How Device Identifiers Are Changing the Cybersecurity Landscape in Industry and Manufacturing

When we talk about identity in cybersecurity, most people imagine users logging into a system. However, modern IT environments rely on a far more numerous and less visible population of non-human entities. Device identifiers are the credentials (service accounts, API keys, certificates, tokens) that applications, scripts, and industrial devices use for automated interaction.

In manufacturing, these could be systems pulling data from an ERP or controllers updating configurations. These identifiers are essential for efficiency, but they also create critical vulnerabilities.

Why device identifiers are becoming a primary target

The problem is not their existence, but the lack of visibility and control. Today, device identifiers significantly outnumber human users. Unlike people, they cannot use multi-factor authentication (MFA), their passwords are rarely changed, and access rights are often excessive.

Device identifiers are the invisible foundation of digital transformation, which, in the absence of control, turns into wide-open doors for cyberattacks.

Critical risk analysis and practical solutions

Attackers are increasingly targeting these accounts because they provide stealthy and persistent access without triggering alarms set for human behavior.

Secrets with a long lifespan

• Problem: Hard-coded passwords or permanent API keys in scripts.
• Solution: Regular rotation, replacement with centrally managed credentials, and assignment of responsible owners.

Over-privileged access

• Problem: Service accounts and automation with administrator rights granted "just in case."
• Solution: Implementation of the principle of least privilege and access segmentation between IT, OT, and vendor zones.

Orphaned accounts

• Problem: Accounts and certificates that remain active after systems are modified or decommissioned.
• Solution: Monitoring the lifecycle (create/change/delete) and immediate deactivation of unused objects.

Low visibility of activity

• Problem: Minimal monitoring of machine-to-machine interaction because the activity appears normal.
• Solution: Analysis of abnormal API calls, lateral movement attempts, and unusual access patterns.

Device identifiers and supply chain risks

Industrial environments depend heavily on third-party software, managed service providers (MSPs), and integrators. Each such interaction is accompanied by its own service accounts. If one supplier is compromised, attackers can gain access to the entire production chain. Research shows that device identifiers associated with APIs and automation are the most attractive targets for causing disruptions and data leaks.

Protecting infrastructure with Barracuda Networks

For small businesses and industrial enterprises with limited resources, Barracuda Networks offers tools that close security gaps without excessive operational burden.

The BarracudaONE cybersecurity platform is designed specifically for small IT teams. The Barracuda SecureEdge solution minimizes risks through access segmentation policies for users and resources, while Barracuda Managed XDR continuously detects suspicious activity that may indicate compromised keys or tokens. This allows to minimize risks and increase business resilience.

Advantages of working with Softprom

Softprom helps companies not just implement a product, but build a reliable identity management strategy.

Our strengths

• Deep expertise: Our certified engineers will help configure security policies for your production tasks.
• Project support: Support at every stage — from service account inventory to XDR monitoring implementation.
• Practical demonstration: Testing Barracuda solutions in the real conditions of your IT network.