Virtualization Technology News and Information
Article
RSS
Digital Shadows launches access key alerts - to mitigate the growing problem of credentials exposed during software development

Digital Shadows has announced the ability to detect exposed access keys. A combination of misconfiguration, inexperience, and laziness means that software developers are exposing access keys at an alarming rate. With threat actors routinely scouring code repositories for leaked keys, security teams need a fast, scalable solution to monitor these sites for their exposed technical assets.

Customers of Digital Shadows will now be able to identify in near real-time where these keys have been exposed. Most leakage is accidental, due to poor security practices - such as sensitive data being committed to public repositories, rather than private ones. SearchLight users will be notified when an access key has been detected on a public code repository or paste site, complete with a risk score for prioritization, source file, and matched assets. This means that remediation is quick and simple: either revoke the credential or tweak the configuration settings.

Russell Bentley, VP of Product at Digital Shadows, comments: "As software development has become increasingly distributed between in-house and outsourced teams it has become increasingly challenging to monitor the exposure of sensitive information. Every day, sensitive technical information like keys and secrets are exposed online to code collaboration platforms. Normally this is accidental, but we have seen evidence that threat actors are scouring public repositories and looking to use it in order to access sensitive data and infiltrate organizations. This new functionality within SearchLight will make it quick and simple to stop attackers in their tracks."

SearchLight's new access key alerting helps organizations monitor for access keys and secret exposure, providing Digital Shadows customers with complete visibility and minimal effort. This includes the ability to:

  • Identify near real-time who has exposed technical data: Each alert is tailored to an organization and built-in configuration minimizes false positives and increases relevance.
  • Built-in ‘playbooks' enable organizations to learn how to reduce exposure and remediate risks
  • Comprehensive coverage, for increased visibility: Automated detection of access keys across the broadest set of sources.
  • Build a clear picture with enriched data: As Shadow Search is built-in to the alert, users can have a succinct view of the historical activity related to that alert, building a richer picture, and helping security teams to make decisions quicker.
Published Wednesday, October 07, 2020 10:26 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<October 2020>
SuMoTuWeThFrSa
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567