This 5 min demo shows GitGuardian’s Public GitHub Monitoring solution which allows companies to: Have visibility over, and better understand, its developers’ public activity on GitHub.Be alerted of potential leaks of secrets and other types of sensitive information that would be made public, in real-time, in order to nullify most of the damage very quickly.The solution comes in the form of a dashboard, where the company’s public GitHub activity and identified incidents are displayed.https://gitguardian.com
Hi everybody, my name is Aymeric from GitGuardian and today i'm going to tell you more about our public GitHub monitoring solution. This can really be seen as a threat intelligence tool to help you make sense of public GitHub activity. It has three main objectives: Number one, it helps you automatically identify relevant activity on GitHub by automatically identifying your publicly active developers. Number two, it covers a very broad range of secrets. Over 200 and enables you to detect them in real time. Number three, and probably the most important, it enables your security team to investigate and remediate to incidents swiftly with the developer's help. Developers rely on hundreds of building blocks to build modern software applications. You can think of microservices, Saas tools, databases, payment systems, CRM. And they need to interconnect all these different components, therefore, leveraging secrets. In other words this leads developers to have access to increasing amounts of sensitive information to perform their jobs and the current state of the world is that secrets are sprawling everywhere within organizations. One of the worst places where these can end is actually public GitHub. Companies with large numbers of developers trust GitGuardian to help them secure their public GitHub footprint and even though you might not be using GitHub as your main Version Control System, there's a very good chance that your developers are active on the platform. So in this video, we'll have a deeper look at how the GitGuardian dashboard looks and how we can help you secure your developers' GitHub activity, before we start talking about how to monitor your perimeter. We first need to understand where to look. GitGuardian has this unique ability to automatically identify your publicly active developers. This means that we can know what repositories your developers are contributing to, should these be professional or personal but also what code these developers are pushing to these repositories. And this is a very crucial step since most leaked credentials cannot be identified through a simple keyword. Now let me give you a very concrete example. Imagine I work for Docker's security team and I want to identify any activity on GitHub that is relevant to Docker. Well, if I perform a very simple search, such as Docker or Docker.com it is going to bring back a lot of results, most of which i am not interested in. So you have to keep in mind that most secrets leaked on public GitHub are not going to have direct mentions of your company in their context. This is why first identifying your publicly active developers is absolutely crucial. Additionally, on top of monitoring your identified developers wherever they contribute to on GitHub, we also monitor your official GitHub presence and therefore your official GitHub public organizations and any repositories hosted underneath them. Now let me tell you more about GitGuardian's detection capabilities. GitGuardian specializes in detecting secrets. We cover over 200 types of API keys, credentials, certificates, private keys and the list goes on and on. In fact, one of our teams is fully dedicated to constantly improving all of our detection algorithms but also creating new ones. Therefore, whichever services your organization uses, you would typically be covered and if that's not the case you also have the ability to provide your custom keywords or custom regular expressions. Customers typically leverage such features to look for internal project names or internal urls all over public GitHub. Addressing leaks on GitHub is a race against time. It's a matter of getting to that sensitive information before black hat actors do. With a mean time to detect of only four seconds we make sure that you are the first on the incident. Another great feature of the GitGuardian solution is that it has a dual alerting mechanism. This means that, on top of alerting your security team, we also alert the developer responsible for the incident. Since we're doing this in real-time, the developer would typically still be on their machine and can therefore take action very quickly. In fact we've measured with our customers that they are able to nullify the damage in underneath one hour on average. Now let's take a deeper dive into what an incident looks like in GitGuardian.So GitGuardian is all about making life easier for your security team so that they have all the required information so that they can properly investigate prioritize and remediate even if the repo has been deleted. When investigating and remediating incidents on GitHub it is also important to communicate with the developer because they're the ones that know the most about the secrets. They can help you answer questions such as: Is this a valid secret, is it meant to be on public GitHub or what does it give access to. We also want alerts to reach the right people at the right time and through their preferred channels. Therefore GitGuardian's Public Monitoring solution integrates directly with your preferred SIEM, ITSM ticketing system or messaging tool. There you have it, if you'd like to learn more about GitGuardian's Public Monitoring solution or would like to see a demo with your own public set of data,feel free to reach out to our team and we'll be happy to help.