New “scan-before-sign” Functionality And Centralized Key Management Defends Against Key Theft And Misuse
Unbound Security, the leader in secure cryptographic key orchestration, today unveiled revolutionary code signing key protection capabilities within Unbound CORE to ensure enterprises defend against the rise in software supply chain attacks. Unbound CORE’s advanced code signing solution offers an enhanced approach with server-side deployment to enable centralized management and “scan-before-sign” capabilities in addition to client-side code signing approaches. As a result, enterprises can prevent both key theft and misuse, previously impossible with client-side tools.
Read More: Ascira COO Belynda Lee Wins Bronze Stevie® Award In 2021 Stevie Awards For Women In Business
Once hackers gain access to a code signing key, either through stealing the key or penetrating a build server, they can easily disguise malware and introduce risk to the entire software supply chain. Placing these keys inside a hardware security module (HSM) or a cloud-based key management system (KMS) can help protect against theft but not misuse. Holding the key in the same location as the data also increases security risks and creates complex fragmentation.
Powered by multiparty computation (MPC), Unbound CORE splits a secret key into multiple pieces and places them on different servers and devices. Because the key is never assembled, even during its generation, it is impossible for hackers to gain access to vital information. Having this functionality on the server-side avoids the need to install, manage and patch or upgrade client-side tools and makes it possible to prevent key misuse. With the platform’s new “scan-before-sign” functionality, enterprises can enforce global security policies, such as having code scanned for malware or checked by multiple internal stakeholders before it can be signed.
Read More: SalesTechStar Interview with Brian Korchin, Managing Director and VP of Sales at InCloudCounsel
Yehuda Lindell, CEO at Unbound Security, comments: “Many of our clients specifically requested we introduce ‘scan-before-sign’ because they’ve not been able to access it elsewhere until now. Having central visibility of all keys, including who uses them, is vital and our latest version of CORE takes code signing to the next level. We see this a game-changer in the prevention of supply chain attacks, which continue to make headlines and are a major threat for software providers.”
Unisys, the global IT solutions company, has already deployed Unbound CORE to strengthen its security with centralized management of code signing and cryptographic keys. Mathew Newfield, chief information officer and chief security officer at Unisys, comments: “As a global technology company, Unisys needed to advance our code signing ability and this was a high priority item and a critical component in our partnership with Unbound. Not only did we need to make sure that the code that we’re developing is not being modified, free of malware and only modifiable with the appropriate permissions, but we also needed to prove full chain of custody. With Unbound CORE managing our code signing keys, we are applying the highest level of security, as well as are able to show that our code was properly implemented into the target environment.”