ShiftLeft Illuminate Released
February 18, 2021

ShiftLeft released ShiftLeft Illuminate, a new solution that leverages ShiftLeft technology to identify insider attacks, offer remediation advice and reduce overall risk to organizations’ software code base.

While cyberattacks on the CI/CD pipeline have been theoretical for some time, high-profile breaches over the past year have underscored a clear and urgent need for attention to this area. ShiftLeft Illuminate will help organizations eliminate insider threats within this vulnerable phase of the development pipeline.

According to Verizon’s 2020 Data Breach Investigations Report, “inside actors” are responsible for nearly one-third of data breaches. Many of these insiders have touchpoints with source code, including privileged IT administrators, disgruntled former employees and managerial employees with administrative privileges who can commit code without review. Organizations should also consider the threat from business partners with access to code repositories and nation-state actors weaponizing weaknesses of these parties.

“Recent cyberattacks have highlighted the importance of securing the software supply chain and ensuring that the software shipped is the same as the software developed,” said Manish Gupta, CEO, ShiftLeft. “Identifying such ‘insider attacks’ goes beyond taint-based vulnerability analysis. ShiftLeft's Illuminate helps customers insert insider attack detection in the software supply chain to establish non-repudiation of the software shipped at every stage.”

ShiftLeft Illuminate performs an architecture review to identify the most likely areas for an insider attack. It then creates a Code Property Graph (CPG) fingerprint of the relevant codebase and identifies sources, sinks and transforms to reduce exposure. Running algorithms on the CPG, Illuminate identifies insider attacks and business logic flaws, as well as potentially exploitable areas for insider attack, providing recommendations for reducing future risk. Using Illuminate, organizations can accurately determine if an insider attack has occurred in their source code, helping them to know what and where to monitor within their unique application architecture moving forward.

“Cybersecurity poses a difficult challenge to supply chains, as an organization may be affected by an attack on any other link in the chain,” said Chetan Conikee, CTO, ShiftLeft. “In general, individual nodes in a supply chain (horizontally across SaaS vendors and vertically across the OSS stack) bear the entire cost of their own cybersecurity investments, but some of the benefits of the investments may be enjoyed by the other nodes as well.”

Organizations using ShiftLeft Illuminate are armed with Summary Reports for executive and senior level management, as well as Technical Reports of insider attacks, remediation advice and strategic guidance for longer-term improvement. Illuminate also provides Summary Reports for customers, demonstrating a comprehensive security assessment of the organization’s software development pipeline to eliminate the blind spot around the risk of software consumption that exists today.

Share this

Industry News

March 02, 2021

JFrog announced that its DevOps Platform tools – JFrog Artifactory and JFrog Xray – are available with native deployment templates for customers using AWS GovCloud (US) and Azure Government clouds.

March 02, 2021

Spectro Cloud announced support for existing Kubernetes environments, including clusters on public cloud services such as Amazon EKS, Azure AKS and Google GKE, has been added to the Spectro Cloud Kubernetes management platform.

March 02, 2021

Idera announced the acquisition of PreEmptive Solutions, LLC, a provider of application protection and security.

March 01, 2021

CloudBolt Software announced the launch of OneFuse Community Edition, a free version of its codeless integration platform for automating, integrating, and extending private and hybrid cloud infrastructures.

March 01, 2021

DBmaestro launched support for Snowflake, the Data Cloud company.

March 01, 2021

Platform9 closed Series-D funding with an additional $12.5 million for a total of $37.5 million.

February 25, 2021

Red Hat announced Red Hat OpenShift 4.7, the latest version of the company’s enterprise Kubernetes platform.

February 25, 2021

Granulate announced the release of its open-source platform, the G-Profiler, a production profiling solution that measures the performance of code in production applications to facilitate compute optimization.

February 25, 2021

Checkmarx announced the launch of KICS (Keeping Infrastructure as Code Secure), an open source static analysis solution that enables developers to write more secure infrastructure as code (IaC).

February 24, 2021

Applause launched its Product Excellence Platform (PEP).

February 24, 2021

Mabl announced the beta release of their new native desktop application that empowers users to easily automate testing for browsers, mobile browsers, and APIs.

February 24, 2021

D2iQ announced the general availability of D2iQ Kaptain, the cloud native end-to-end platform for running ML workloads on Kubernetes.

February 23, 2021

Edge Delta announced new capabilities for dynamically processing and routing logs, metrics, and traces -- allowing DevOps, Security, and SRE teams to analyze large volumes of streaming data without the cost, delay, or complexity of requiring data to be indexed, helping customers decouple where machine data is analyzed from where it is stored.

February 23, 2021

env0 announced a remote run SaaS solution for the automation of Terragrunt workloads across multiple Terraform modules.

February 23, 2021

Platform9 closed its Series-D funding with an additional $12.5 million for a total of $37.5 million.