Compromised Developer Identity & Insider Threat Detection

Imagine If…

You could be alerted when a front-end developer commits back-end code to a business-critical application at 3am on a Sunday, indicating a potentially compromised identity or insider threat.

With Apiiro, you can…

Detect compromised accounts, insider threats, and malicious commits based on a multidimensional analysis. The Apiiro Code Risk PlatformTM detects and prevents malicious commits to code repositories using User and Entity Behavior Analytics (UEBA) and Anomaly Detection technologies (patent-pending). This capability is based on Machine Learning and Artificial Intelligence algorithms that analyze the behavior of different entities in the organization:

• Time
• Location
• Developer expertise
• Code components
• Security controls
• Data types
• Organizational behavior
• Other contextual factors.

Apiiro is pioneering Developer Identity Behavior Analytics (DIBA) to identify compromised developer accounts and insider threats. Apiiro’s inclusion of developer knowledge and developer-specific behavior patterns enable our analysis to attain an unsurpassed level of accuracy.

Apiiro’s algorithms extract dozens of domain-oriented features (including logical, contextual, and time-series features) to build a multi-dimensional characterization of each entity. Various sources are used for the feature extraction. For example, both the metadata and the content of the historical commits, pull requests, and tickets are thoroughly analyzed and their numerical, time-series and textual features are extracted. Another source of data for the algorithms is the historical cross repositories code analysis features produced by our own platform. Once the features are extracted and enriched with our domain expertise, Apiiro builds and trains an adaptive behavioral model in real-time.

In addition to individual models for each entity in the organization, Apiiro’s algorithms train higher-level models, which are used to strengthen the confidence of the detected events. This way we can achieve a high detection rate of malicious activities, while lowering the false detections of irrelevant anomalies. For example, comparing a developer’s behavior to their peer group behavior can shed light on the legitimacy of an individual’s activity.

The Challenges with Today’s User and Entity Behavior Analytics (UEBA)

With the rise of DevOps, the same developers (and developer identities) have an increased ability to make changes to production environments. A single compromised identity or malicious insider can now have a catastrophic impact on the security of the entire application and infrastructure. Existing User and Entity Behavior Analytics tools look only at activities superficially, without a deeper understanding of context, leading to:

• Wasted time investigating false positives
• Missed compromises or malicious insiders

The Bottom Line:

Apiiro examines developer account activities to identify compromised accounts, insider threats, and malicious commits.

Take Action

To learn more about how we can help you identify compromised developer identities and insider threats: Book a demo today!