Digital Shadows launches access key alerts
igital Shadows , a leader in
D digital risk protection , has announced the ability to detect exposed access keys . A combination of misconfiguration , inexperience and laziness means that software developers are exposing access keys at an alarming rate .
With threat actors routinely scouring code repositories for leaked keys , security teams need a fast , scalable solution to monitor these sites for their exposed technical assets .
Customers of Digital Shadows will now be able to identify in near real-time where these keys have been exposed .
Most leakage is accidental , due to poor security practices – such as sensitive data being committed to public repositories , rather than private ones . SearchLight users will be notified when an access key has been detected on a public code repository or paste site , complete with a risk score for prioritisation , source file and matched assets . This means that remediation is quick and simple : either revoke the credential or tweak the configuration settings .
Russell Bentley , VP of Product at Digital Shadows , said : “ As software development has become increasingly distributed between in-house and outsourced teams , it has become increasingly challenging to monitor the exposure of sensitive information .
“ Every day , sensitive technical information like keys and secrets are exposed online to code collaboration platforms . Normally this is accidental , but we have seen evidence that threat actors are scouring public repositories and looking to use it in order to access sensitive data and infiltrate organisations . This new functionality within SearchLight will make it quick and simple to stop attackers in their tracks .”
SearchLight ’ s new access key alerting helps organisations monitor for access keys and secret exposure , providing Digital Shadows customers with complete visibility and minimal effort . This includes the ability to :
• Identify near real-time who has exposed technical data : Each alert is tailored to an organisation and built-in configuration minimises false positives and increases relevance .
• Built-in ‘ playbooks ’ enable organisations to learn how to reduce exposure and remediate risks
• Comprehensive coverage , for increased visibility : Automated detection of access keys across the broadest set of sources .
• Build a clear picture with enriched data : As Shadow Search is built-in to the alert , users can have a succinct view of the historical activity related to that alert , building a richer picture and helping security teams to make decisions quicker . u intelligent SOFTWARE SECURITY www . intelligentciso . com | Issue 31
61