Mirantis development teams are using GitHub extensively, with an infrastructure as code mindset. Like most developers today, they handle increasing amounts of credentials, and as Yury Koldobanov Director of IT and acting CISO puts it “the combination of people working on Git repos and the handling of credentials leads to issues“.
Yury’s team found out that some companies were impacted by secrets leakage via Github repositories and decided to work toward proactively preventing this from happening to Mirantis.
Since manually investigating hundreds of repositories is ineffective and costly Mirantis started looking for a solution.
Yury’s team first considered a hybrid DLP / analyst tool, with keyword-based detection capabilities for GitHub but which also covered other data sources such as Google Drive, dark web, etc. However, the key point for Yury was that GitHub is a different kind of data source with different considerations.
Like many software companies Mirantis is concerned about leaking keys
The need for a solution specialized in GitHub monitoring and capable of sophisticated secrets detection became obvious.
Another important consideration was automation and detection time. Given that malevolent actors are actively scanning GitHub, having manual analysis of potential incidents would have a huge impact on detection time. This was both the case for bug bounties and for the DLP tool. GitGuardian’s ability to detect leaks instantaneously and immediately alert Mirantis’ security team was hence crucial.
Another key differentiator for Mirantis was GitGuardian’s ability to automatically identify Mirantis’ publicly active developers, and therefore to create a dynamic perimeter to monitor.
Most DLPs would put the burden of defining the perimeter on us
This enables GitGuardian to not only focus on known corporate repositories, but most importantly on developers’ personal repositories, where companies typically have no visibility.
GitGuardian is now leveraging the development team workflows by integrating with Slack, which is heavily used by the team. The customizable integration allows specific alerts to be routed to the appropriate Slack channel.
What is most valuable?
Alerting is only the first step, which is why GitGuardian also helps with the remediation aspect of the Incident Response process. Mirantis developed a triaging and severity rating questionnaire that they sent to developers with a precise and standardised set of questions and leverages the GitGuardian “Developer in the Loop” feature. This in app feature streamlines the information collection process and centralization in GitGuardian’s dashboard, which enables Mirantis’ teams to more quickly understand the context of a given incident thus facilitating the investigation and remediation. Without this feature, Yuri’s team would have to less efficiently collect feedback from different systems (email, Jira, Slack) and request actions from different stakeholders manually. Mirantis also found that involving developers in the remediation process is also a great way to raise secrets leakage awareness.
Having been a GitGuardian customer for almost two years, Mirantis has been very positive about both their experience working with the GitGuardian team, and the enhancements brought to the product.
Mirantis also had a good experience thanks to GitGuardian’s customer-centric approach “GitGuardian is flexible and reacts fast to feedback. I can talk about my specific needs, and see a reaction from the team very quickly. GitGuardian also provides guidance and best practices to help us grasp all details of this aspect of cyber security.”
In an ideal world we would have several other security and detection systems, but for us, as a software vendor, we need to focus on what really matters. And this is our IT stack: Secrets are the keys to your kingdom
GitGuardian is already well-integrated in Mirantis development stack thanks to the Slack integration. In order to go further, Mirantis is looking forward to having GitGuardian integrated with other systems it uses, since it would remove the need for some manual tasks and benefit from GitGuardian expanding its detection capabilities.