SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Legit Security launches AI solution to manage app security exposure
Fri, 29th Mar 2024

Legit Security, a platform that assists companies in managing their application security posture across the complete developer environment, has revealed its latest standalone, AI-powered enterprise secrets scanning product. The solution offers the ability to detect, remediate, and inhibit secrets exposure throughout the software development pipeline, meeting the needs of even the most complex development organisations.

The product provides Chief Information Security Officers (CISOs) and their teams with enterprise-grade security designed to address the necessities of the world's largest and most complicated organisations. With this tool, security teams can discover, address, and prevent the exposure of secrets across developer tools, such as GitHub, GitLab, Azure DevOps, Jenkins, Bitbucket, Docker images, Confluence, Jira, and more. It also significantly reduces erroneous detections, with false positives decreased by up to 86% as a result of Legit's AI-powered precision.

"Unlike many solutions that are based on open source and other commercial tools, Legit's enterprise secrets scanning goes beyond the source code, and is powered by AI for much better accuracy," explained Lior Barak, Chief Product Officer at Legit Security. He further highlighted the limitations of current solutions, stating, "The reality is that open source and existing solutions are ineffective at detecting secrets across the software development lifecycle; they miss critical findings and lack the management capabilities needed to manage results. That risk is something that today's organizations cannot afford as one mistake can lead to disastrous consequences."

Secrets such as API keys, access keys, passwords, and personally identifiable information (PII) demonstrate substantial value for attackers. Meanwhile, applications and developers are increasingly relying on secrets and non-human credentials to function. Based on data from IBM's 2023 Data Breach Report, secret spillage is the second most common initial attack vector. Therefore, protecting secrets is a crucial mission, as a single disclosure could potentially lead to numerous, expensive, and often challenging to repair breaches. Legit's product enables organisations to identify, remediate, and prevent losses of secrets across different developer platforms and tools.

Core advantages of Legit's enterprise secrets scanning product include performance and scale for sweeping analysis of numerous developer assets in minutes, an ability to go beyond source code for detection and prevention of secrets loss, AI-powered accuracy for accurate results and limited false positives, and centralised management of custom policies, exceptions, and secrets scanning across all products and teams. It also provides continuous visibility into the developer attack surface by discovering and assessing dev assets such as code, build systems, and artefacts.

Recent exploration of the effectiveness of Legit's enterprise secrets scanning by a top financial services organisation has led to significant improvements in its software supply chain's security after deploying Legit's solution. The all-encompassing scanning and integration capabilities provided insights into potential risks, resulting in more informed decision-making and the enhancement of security practices.

Legit Security's new product is currently available to both new and existing customers. This product represents a fundamental step toward offering customers the ability to expand their use cases to other areas such as vulnerability management, compliance, and software supply chain security based on their future requirements.