Even the most advanced tech companies are not immune to source code theft or vulnerability exploitation. From Tesla suing a former software engineering employee for allegedly stealing software code to hackers inserting a backdoor (SUNBURST) into SolarWinds’ Orion® Platform software, the threats are real and growing. In Tesla’s case, the company estimated “200 man-years of work” to develop the code in question.
As for the SUNBURST attack, it is determined by US CISA (Cybersecurity and Infrastructure Security Agency) to pose “a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations”, and is estimated to have affected about 18,000 organizations. Protecting source code in a world of rapidly emerging threats is no small feat. A recent insightful article (Bringing Source Code Security Up to Speed) on Security Boulevard says – “While there are many tools to identify source code vulnerabilities and protect applications in runtime, securing the development pipeline infrastructure itself is largely an unmet need.”
Elusive Threats Everywhere
Software development environments are under attacks from both inside and outside. On the inside, all it takes is a rogue employee, who abuses his/her access privileges, or an innocent employee, who is manipulated by social engineering, into performing nefarious tasks unknowingly. On the outside, a hacker, who manages to launch hard-to-discern APTs (Advanced Persistent Threats) into the system, can potentially drain out your most valuable intellectual property or embed malware into your products while staying unnoticed for a long period of time.
Behavioral Analytics To the Rescue
“Doveryay, no proveryay” (English: Trust, but Verify) – a Russian proverb once made popular by President Ronald Reagan – is, in essence, about behavior vs words. Simple actions such as logging in, downloading files, and checking in codes, over a period a time, can reveal a behavioral pattern which may or may not be congruent with your security practices. Similarly, patterns of network traffic, server access, end-user device connections, may yield insights on emerging risks. However, with the skyrocketing volume of behavioral data generated by humans and machines, it has become essential to automate the processes of pattern recognition and anomaly detection. Unlike traditional analytics where known queries are used for interrogating the data, Artificial Intelligence (AI) powered behavioral analytics uses unsupervised machine learning to uncover unknown threats so you can preemptively address potentially devastating attacks.
Find Out How
Join our March 9th webcast - Spring into Action - Protect Source Code with Behavioral Analytics - where Stephan Jou, Micro Focus CTO for Security Analytics, will discuss how AI can secure your engineering infrastructure, share real-life case studies, and recommend practical next steps.