Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, has officially announced the launch of several enhancements for its secrets scanning product.
Currently available as a stand-alone product and also as part of the broader ASPM platform, the stated product will receive, moving forward, a new secrets dashboard for an integrated view of all findings and recovery actions taken to remediate secrets.
In case you weren’t aware, secrets happen to play a vital role in application development. Despite their clear importance, though, the high value of secrets also makes them a prime target for attackers and creates risk across the organization, from security operations to cloud and platform engineering.
Another detail contextualizing the importance held by secrets is rooted in the exponential growth of non-human identities (NHIs), something which has only contributed further to the prevalence of secrets. You see, while security teams typically focus on secrets in source code, they are increasingly emerging in ticket systems, artifact registries, and other systems, such as Confluence, Jira, and Slack. This has spelled a struggle, on the organization’s part, to protect secrets from exposure while simultaneously enabling developers to build services that rely on them.
In case that wasn’t bad enough, regulations like HIPPA, PCI DSS and GDPR, have only made things trickier by explicitly directing organizations to secure secrets.
Fortunately enough, in response, Legit’s new capabilities bring forth a mechanism well-equipped to improve the businesses ability of mitigating risk and reducing the attack surface associated with secrets.
“Secrets are a serious security risk, and because they are so omnipresent, they are ripe targets for threat actors seeking access to sensitive resources,” said Lior Barak, co-founder and chief product officer, Legit Security. “As we have seen all too often, most secrets scanning tools produce too many false positives or fail to address secrets beyond source code. Legit is solving this problem by providing the broadest set of secrets detection capabilities available today.”
Talk about Legit’s new secrets dashboard on a slightly deeper level, we begin from its promise to provide centralized visualization, where the solution can be expected to provide the most complete view of all secrets detection and prevention activities across the enterprise so to prioritize remediation and ensure guardrails are in place.
Next up, we have the availability of secrets analytics that prioritize secrets remediation based on factors such as severity, source, repo/product, and user. We referred to how new dashboard conceives for you a complete view of all prevention activities, but what we haven’t mentioned yet is how it also delivers insights into potential new secrets that have been prevented based on an organization’s policies and established guardrails. Not just that, it even identifies developers who are actively using preventative measures.
Moving on to the prospect of availing secret growth and remediation trends, it translates to how you can avail insights into new secrets, issues resolution, and backlog trends. The idea behind that is to let organizations measure the effectiveness of AppSec programs in preventing and remediating secrets.
Hold on, there is more, considering we still haven’t touched on the dashboard’s secrets discovery capacity, where the solution captures and monitors secrets within a developer’s personal GitHub and the organization’s account, thus making sure that developers do not expose secrets.
Beyond that, we have feature dedicated towards personal depository discovery, which spots and builds an inventory of all personal repositories owned by an organization’s developers for a comprehensive list of assets used by developers.
Rounding up highlights would be the availability of consolidated triage and remediation. Markedly enough, the solution will able to conceive that by integrating findings from business and personal accounts into Legit’s platform. Once that part is completed, it then generates a single view of the risk attached to, irrespective of where they reside.
“Additionally, our secrets command line interface provides extensive prevention tools and solutions to control risk across the business from code to cloud. Finally, we give teams one central dashboard to view all secrets discovery and remediation activity to ease reporting requirements,” said Barak.