Categories
News

HelpNet Security: BluBracket adds crucial leaked code detection

HelpNet Security covers the major upgrade to BluBracket’s Code Security Suite and how crucial code detection is in the time of Git and code sharing by default.

Categories
News

BluBracket named “Emerging Security Vendor to Know” by CRN

BluBracket was named to the influential “Emerging Security Vendors to Know” annual list by CRN. Check out the full list.

Categories
News

BluBracket Adds Stolen and Leaked Code Detection, Remediation to its CodeSecurity Suite

PALO ALTO, CALIFORNIA – August 5, 2020 – At the Black Hat Security Conference, BluBracket, the leader in code security, today introduced significant new functionality to its Code Security Suite, allowing companies for the first time to find stolen and copied source code in public repositories.

In today’s digital coding environment, code can be copied and shared with one click. Code proliferation represents a significant threat to companies today—not just in the loss of intellectual property, but also in the risks code poses to general enterprise security. Code not only gives critical details of how a company runs its business, it also can give hackers a blueprint and the needed credentials to unlock proprietary systems.

Just last week, code from over 50 companies was stolen and published to GitHub repositories for anyone to access. Companies were unaware their code had been stolen or posted publicly until the press began reporting on the “Gigabreach.” By that time, it’s too late.

“Code is stolen and leaked online everyday,” said Prakash Linga, CEO of BluBracket. “The world runs on code. Our customers need an efficient way to find and remove code that has been leaked to the public. By adding this functionality to our CodeSecurity Suite, we’re offering customers the opportunity to protect their critical corporate assets, all without hampering developer productivity.” 

Fighting Code Proliferation.

BluBracket is the first company to address code proliferation and risk by allowing companies to “fingerprint” important code and consistently monitor it to ensure their code doesn’t appear on unauthorized public repositories.

During BluBracket’s initial scan of a repository, it creates a hash of all the source code contained within the repo. This hash is then compared against any other source code that is scanned in the future, which could be code in other private repositories or repositories in the public realm. If the hash is matched up with code found outside of the original repository, BluBracket alerts the appropriate security or engineering personnel via its own interface or through a SIEM tool.

BluBracket scans both public and private repos designated by the company at launch. In addition, BluBracket uses the list of contributors to a company’s repos to identify the public repos to which they have added code. This means that if your code has made its way to open source projects, or to a developer or contractor’s non-company accounts, you can find and remediate the issue.

BluBracket also allows companies to scan and find code copies on developer endpoint machines. By invoking the BluBracket Scanner, you can scan developer devices for both known repositories and cloned repositories from private or public sources. This can be an effective step when transitioning developers from one project to the next and can provide assurance that especially sensitive code has not unwittingly been copied to public repositories.

BluBracket’s machine learning-based alerting system is constantly learning and adjusting to avoid false positives and will alert users based on their classification of the code’s importance. This means that companies can configure alerts, for instance, for only the code that is critical to company security and competitive advantage. This type of alerting and monitoring is critical for both the security and DevSecOps teams responsible for code and general digital security.

Additional Functionality from the Code Security Suite.

Code Fingerprinting and Discovery is a critical piece of the Code Security Suite which allows companies to:

  • Discover and classify code. Companies can run a BluPrint of their Git environments to understand where their code is and who has access to it. They can also classify their most critical code for detailed chain of custody information for any compliance or audit needs.
  • Detect and monitor your risks. BluBracket can detect secrets in code, misconfigurations and other risks and ensure that no sensitive passwords or tokens are being misappropriated, mishandled or misused.
  • Protect valuable code. All the visibility, alerting and remediation needed to take action and protect code investment from both insider and outsider code theft or unauthorized publishing to open source.
  • Enforce security policies. BluBracket bridges the gap between your security, development and devops teams by making security policies actionable and enforceable in your CICD pipeline.

Meet us at Black Hat.

