Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Digital Shadows launches access key alerts

October 2020 by Marc Jacob

Digital Shadows has announced the ability to detect exposed access keys. A combination of misconfiguration, inexperience, and laziness means that software developers are exposing access keys at an alarming rate. With threat actors routinely scouring code repositories for leaked keys, security teams need a fast, scalable solution to monitor these sites for their exposed technical assets.

Customers of Digital Shadows will now be able to identify in near real-time where these keys have been exposed. Most leakage is accidental, due to poor security practices – such as sensitive data being committed to public repositories, rather than private ones. SearchLight users will be notified when an access key has been detected on a public code repository or paste site, complete with a risk score for prioritization, source file, and matched assets. This means that remediation is quick and simple: either revoke the credential or tweak the configuration settings.

SearchLight’s new access key alerting helps organizations monitor for access keys and secret exposure, providing Digital Shadows customers with complete visibility and minimal effort. This includes the ability to:

· Identify near real-time who has exposed technical data: Each alert is tailored to an organization and built-in configuration minimizes false positives and increases relevance.
· Built-in ‘playbooks’ enable organizations to learn how to reduce exposure and remediate risks
· Comprehensive coverage, for increased visibility: Automated detection of access keys across the broadest set of sources.
· Build a clear picture with enriched data: As Shadow Search is built-in to the alert, users can have a succinct view of the historical activity related to that alert, building a richer picture, and helping security teams to make decisions quicker.




See previous articles

    

See next articles