Criminals can take advantage of a lack of governance to use valid SSH keys in order to bypass security controls and quickly move laterally in the corporate network to sensitive resources.
It is essential that organizations gain visibility into and control over SSH key management. Data breaches stemming from stolen account credentials and hijacked accounts continues to rise.
SSH keys are ubiquitous. Administrators use them to securely manage critical systems remotely and to automate data exchange between applications.
The irony is that poorly implemented policies and monitoring and enforcement mechanisms have resulted in a false sense of security.
Today, organizations are swamped with thousands of unmanaged SSH keys, some of which have long been abandoned or never revoked.
Auditors are increasingly requesting documentation to prove that SSH key management is being monitored. Many large organizations are unable to demonstrate to auditors that they can find and track all the keys in their environment that grant systems access. In any regulated industry, this is unacceptable.