Data breaches have always been a major cause of affliction for many companies, as it could cause damages worth millions of dollars. To counter such a bane, companies require a great deal of real-time monitoring.
The complexity of this world is the biggest problem. The SANS Institute survey found half of the company data breaches were a result of account or credential hacking.
This is where GitGuardian comes into the picture, as the company is tackling issues with a highly developer-centric cybersecurity approach.
The unorthodox approach has gained the attention of major investors. In a Series A funding, led by Balderton Capital, GitGuardian raised $12 million. Solomon Hykes, founder of Docker and Scott Chacon and co-founder of GitHub, also participated in the round.
GitGuardian is planning to use the investment from Balderton Capital to widen its customer base, which is predominantly in the U.S. As of now around 75% of its clients are situated in the U.S., while others are Europe-based. The funding will help it to drive this expansion further ahead.
What Exactly GitGuardian do?
- GitGuardian detects thousands of company’s “secrets” leaked online using a combination of sophisticated algorithms.
- Secrets include sensitive company details which provide access to payment systems, private messages, databases, servers, and internal applications.
- The current software development techniques and workflows have led to a rise in the number of secrets being widely and dangerously escalate, both in public and private domains.
- These breaches are highly critical problems that companies struggle to detect, but could cause system-wide loss of service, endanger customer data, and lead to both regulatory and litigation issues, with the potential to result in huge losses in valuation and million-dollar fines.
How GitGuardian Deals with the Threat
The technology of GitGuardian works by linking developers registered on GitHub with their companies and going through the content of over 2.5 million commits (or code revisions) per day in search of signs of company secrets. The scan covers different types of secrets from keys to database connection strings, SSL certificates, usernames, and passwords. These secrets are detected through a combination of algorithms, including sophisticated pattern matching techniques and machine learning.
It takes only four seconds for the GitGuardian’s technology to detect a leaked secret and send an alert to the developer and a client’s security team. Using a feedback loop (with developers) its algorithm is constantly learning. The developers identify, how accurate each alert is, and whether or not it is a true alert. This helps GitGuardian to remain updated against the evolution of how secrets are leaked as well as the types of secrets.
Solomon Hykes, founder of Docker and investor at GitGuardian, stated that the security of systems starts with securing the software development process. Adding to it he said that GitGuardian knows about the importance of security and they have built a pragmatic solution for the problem. The credentials monitoring system they have built is a must-have for any serious organization.