Netskope Community
2 weeks ago
GitHub is a web-based platform that provides hosting for software development projects utilizing the Git version control system. It serves as a collaborative platform for developers to work together on code, track changes, manage projects, and host their code repositories.
GitHub allows developers to create and maintain repositories, which are containers for code and related resources. These repositories can be either public, allowing anyone to view and contribute to the code, or private, restricting access to a selected group of individuals or organizations.
There are some security challenges that we as the Customer Zero team are trying to address for Github. The premise behind the security posture is considering sensitive data movement, malicious repositories, code injection and leakage, ensuring appropriate access controls and permissions. We are currently monitoring and securing access to Github internally with a breadth of products that are developed and maintained by the development and QA teams at Netskope. These capabilities include areas such as inline protection, API-enabled protection, SaaS security posture management (SSPM), and Cloud Firewall, to name a few. In this guide, we will provide a perspective of how Netskope’s products and capabilities are used internally for securing enterprise data.
Real-time Protection
For Github, some of the real-time policies in place:
Netskope API Data Protection works by directly connecting to a cloud app using the APIs published by the app, and uses OAuth to gain delegated access to the app.
Netskope's API Data Protection provides a complementary deployment model to provide cloud visibility, policy, and data security services by directly connecting to a cloud service using the APIs published by the cloud services. The API Connector works in conjunction with the Netskope cloud proxy to provide defense-in-depth security services.
For Github, we currently have an API protection policy similar to that of the realtime policy which checks for sensitive data ((PII, PCI, PHI, SSN, passwords, API security keys) in Github.
This ensures data is protected in Github instances at all times.
SaaS Security Posture Management (SSPM) is a service that provides an organization insight into the security posture of their SaaS applications. According to Gartner, SSPM is defined as “tools that continuously assess the security risk and manage the security posture of SaaS applications. Core capabilities include reporting native SaaS security settings' configuration and offering suggestions for improved configuration to reduce risk."
Some of the benefits of SSPM include:
Each of these rules satisfy the following compliance standards:
Nextgen SSPM version supports enhanced features for Github security posture management. This provides some new features such as:
For both real-time as well as API-based Github traffic, machine learning algorithms can be used and classified, as part of Netskope Behavior Analytics. Netskope's User Behavior Analytics tool looks at patterns of human behavior, and then applies algorithms and statistical analysis to detect meaningful anomalies from those patterns—anomalies that indicate potential threats. Instead of tracking devices or security events, behavior analytics tracks users. There are a set of predefined Behavior Analytics rules that can be used to create policies for detecting any abnormalities in both real-time, as well as API connector-based Github instances, from a user activity perspective. Few of these are mentioned below:
Application Activity Summary dashboard can be used in Advanced Analytics to get some insights of trends for Github.
Hope this blog post helped in providing a brief insight into how Github is protected at Netskope for reference. Please feel free to discuss any concerns or questions that you may have.
2 weeks ago
Great write up!
a week ago
Would love more details on "DLP policy which checks for certificate files in the Development Tools category.". Certificate files is not a pre-defined DLP criteria. Would love to know what you setup here.
a week ago
Hi nduda,
You can create a file filter with specific certificate file names and extensions. You can include this file filter in a DLP rule for Development Tools category. Or if there are some specific keywords inside the certfile, you can also create a dictionary for it with a DLP rule.
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In