Legit Security provides insights into the enterprise’s secrets posture

Legit Security announced enhancements to its secrets scanning product.

Available as either a stand-alone product or as part of a broader ASPM platform, Legit released a new secrets dashboard for an integrated view of all findings and recovery actions taken to remediate secrets. In addition, Legit released new discovery and remediation capabilities for secrets found within developers’ personal GitHub repositories.

Secrets – from API keys and tokens to credentials and PII – play a vital role in application development. However, the high value of secrets makes them a prime target for attackers and creates risk across the organization, from security operations to cloud and platform engineering. Legit’s new capabilities greatly improve the ability to mitigate risk and reduce the attack surface associated with secrets.

“Secrets are a serious security risk, and because they are so omnipresent, they are ripe targets for threat actors seeking access to sensitive resources,” said Lior Barak, CPO at Legit Security. “As we have seen all too often, most secrets scanning tools produce too many false positives or fail to address secrets beyond source code. Legit is solving this problem by providing the broadest set of secrets detection capabilities available today. Our AI-powered solution provides much-needed visibility and delivers accurate results. Additionally, our secrets command line interface provides extensive prevention tools and solutions to control risk across the business from code to cloud. Finally, we give teams one central dashboard to view all secrets discovery and remediation activity to ease reporting requirements.”

The explosive growth in non-human identities (NHIs), which need credentials to manage authentication and authorization, has increased the prevalence of secrets. While security teams typically focus on secrets in source code, they are increasingly emerging in ticket systems, artifact registries, and other systems, such as Confluence, Jira, and Slack.

Organizations are challenged with protecting secrets from exposure while enabling developers to build services that rely on them. This challenge is further exacerbated by compliance requirements, such as HIPPA, PCI DSS and GDPR, that direct organizations to secure secrets.

Legits’ enhancements are the latest in the company’s track record of delivering innovative capabilities to secure the modern software factory. With the earlier release of its AI-powered capabilities to detect and protect secrets across the software development pipeline, Legit was the first to apply AI/ML to significantly reduce noise associated with secrets scanning.

Legit’s new secrets dashboard gives teams:

• Centralized visualization: Provides the most complete view of all secrets detection and prevention activities across the enterprise to prioritize remediation and ensure guardrails are in place.
• Secrets analytics: Prioritizes secrets remediation based on factors such as severity, source, repo/product, and user.
• Secrets prevention: Provides insights into potential new secrets that have been prevented based on an organization’s policies and established guardrails and identifies developers actively using preventative measures.
• Secrets growth and remediation trends: Insights into new secrets, issues resolution, and backlog trends, so that organizations can measure the effectiveness of AppSec programs in preventing and remediating secrets.

Legit’s new ability to discover secrets in personal GitHub repositories gives teams:

• Secrets discovery: Identifies and monitors secrets within a developer’s personal GitHub and the organization’s account, ensuring that developers do not expose secrets.
• Personal repository discovery: Identifies and builds an inventory of all personal repositories owned by an organization’s developers for a comprehensive list of assets used by developers.
• Consolidated triage and remediation: Integrates findings from business and personal accounts into the Legit platform to provide a single view of the risk associated with secrets, regardless of where they reside.

With Legit’s new and enhanced capabilities, organizations gain critical insights into the enterprise’s secrets posture to understand risk and remediation trends over time. They are also provided with the broadest coverage to strengthen their security posture and protect their development environment from end to end.

Legit offers a free trial of its secrets detection and prevention solution.