Cybersecurity as a Business Enabler

Innovation Profile: Safeguarding Software Supply Chains with GitGuardian Honeytoken

Chris HughesBy 2 Mins Read
Acceleration Economy Cybersecurity

In this Innovation Profile, Chris Hughes takes an in-depth look at GitGuardian’s Honeytoken, a new capability that allows cybersecurity pros to stay ahead of malicious actors.

Highlights

00:27 — Software supply chain attacks have gone up 742% year over year over the last three years, and many include secret exposures in cloud-native environments. In 2022, GitGuardian, a firm well-developed in the secret sprawl space, reported in its “State of Secrets Sprawl,” that over 10 million secrets had been detected in various GitHub commits.

02:06 — GitGuardian can look at your software supply chain and your environments, such as source control systems like GIT repositories, CI/CD (continuous integration and continuous delivery/continuous deployment) pipelines, internal registries, and package managers as well as identify where there are exposed credentials.

02:51 — GitGuardian has a new capability called Honeytoken. Honeytoken is an innovative way to understand how malicious actors are targeting environments. What kind of activities are they trying to conduct? How are they trying to compromise one’s software supply chain? It lets you deploy, scale, and monitor for unauthorized use and detect intrusions before it’s too late.

Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.

03:40 — Honeytoken lets you deploy fake tokens or credentials into different environments, including third-party software-as-a-service (SaaS) environments.

04:36 — GitGuardian lets you set up these tokens to see if malicious actors start to interact with them. You can see what IP address they come from and also what activities they are trying to conduct. Think about this as getting some really pertinent threat intelligence.

05:20 — Putting these honeytokens out there gives you a proactive approach. This way, you can see directly what malicious actors are trying to accomplish. How are they doing it? What kinds of behaviors are they using? What kind of tactics are they using? The capability provides you with a comprehensive dashboard, where you can see the tokens you’ve placed in the environment, whether internal or external to SaaS.

06:27 — This is a really innovative capability. It gives you that proactive approach of seeing what malicious actors are trying to do, getting ahead of it, and blocking the activity before it ultimately impacts your organization.

Interested in GitGuardian?

Schedule a discovery meeting to see if we can help achieve your goals

Connect With Us

Book a Demo

Share.
Analystuser

Chris Hughes

CISO & Co-Founder
Aquia

Areas of Expertise
  • Cybersecurity

Chris Hughes is an Acceleration Economy Analyst focusing on Cybersecurity. Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of Maryland Global Campus. Chris also participates in industry Working Groups such as the Cloud Security Alliances Incident Response Working Group and serves as the Membership Chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber Podcast. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. He regularly consults with IT and Cybersecurity leaders from various industries to assist their organizations with their Cloud migration journeys while keeping Security a core component of that transformation.

  Contact Chris Hughes ...

Related Posts

Add A Comment

Comments are closed.