Cybersecurity

Innovation Profile: Safeguarding Software Supply Chains with GitGuardian Honeytoken

Chris HughesBy 2 Mins Read
Acceleration Economy Cybersecurity

In this Innovation Profile, Chris Hughes takes an in-depth look at GitGuardian’s Honeytoken, a new capability that allows cybersecurity pros to stay ahead of malicious actors.

Highlights

00:27Software supply chain attacks have gone up 742% year over year over the last three years, and many include secret exposures in cloud-native environments. In 2022, GitGuardian, a firm well-developed in the secret sprawl space, reported in its “State of Secrets Sprawl,” that over 10 million secrets had been detected in various GitHub commits.

02:06 — GitGuardian can look at your software supply chain and your environments, such as source control systems like GIT repositories, CI/CD (continuous integration and continuous delivery/continuous deployment) pipelines, internal registries, and package managers as well as identify where there are exposed credentials.

02:51 — GitGuardian has a new capability called Honeytoken. Honeytoken is an innovative way to understand how malicious actors are targeting environments. What kind of activities are they trying to conduct? How are they trying to compromise one’s software supply chain? It lets you deploy, scale, and monitor for unauthorized use and detect intrusions before it’s too late.

Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.

03:40 Honeytoken lets you deploy fake tokens or credentials into different environments, including third-party software-as-a-service (SaaS) environments.

04:36 — GitGuardian lets you set up these tokens to see if malicious actors start to interact with them. You can see what IP address they come from and also what activities they are trying to conduct. Think about this as getting some really pertinent threat intelligence.

05:20 — Putting these honeytokens out there gives you a proactive approach. This way, you can see directly what malicious actors are trying to accomplish. How are they doing it? What kinds of behaviors are they using? What kind of tactics are they using? The capability provides you with a comprehensive dashboard, where you can see the tokens you’ve placed in the environment, whether internal or external to SaaS.

06:27 — This is a really innovative capability. It gives you that proactive approach of seeing what malicious actors are trying to do, getting ahead of it, and blocking the activity before it ultimately impacts your organization.

Interested in GitGuardian?

Schedule a discovery meeting to see if we can help achieve your goals

Connect With Us

Book a Demo

Share.
Analystuser

Chris Hughes

CEO and Co-Founder
Aquia

Areas of Expertise
  • Cloud
  • Cybersecurity

Chris Hughes is a Cloud Wars Analyst focusing on the critical intersection of cloud technology and cybersecurity. As co-founder and CEO of Aquia, Chris draws on nearly 20 years of IT and cybersecurity experience across both public and private sectors, including service with the U.S. Air Force and leadership roles within FedRAMP. In addition to his work in the field, Chris is an adjunct professor in cybersecurity and actively contributes to industry groups like the Cloud Security Alliance. His expertise and certifications in cloud security for AWS and Azure help organizations navigate secure cloud migrations and transformations.

  Contact Chris Hughes ...

Related Posts

Add A Comment

Comments are closed.