- Secrets and keys to SharePoint, Google Drive, Github, SSH, S3, Box, BiTBucket, and Windows File Systems can provide attackers access to source code, client data, and critical financial data.
- Concentric AI’s DSPM solution examines an organization’s data, finds sensitive or business-critical material, selects the optimal categorization category, and tags it automatically. AI reduces regex rules and end-user labeling by improving discovery and categorization accuracy and efficiency.
Concentric Software Inc., an autonomous data security posture management service provider, recently unveiled new deep-learning-driven detection tools to search popular enterprise on-premises and cloud data repositories and email and messaging programs for hardcoded “secrets” and crucial credentials.
Applications use secrets as programmatic access keys, such as connection strings, access tokens, and API keys, to access sensitive data and cloud services. According to a recent study, each organization is thought to have at least 500 secrets spread across at least five secret stores.
According to Concentric AI, technological advances like generative artificial intelligence have made it simpler to trick workers into opening dangerous links or downloading malicious attachments, making businesses more susceptible to a breach. Once an attacker has successfully gained access to a network, they can search through enormous amounts of unstructured data for secrets and keys that will allow them to access applications.
Attackers can access sensitive intellectual property like source code, client information, and crucial financial data by obtaining secrets and keys to repositories like SharePoint, Google Drive, Github, SSH, S3, Box, BiTBucket, and Windows File Systems.
By deleting unnecessary secrets, the updates to Concentric AI’s Semantic Intelligence data security posture management, or DSPM, solution are intended to help security teams address risks to sensitive data. This decreases the risk of malware attacks that could cause lateral movement and the possible loss of sensitive data.
Concentric AI’s Semantic Intelligence uses deep learning and natural language processing to find hidden secrets and application keys in unstructured data. The service scans repositories without static rules or fixed regex patterns and uses NLP to find secrets and keys.
Because it is impossible to write rules or regex patterns to address this threat without producing a significant amount of false positives and negatives, this solves the problem that data repositories are extremely difficult to scan—according to Concentric, applying deep learning and NLP results in high-fidelity detection with few false positives and negatives.
Concentric The DSPM solution from AI scans an organization’s data, looks for sensitive or business-critical content, chooses the best classification category, and then tags the data automatically. Artificial intelligence (AI) improves discovery and classification accuracy and efficiency to avoid countless regex rules and incorrect end-user labeling.
Additionally, the service can automatically detect and monitor financial and other data risks resulting from improper permissions, incorrect entitlements, risky sharing, and unauthorized access. To quickly and continuously protect exposed data, the service automatically fixes permissions and sharing problems and can use other security tools and cloud APIs.