi has launched a new offering, Stop Unauthorized Code, to help security teams detect and block unauthorized code across any development and operating environment.
Combining Venafiâs existing code signing offering, CodeSign Protect, with in-house security intelligence and tools, the new offering packs a comprehensive toolkit to govern code authentication across user workflows.
âVenafiâs Stop Unauthorized Code Solution empowers large enterprises to stop unauthorized code from running in their environments, significantly reducing the attack surface, thwarting potential malware and cyber-attacks, and minimizing security breaches,â said Shivajee Samdarshi, chief product officer at Venafi.
The new Venafi Stop Unauthorized Code Solution is available to users with launch.
Offering flags malicious third-party codes
Venafiâs new solution is aimed at eliminating business risks associated with âunauthorized codeâ in user environments by flagging them against a list of permitted code signing certificates.
âA favored attack vector for cybercriminals is the spreading of malicious software within seemingly harmless applications,â Samdarshi said. âExecuting unauthorized code can have adverse, far-reaching security implications for organizations.â
The offering features the ability to block all code if it has not been signed with the list of trusted code signing certificates, approved by the enterprise security team, according to Samdarshi. The offering also allows customers to configure and optimize third-party technology integrations and define signing requirements.
Integration with a wide development stack
The solution, according to Samdarshi, enables security teams and administrators to maintain their code signing trust chain across all environments â from modern, cloud-native environments such as Kubernetes, to environments such as Windows, Linux, Apple, and Android.
In the form of advanced controls, the offering allows security teams to finely define a list of signing certificates tailored for specific platforms like Kubernetes clusters, or namespaces.
âCoupled with stringent execution policy controls, the solution permits only authorized code to run and blocks any unauthorized code throughout the enterprise,â Samdarshi added. âConsequently, it offers robust protection against the potential risks associated with authorization abuse.â
The comprehensive support promised by Venafiâs new offering includes features like a secure code signing process, dynamic certification-based application control, certificate verification, unauthorized code blocking, and integrations and optimizations.