Digital Shadows Launches Access Key Alerts
October 20, 2020

Digital Shadows announced the ability to detect exposed access keys.

A combination of misconfiguration, inexperience, and laziness means that software developers are exposing access keys at an alarming rate. With threat actors routinely scouring code repositories for leaked keys, security teams need a fast, scalable solution to monitor these sites for their exposed technical assets.

Customers of Digital Shadows will now be able to identify in near real-time where these keys have been exposed. Most leakage is accidental, due to poor security practices – such as sensitive data being committed to public repositories, rather than private ones. SearchLight users will be notified when an access key has been detected on a public code repository or paste site, complete with a risk score for prioritization, source file, and matched assets. This means that remediation is quick and simple: either revoke the credential or tweak the configuration settings.

Russell Bentley, VP of Product at Digital Shadows, comments: “As software development has become increasingly distributed between in-house and outsourced teams it has become increasingly challenging to monitor the exposure of sensitive information. Every day, sensitive technical information like keys and secrets are exposed online to code collaboration platforms. Normally this is accidental, but we have seen evidence that threat actors are scouring public repositories and looking to use it in order to access sensitive data and infiltrate organizations. This new functionality within SearchLight will make it quick and simple to stop attackers in their tracks.”

SearchLight’s new access key alerting helps organizations monitor for access keys and secret exposure, providing Digital Shadows customers with complete visibility and minimal effort. This includes the ability to:

- Identify near real-time who has exposed technical data: Each alert is tailored to an organization and built-in configuration minimizes false positives and increases relevance.

- Built-in ‘playbooks’ enable organizations to learn how to reduce exposure and remediate risks

- Comprehensive coverage, for increased visibility: Automated detection of access keys across the broadest set of sources.

- Build a clear picture with enriched data: As Shadow Search is built-in to the alert, users can have a succinct view of the historical activity related to that alert, building a richer picture, and helping security teams to make decisions quicker.

Share this

Industry News

December 02, 2020

Amazon Web Services (AWS), an Amazon.com company, announced Amazon DevOps Guru, a fully-managed operations service that uses machine learning to make it easier for developers to improve application availability by automatically detecting operational issues and recommending specific actions for remediation.

December 02, 2020

Salesforce and Slack Technologies have entered into a definitive agreement under which Salesforce will acquire Slack.

December 02, 2020

Kasten by Veeam announced Kasten K10 v3.0.

December 02, 2020

Mattermost announced the launch of Mattermost Cloud, a new SaaS platform that is designed to optimize collaboration for DevOps teams and privacy-conscious enterprises.

December 01, 2020

CloudBees announced a virtual launch event on December 10 to formally release the first two modules of its Software Delivery Management solution: CloudBees Engineering Efficiency and CloudBees Feature Management.

December 01, 2020

GitOps creator Weaveworks announced the availability of release 2.4 of Weave Kubernetes Platform (WKP).

December 01, 2020

Adaptavist has joined the Sonatype partner program as a Platinum Enterprise Partner.

November 30, 2020

Shipa is open sourcing Ketch, Shipa's deployment engine, under Apache License Version 2.0.

November 30, 2020

Portworx by Pure Storage announced its qualification and support of Portworx Enterprise for Google Cloud's Anthos on bare metal.

November 30, 2020

SnapLogic now supports SaaS contracts in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).

November 24, 2020

Red Hat announced new capabilities and features for Red Hat OpenShift, the company's enterprise Kubernetes platform.

November 24, 2020

Sectigo released Chef, Jenkins, JetStack Cert-Manager, Puppet, and SaltStack integrations for its certificate management platform.

November 24, 2020

DataStax released K8ssandra, an open-source distribution of Apache Cassandra on Kubernetes.

November 23, 2020

Spectro Cloud has released a new, self-hosted version of its flagship product, Spectro Cloud.

November 23, 2020

GitLab completed integration of Peach Tech, a security software firm specializing in protocol fuzz testing and dynamic application security testing (DAST) API testing, and Fuzzit, a continuous fuzz testing solution providing coverage-guided testing.