Latest product innovation focuses on shift-left capabilities, collaboration and seamless integration to DevOps workflows, including pentesting features. Paris, France (July 27, 2021) GitGuardian, a cybersecurity start-up specializing in securing software development with automated secrets detection and remediation, today announced it will be showcasing both its Internal Monitoring and Public Monitoring solutions on its virtual booth during the 2021 Black Hat conference.
GitGuardian is sponsoring this conference for the first time to meet with security professionals seeking to secure their software development lifecycle, and more precisely, seeking to tackle the fast-growing issue of secret sprawl.
The rapid acceleration of secrets sprawl and its significance in many prominent data breaches has led major players, such as GitHub or GitLab to introduce secrets detection into their security offerings. While conceptually simple, detecting secrets in source code is inherently difficult due to the probabilistic nature of secrets; additionally, corporate secrets can sprawl into assets that organizations have no control over, such as employees’ personal git repositories.
With an ARR growth of 350% YoY, GitGuardian is a major player in this new market segment and continuously innovates to help companies detect and remediate. The biggest traction comes from industries with the highest maturity regarding distributed architecture developments, like software vendors, financial services and MSPs.
Even if open-source solutions and best-of-breed solutions exist, they often lack precision and recall in detecting secrets, leading either to alert fatigue with too many false positives or missed credentials. This undermines the solution efficiency. They also lack collaboration capabilities, allowing the security team and cloud operations and, most importantly, developers to collaborate for a more secure code.
“We started by looking at open-source solutions, but they did not meet our expectations. In particular, it was necessary to declare all the directories to be monitored, which represented a substantial workload. Once we decided to deploy GitGuardian's GitHub public monitoring solution, the ramp-up was rapid. As soon as we had access to the platform, we were able to start remediating past incidents.” Anne Hardy, CISO Talend
The latest product innovations are both serving the shift-left strategy of companies willing to put the developer at the center of their security and the DevSecOps approach by fully integrating the GitGuardian dashboard with the development teams’ tools and workflows. GitGuardian is also extending its detecting capabilities towards Intellectual property leaked on public GitHub, as well as personal and medical data. GitGuardian Public Monitoring has also been enriched with Explore, a pentesting feature allowing to proactively look for company's sensitive information by performing complex queries on 12 billion documents and metadata from 3 years of GitHub history.
Additional information
2021 State of Secret Sprawl on GitHub - How Leaky can it Git.
Secrets Detection learning center
GitGuardian Public Monitoring allows real-time GitHub scanning and alerting to uncover sensitive company information hiding in online repositories. It monitors both organization repositories and developers' personal repositories. The solution gives visibility to developers and security teams on this very critical blindspot that are the organization developers' personal repositories on GitHub (80% of leaked corporate secrets on public GitHub come from developers’ personal repositories). GitGuardian Public Monitoring is particularly interesting for companies with large development teams (above 200 developers) and modern development practices.
GitGuardian Internal Monitoring is an automated secrets detection & remediation solution. It integrates with the Version Control System to further secure the software development life cycle. It scans existing code as well as incremental changes to detect secrets (API keys, database credentials, certificates). GitGuardian has a native integration with GitHub, GitLab and Bitbucket and there is both a Saas and an on-premise version available. It is also integrated with most common SIEM, ITSM, ticketing systems and chat to integrate with companies’ alerting flows.
GitGuardian detection algorithm, common to both products, was battle-tested at scale on the whole public GitHub activity for over three years. Scanning is done continuously but also on git history to ensure total coverage. The secret detection engine covers 250+ API providers, database connection strings, private keys, certificates, usernames and passwords and allows also to build custom detectors.