Latest research, product updates and best practices on staying secure in the cloud | Permiso

Product Update: IP and Code Threat Detection Now Available for GitHub and Atlassian’s Suite of Products, Including Confluence and Jira

Written by John Filitz | Oct 9, 2024 2:13:52 PM

Most organizations are unaware of how large their cloud identity attack surface is, specifically as it relates to the high number of human and non-human that exist in a typical environment. Many organizations are also unable accurately determine which of these identities have access to sensitive data, such as intellectual property and source code. An example that we often see is not knowing which identities and the privileges of those identities are accessing your code repositories in GitHub or engineering collaboration applications like Confluence and Jira.

Securing all identities, including human and non-human, holds the key to securing some of your most sensitive data. SaaS and PaaS applications hold as much as nearly 80% of your organizations most critical data, yet what is often not fully understood is that the responsibility for securing the identity and data for these applications rests solely with the end-user of these services, you, the customer.

Most organizations struggle with even basic identity risk visibility into some of their most critical applications, let alone having identity correlation and threat visibility across their entire IT ecosystem. This is a challenge that Permiso was born to solve, providing identity correlation and threat visibility for all your IaaS, PaaS and SaaS environments with a Universal Identity Graph

Another challenge that organizations struggle with is being unable to determine whether identity and access management (IAM) controls including using the approved multi-factor authentication (MFA) method is being used uniformly in their organizations for even just one application, let alone hundreds of applications and services used.

Lack of proper controls and the ability to audit those controls leave the door wide open for attackers to gain access to sensitive data such as IP and source code – a juicy target for any adversary.

The challenge is only amplified when we consider that non-human identities in the form of credentials, OAuth tokens, API keys and service accounts, outnumber their human

counterparts by a factor of 40x in most organizations. Monitoring all these identities and their access chains becomes impossible when working with multiple security controls for your different environments.

Securing Business Critical Workflows and Data

When it comes to key applications such as GitHub, Confluence and Jira, these applications become the central driving engine for most organizations hosting not only critical workflows but also as the systems of record for key projects, and repositories of sensitive IP, for example source code, architectural blueprints, vulnerability tickets, how-to documentation, and often credentials. This latest product release by Permiso now enables identity risk visibility and detections for GitHub and the Atlassian suite of products both in the cloud and on-prem. Permiso’s Universal Identity Graph stiches together activity across all engineering environments to help security analysts instantly correlate a pattern of behavior that indicates compromise. The result is a single alert indicating IP theft, instead of multiple alerts per environment.

Permiso identity threat detection and response capabilities for GitHub and Atlassian includes the following capabilities:

GitHub:

· Adaptive Bulk Download & Clone Monitoring: Track the total number of repositories for each client organization. This allows setting smarter dynamic thresholds providing granular risk from low to critical levels.

· Geopolitical Risk Assessment: Incorporating geopolitical factors by specifically monitoring activity from high-risk countries. This adds an extra layer of threat intelligence, allowing for more contextualized and relevant alerts.

· Proactive Security Posture and Activity Monitoring: Continuously track both bulk operations and granular changes to settings and security controls across GitHub repositories. This comprehensive oversight helps detect modifications that could weaken a customer’s security stance, whether caused by internal misconfigurations or external attackers. By monitoring the full spectrum of GitHub activities, Permiso maintains visibility on potential security risks and helps preserve the integrity of the GitHub environment.

Atlassian’s suite of products:

· Jira Service Management Actions: Identify unauthorized modifications to customer permissions, detect new, potentially suspicious integrations with third-party services, and monitor specific changes to project settings that could lead to data breaches or service disruptions.

· Confluence Management Actions: Detect potential data exfiltration attempts through exports, unauthorized access via permission changes, and security vulnerabilities introduced by app installations or updates, all of which could compromise sensitive information or system integrity.

· Beacon: Monitor events like Slack and Microsoft Teams integration, webhook updates, alert creation/deletion, and custom detection rule modifications to ensure the integrity and proper functioning of the system, detect any unauthorized changes or tampering attempts, and identify potential security incidents or insider threats that could undermine the effectiveness of the security monitoring and response capabilities.

Reduce risk and find evil

With Permiso’s universal identity threat detection and response you can at any time determine who your top 10 riskiest identities are, proactively manage access and permissions throughout your entire cloud services ecosystem, and detect threats within and across SaaS, IaaS, and PaaS environments.

Permiso finally provides a better way to secure your identities universally, including protecting your most critical asset, your data, from a single console.

Reach out for a demo.