In this innovation profile, Chris Hughes details: GitGuardian Honeytokens are a new feature that allows cybersecurity professionals to stay ahead of malicious attackers.
highlight
00:27 — Software supply chain attacks have increased 742% year-over-year over the past three years, many of which involve disclosure of secrets in cloud-native environments. In 2022, his GitGuardian, a well-developed company in the secrets sprawl area, reported in the “State of Secrets Sprawl” that he had detected over 10 million secrets in various of his GitHub commits.
02:06 — GitGuardian reviews your software supply chain and environment (source control systems such as GIT repositories, continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines, internal registries, package managers, etc.) to ensure that they are Determine where it exists. Exposed credentials.
02:51 — GitGuardian has a new feature called Honeytoken. Honeytokens are an innovative way to understand how malicious actors are targeting your environment. What kind of activities are they trying to carry out? How are they trying to compromise your software supply chain? This allows you to monitor deployment, expansion, and abuse to detect intrusions before it’s too late.
03:40 — Honeytokens allow you to deploy fake tokens and credentials into a variety of environments, including third-party software-as-a-service (SaaS) environments.
04:36 — GitGuardian allows you to set these tokens and see if a malicious attacker initiates interaction with them. You can see which IP address it’s coming from and what activity it’s trying to perform. Think of this as getting really good threat intelligence.
05:20 — By putting these honeytokens out into the world, we can take a proactive approach. This allows you to see directly what a malicious attacker is trying to do. how are they doing? What actions are they taking? What tactics are they using? This feature provides a comprehensive dashboard where you can see the tokens you have placed in your environment, whether internal or external to SaaS.
06:27 — This is a truly innovative feature. This gives you a proactive approach to understand what malicious attackers are trying to do, stay ahead of them, and block activity before it ultimately impacts your organization.