Securing DevOps Using Deception and Denial - Attivo Networks
Attivo Networks Blogs

Securing DevOps Using Deception and Denial

security-boulevard-logo

As organizations increasingly utilize DevOps for software development and IT operations, DevOps environments have become a priority target for would-be cybercriminals. Throughout the development process, it is critical to continually assess whether attackers have injected malicious code into the environment, and the nature of DevOps development can make this a challenge. DevOps works according to continuous integration/continuous delivery (CI/CD) mechanisms, and there are specific areas where attackers can interface with CI/CD. Identifying ways to derail those attacks is a critical part of DevSecOps, and deception and denial technology has emerged as a valuable tool capable of mitigating risk during each phase of DevOps development.

Deception and denial technology steps in to divert attack tactics such as credential access, when attackers steal credentials that point to CI/CD systems; AD reconnaissance, which can allow attackers to find CI/CD servers; and lateral movement and privilege escalation, which can enable attackers to own the CI/CD systems. Breaking down DevOps into four distinct phases (plan, build, deploy and operate) is a helpful way to illustrate the potential value of deception and denial. Each phase has areas where the technology can derail attackers attempting to infiltrate and exploit DevOps environments.

Read the complete article by Carolyn Crandall in Security Boulevard.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free

FAST AND EASY

Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial

GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY

  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise

RSS

Leave a Comment

Your email address will not be published. Required fields are marked *

four − three =

Ready to find out what’s lurking in your network?

Scroll to Top