Oort is now part of Cisco  |  Learn more

Try it free
Back

Enhancing Identity Threat Detection: Introducing Oort’s New GitHub Integration

The Oort Data Science team recently discovered a series of concerning events on GitHub. Within a span of less than 24 hours, a team member extended an invitation to an external account, which was promptly accepted, leading to the complete cloning of a repository. 

Are you confident in your ability to identify such an event? These are precisely the kinds of critical insights we offer with our new GitHub integration.

In the ever-evolving threat landscape, protecting code repositories has become increasingly critical. As attackers continue to target valuable assets, security teams face the daunting task of ensuring visibility and control to mitigate the risk of account takeovers. This week, we are thrilled to announce the release of our new GitHub integration, designed to enhance identity security and extend threat detection and response capabilities within source code repositories.

 

The Importance of Identity Security for Code Repositories

Recent security breaches affecting organizations such as Okta, Dropbox, and Gentoo Linux have underscored the significance of identity security for code repositories. These incidents serve as stark reminders of the potential consequences when malicious actors gain unauthorized access to sensitive assets. Notably, threat groups like Shiny Hunters have targeted private GitHub repositories, breaching multiple companies, including Microsoft. They have leveraged this technique to gain unauthorized access, extract hard-coded keys and passwords, and harvest credentials for unauthorized entry into cloud services and databases hosted on platforms like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).

 

The Complex Challenge of Securing Identities in GitHub

With a massive user base of 90 million active users, GitHub serves as a critical foundation for securing both open-source projects and private enterprise repositories. However, effectively securing GitHub poses a complex and challenging identity security problem. 

As Matt Caulfield, Oort’s Founder and CEO, wrote earlier this year, the beauty of the GitHub model lies in its unfettered collaboration capabilities, enabling developers and teams to collaborate seamlessly. This collaboration also creates a significant headache for modern IT security teams.

To prevent account takeovers in GitHub, security professionals need answers to a lot of questions. Who has admin roles? What about external collaborators? These challenges need to be addressed to ensure robust identity security measures within GitHub. Failing to manage these aspects can leave repositories vulnerable to unauthorized access, data breaches, and malicious activities.

 

Introducing Oort's New GitHub Integration

To address these challenges, Oort has developed a new GitHub integration that provides security teams with the necessary tools and insights to strengthen identity security within code repositories. 

By integrating with GitHub, Oort consolidates all activity in one place, offering a centralized view of user activities and entitlements across various identity providers, including Okta, Azure AD, and Duo. This comprehensive approach empowers security teams with the visibility and control they need to effectively manage identities and respond swiftly to potential security incidents.

 

 

Key Features and Benefits

Enhanced Visibility

Oort's integration offers a comprehensive view of user activities, enabling security teams to monitor and investigate actions within GitHub. By having all activity data in one place, teams can streamline investigations, identify potential security threats, and respond promptly to mitigate risks. Whether it's reviewing user activity logs or auditing organizations and user emails, Oort provides a centralized platform for comprehensive visibility into GitHub activities.

Improved Identity Security Posture 

Oort's continuous monitoring capabilities also help enhance identity security within GitHub. By identifying internal and external users without multi-factor authentication (MFA) and monitoring inactive user accounts, Oort strengthens security postures and prevents unauthorized access to GitHub repositories. This proactive approach ensures that only authorized individuals with proper security measures in place can access critical code repositories. By addressing vulnerabilities such as unsecured user accounts and inadequate authentication practices, Oort enables security teams to establish a robust security posture within GitHub.

 

Threat Detection 

Imagine a new GitHub user is created, and they begin downloading all files from a repository. You’d probably want to know about this immediately.

With this new GitHub integration, Oort can provide deep insights into identity threats in GitHub. By analyzing various factors such as rare browser activity, admin roles assigned to users, and instances where a user's tenant is accessed from a new country, Oort helps security teams identify suspicious activities and potential security breaches. These indicators serve as early warning signs, allowing teams to take proactive measures to protect sensitive assets and prevent unauthorized access. With Oort, security teams can detect and respond to identity threats, ensuring the integrity of their code repositories.

 

Getting Started with Oort's GitHub Integration

Setting up Oort's GitHub integration is quick and straightforward. You can seamlessly access the integration within the Oort dashboard, with the entire process taking only five minutes. To benefit from these new capabilities, customers must have an Enterprise GitHub plan, ensuring a seamless integration of Oort's features with GitHub's powerful platform. Once set up, security teams can start leveraging Oort's enhanced visibility, threat detection, and improved security posture features to protect their code repositories effectively.

 

We Value Your Feedback

At Oort, we are committed to investing in the continuous improvement of our integrations to provide the best possible solutions for security teams. We welcome your valuable feedback as we strive to make this integration even better. Your insights and suggestions help us refine our offerings, ensuring that we meet the evolving needs of security teams working with GitHub.

 

Recent Blogs

Duo SSO Logging Improvements 

We’re committed to enhancing the visibility of data sourced from Duo.true

User Linkage Suggestions 

This week, we’re excited to introduce User linkage Suggestions withintrue