How safe is your source code?

Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
3 0 2,499

Even the most advanced tech companies are not immune to source code theft or vulnerability exploitation. From Tesla suing a former software engineering employee for allegedly stealing software code to hackers inserting a backdoor (SUNBURST) into SolarWinds’ Orion® Platform software, the threats are real and growing. In Tesla’s case, the company estimated “200 man-years of work” to develop the code in question.

How safe is your source code.jpgAs for the SUNBURST attack, it is determined by US CISA (Cybersecurity and Infrastructure Security Agency) to pose “a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations”, and is estimated to have affected about 18,000 organizations. Protecting source code in a world of rapidly emerging threats is no small feat. A recent insightful article (Bringing Source Code Security Up to Speed) on Security Boulevard says – “While there are many tools to identify source code vulnerabilities and protect applications in runtime, securing the development pipeline infrastructure itself is largely an unmet need.”  

Elusive Threats Everywhere

Software development environments are under attacks from both inside and outside. On the inside, all it takes is a rogue employee, who abuses his/her access privileges, or an innocent employee, who is manipulated by social engineering, into performing nefarious tasks unknowingly. On the outside, a hacker, who manages to launch hard-to-discern APTs (Advanced Persistent Threats) into the system, can potentially drain out your most valuable intellectual property or embed malware into your products while staying unnoticed for a long period of time.

Behavioral Analytics To the Rescue

“Doveryay, no proveryay” (English: Trust, but Verify) – a Russian proverb once made popular by President Ronald Reagan – is, in essence, about behavior vs words. Simple actions such as logging in, downloading files, and checking in codes, over a period a time, can reveal a behavioral pattern which may or may not be congruent with your security practices. Similarly, patterns of network traffic, server access, end-user device connections, may yield insights on emerging risks. However, with the skyrocketing volume of behavioral data generated by humans and machines, it has become essential to automate the processes of pattern recognition and anomaly detection. Unlike traditional analytics where known queries are used for interrogating the data, Artificial Intelligence (AI) powered behavioral analytics uses unsupervised machine learning to uncover unknown threats so you can preemptively address potentially devastating attacks.

Find Out How

Join our March 9th webcast -  Spring into Action - Protect Source Code with Behavioral Analytics  - where Stephan Jou, Micro Focus CTO for Security Analytics, will discuss how AI can secure your engineering infrastructure, share real-life case studies, and recommend practical next steps.

 

Join our Community | What is Threat Intelligence? | What is Artificial Intelligence?

About the Author
Joe has over 13 years of experience in technology marketing and is currently focused on the analytics solution portfolio. Prior to this role, he was responsible for product marketing of the enterprise application data management solution.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.