If you have been tackling the realities of secrets sprawl, getting a handle on all the hardcoded credentials in your organization, then we understand the stress and the restless nights that can bring.
Even a small team can add hundreds of secrets a year, so when it is time to prioritize and start working to resolve the known incidents, it can seem overwhelming.
Deploying honeytokens to any repos or environments where you have identified an issue can give you some breathing room.
If someone has breached your perimeter and has accessed your code, your alert will tell you to escalate, rotating the secrets they likely found.
Honeytokens, such as GitGuardian honeytokens, are decoy credentials that don't provide any access to data or systems but instead trigger alerts to let you know someone has attempted to use it.
A good honeytoken will provide a timestamp, the IP address, the user agent, and the action the user was attempting.
When a honeytoken is first triggered, you should be alerted immediately by email.
In most attacks, the adversarial actors do not manually look through each file, line by line, to find secrets.
They very much use your secrets to move laterally throughout your system, but most of the time, they use scanning tools as they gain a lay of the land.
Very commonly, these scans will immediately attempt to use any credentials to test if they are active, which will trigger the honeytoken.
If there were any valid secrets in the codebases where a honeytoken was triggered, then you will be able to escalate appropriately and invalidate those credentials as soon as possible.
A large number of public scans are continually being performed to try to find new commits and any secrets they contain.
We can use these public scanners to our advantage and leverage honeytokens to detect when private code becomes public.
Get alerted immediately when eyes outside your org can see your secrets.
If you have legitimate, valid secrets in that repo, then you know it is time to rotate those secrets as quickly as you can.
Now that you have a way to know if a repo is under attack or being shared in public, you can prioritize your action plan to tackle secrets sprawl.
Since there is no legitimate use for honeytokens other than as traps, you can safely leave them in any cleaned repo, giving you the same protection for repos with all the real secrets removed.
We are here to help you tackle secrets sprawl at scale, no matter how many devs you have or how much legacy code you have to deal with.
Honeytokens can make sure that if someone is snooping around, they will trigger an alert.
Honeytokens provide protection long after you resolve all your secrets-related incidents, helping you continuously improve your response times.
This Cyber News was published on feeds.dzone.com. Publication date: Mon, 15 Jan 2024 17:43:04 +0000