BluBracket will be featured at the Black Hat Security Conference. BluBracket will be exhibiting at Black Hat in a virtual “booth” and offering demos and contests to drive connection with the Black Hat community. To schedule a demo, enter our contest or talk to sales, please contact us at https://pages.blubracket.com/blubracketatblackhat.

About BluBracket.

Named as a finalist in the prestigious RSA Sandbox Innovation Awards, BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night. Companies using BluBracket will be able to discover and secure their code environments while maintaining the innovation and speed they need to compete. BluBracket delivers security at the speed of code. More information can be found at www.blubracket.com.

###

Categories
News

Source code from 50 companies stolen and leaked online

Internal software source code from more than 50 high-profile companies across tech, finance, retail, and other sectors has been leaked online. 

Making the source code available for public viewing could allow cyber attackers to more easily scrounge for confidential company information.

Read more in Business Insider.

Categories
News

BluBracket named to Top 10 Start-Up List

CRN magazine chose BluBracket as a top 10 start-up.

Categories
News

Hacker gains access to Microsoft’s private GitHub repos

“A hacker has gained access to a Microsoft employee’s GitHub account and has downloaded some of the company’s private GitHub repositories.

The intrusion is believed to have taken place in March, and came to light this week when the hacker announced plans to publish some of the stolen projects on a hacking forum.”

Read the full article.

Categories
News

BluBracket Founders’ Story

Curious about how BluBracket came into existence? Our founders have started three companies together, and the creation of BluBracket was born from customers asking about code security. Read the classic Silicon Valley story in this founders spotlight from Unusual Ventures.

Categories
News

BluBracket featured in Silicon Valley Business Journal

The venerable Silicon Valley Business Journal profiled BluBracket and our Git security solution. And they grabbed an impressive picture of our CEO in our Palo Alto office.

Categories
News

BluBracket Introduces First Comprehensive Security Solution for Code in a Software-Driven World

BluBracket, the leader in securing code for the enterprise, today introduced its product suite,
representing the industry’s first comprehensive security solution for code in the enterprise. As a testament to its early technical lead in an important new category, BluBracket has been selected as a finalist in the prestigious RSA Conference Innovation Sandbox Contest, an annual competition featuring the year’s most innovative and promising cybersecurity startups.

“Just as we’ve seen hackers exploit tools like email, they are now exploiting code and code sharing tools like GitHub. For many companies their intellectual property is now encased within code, not documents. Until now there hasn’t been a tool to secure code that doesn’t interfere with developers’ productivity,” said Prakash Linga, CEO of BluBracket. “We are thrilled that we’ve already been named as an innovator by the 2020 RSAC Sandbox committee. We believe our technology, team and customers put us ahead in an important category, and we look forward to solving this critical need for our customers.”

Additionally, BluBracket has raised a $6.5 million seed round lead by Unusual Ventures, with participation by Point72 Ventures, SignalFire and Firebolt Ventures.

“Code is more valuable and distributed than ever, yet the tools used for cloud-native, modern software development don’t have the insight or control today’s enterprise demands,” said John Vrionis, founder and partner at Unusual Ventures. “At Unusual, we look for authentic founders who drive innovation through technology. When we saw the BluBracket vision, combined with the team’s experience, our decision was an easy one. We look forward to accelerating their vision to transform this important new category in cybersecurity.”

The critical need for code security.

BluBracket secures today’s most valuable and vulnerable enterprise asset—code. The world now runs on software. BluBracket makes it safe.

Today’s digital environment is collaborative, open and complex—with developers using code management and sharing sites like GitHub and StackOverflow and including open source in more than 90 percent of all new applications. Source code is too valuable of an asset to leave exposed, with security and engineering teams having no visibility into where corporate code has been cloned, exposed or stolen.

As this code makes it way to the cloud, security becomes even more challenging as hackers have noticed these coding environments are an open door into the enterprise, with scores of high-profile breaches stemming from code from Uber, AWS, Starbucks, Capital One and many more.

“Open source code and tools have taken over the software development lifecycle,” said Jim Zemlin, executive director of the Linux Foundation and board member at BluBracket. “We’ve seen tremendous innovation driven by these changes, but we’ve also seen traditional models and tools struggle to keep up with the pace set by developers and devops. Code security that respects developers’ productivity is a critical need for companies who see software as the foundation of their competitive advantage.”

BluBracket built for—and with—enterprise leaders.

BluBracket has partnered with dozens of CISOs and CTOs over the last year to design its product suite, giving it an advantage born from real-world expertise. These companies represent a cross section of industries including financial services, transportation, entertainment and media, and travel and hospitality.

 “At Compass, we use technology to drive competitive advantage in everything we do,” said Bill Martiner, Head of Enterprise Technology at Compass Real Estate. “Securing code is a key piece of our security puzzle, and it’s clear BluBracket’s vision delivers comprehensive security for the modern software development cycle. Code is valuable IP that must be protected, and I’m pleased to work with BluBracket on this important technical innovation.”

“In our business, more and more intellectual property and sensitive information is found in code, yet there are very few solutions in the marketplace designed to protect it,” said John Terrill, CISO of Point72 Asset Management. “BluBracket understands the challenge that companies like ours face and has built a unique platform to help us protect our data assets.”

“Source code is critical for our business, both in applications we write and in the infrastructure our technology runs on,” said John Visneski, Data Protection Officer at The Pokémon Company International. “We’re excited to work with BluBracket on this important solution that protects our valuable IP and our underlying systems. Code is only increasing in importance and in speed to deployment. BluBracket’s knowledge of both development and security has translated to a product that secures this important aspect of our business.”

Introducing the BluBracket Code Security Suite.

According to IDC, the devops tools market is forecast to reach $15 billion in 2023, driven by continued enterprise adoption of highly automated CI/CD, infrastructure provisioning and DevSecOps. These innovations have been a boon for speed and innovation, but they weren’t designed for security and security teams have scrambled to adjust.

BluBracket combines deep expertise in enterprise security with innovative and developer-friendly technology. Its BluBracket:CodeInsights and BluBracket:CodeSecure products give companies the key to unlock software innovation while protecting their enterprise infrastructure and valuable intellectual property.

With BluBracket, companies for the first time can:

 – Discover and classify code. Companies can run a BluPrint of their Git environments to understand where their code is and who has access to it. They can also classify their most critical code for detailed chain of custody information for any compliance or audit needs.

 – Detect and monitor your risks. BluBracket can detect secrets in code, misconfigurations and other risks and ensure that no sensitive passwords or tokens are being misappropriated, mishandled or misused.

 – Protect valuable code. All the visibility, alerting and remediation needed to take action and protect code investment from both insider and outsider code theft or unauthorized publishing to open source.

 – Enforce security policies. BluBracket bridges the gap between your security, development and devops teams by making security policies actionable and enforceable in your CICD pipeline.

Meet us at RSAC:

BluBracket will be featured at the RSA Conference as one of the top ten finalists for the Sandbox Innovation Contest. On Monday, February 24, the finalists will present a three-minute pitch followed by a question-and-answer round as they battle on stage for the title of “Most Innovative Startup.”

BluBracket will also be exhibiting at RSA in the Early Stage Expo booth 27. To schedule a demo or talk to sales, please contact us at www.blubracket.com.

About BluBracket

Founded by security veterans and built alongside Fortune 500 security and engineering leaders, BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night. Companies using BluBracket will be able to discover and secure their code environments while maintaining the innovation and speed they need to compete. BluBracket delivers security at the speed of code. More information can be found at www.blubracket.com

Categories
News

BluBracket named finalist for RSAC Innovation Sandbox Award

BluBracket will be featured at the RSA Conference as one of the top ten finalists for the Sandbox Innovation Contest. On Monday, February 24, the finalists will present a three-minute pitch followed by a question-and-answer round as they battle on stage for the title of “Most Innovative Startup.”