Book a demo

Detect and Rotate Exposed Secrets with Astrix

Danielle Guetta October 22, 2024

Exposed secrets such as API keys, tokens, and other machine credentials are a critical part of your NHI risk landscape. Astrix discovers exposed secrets and provides rich context and risk prioritization to easily remediate without breaking anything.

The Challenge

Secrets often end up in repositories, infrastructure templates, and different chat channels like Slack and Teams channels, making them a vulnerability that is often exploited for initial access and even privilege escalation. But it’s not enough to detect an exposed secret; in order to properly rotate or remove a leaked secret, security and engineering teams need operational and technical context in order to understand what is the risk (and prioritize), and what processes depend on that secret.

Astrix’s Secret Scanning Solution: Automated Discovery & Remediation

Astrix’s secret scanning solution automatically detects and addresses exposed secrets across environments. It continuously scans, alerts, and provides detailed insights to help security teams act quickly.

Key Benefits:

  • Strengthen your NHI security program Astrix’s NHI security capabilities, combined with advanced secret scanning, reveal threats that would otherwise go undetected—like an exposed secret used in China. 
  • Map exposed secrets in real-time Get an up to date inventory of all exposed secrets across cloud and SaaS platforms. See exactly where they are, and who exposed them.
  • Get unparalleled context Knowing a secret is exposed is not enough. Astrix allows you to prioritize risk and easily rotate exposed secrets through rich context about the secret’s lifecycle and usage. 
  • Automate & remediate Automate secret rotation and decommissioning through out-of-the-box workflows and end-user interactions. Reduce overhead with integrations with your existing security stack. 

Key Features:

  • Real-time detection Get a continuous inventory of exposed secrets, and everywhere they were detected. Astrix supports hundreds of secret types across cloud environments.  
  • Risk prioritization & context See each exposed secret’s technical purpose (Slack bot, AWS service account, GitHub PAT), what it allows access to (Slack workspace, S3, GitHub repos), whether it is active or not, the time it was leaked, the leaker, and the creator. 
  • Secret ownership Streamline remediation by easily assigning ownership for each exposed secret to their human creators. 
  • Secret usage & redundancy Easily understand if an exposed secret is active or not, what it’s connected to, and how to rotate or remove it without breaking anything.
  • Automatic end-user communication Remove risky access without interfering with business processes. Automatically notify and get feedback from the secret’s leaker and users of associated services. 
  • Integrations with existing tech stack Maintain productivity by integrating Astrix with your existing security stack. Get a Slack notification, automatically open Jira tickets, use API automations or work with your SIEM.

Real Customer Case Studies

Catching the red team red handed

  • Astrix detected an exposed secret in a customer’s GitHub repository, which was shared as plain text. 
  • While other products would simply flag this as an exposed secret, Astrix correlated  the secret to a Slack bot, and was able to show its permissions and flag it as a risk.
  • Shortly after, Astrix’s anomaly detection engine identified suspicious activity related to the Slack bot and sent an automated alert to the SOC team. 
  • The SOC team quickly rotated the secret, preventing the Red Team, which had discovered the exposed secret, from exploiting it. 
  • Thanks to Astrix, the customer responded immediately and fully understood the incident during their investigation.

Secrets as damage multipliers in a breach

  • Astrix alerts customers when NHIs are compromised. 
  • During a recent breach, a customer was alerted that several NHIs in their GitHub were compromised. 
  • Using Astrix, the customer saw that these NHIs had access to a total of 2,000 repositories in their GitHub. 
  • Not only was the source code at risk, but Astrix also revealed that 500 of those repositories also contained at least one exposed secret, with a total of 3,000 different secrets for AWS, Slack, GCP, and more. 
  • This comprehensive view enabled the customer to fully understand and manage the breach, including the risk posed by the compromised secrets. 
  • With Astrix, the customer received a complete, dynamic, and airtight view of the NHI landscape and the lateral movement risks due to the compromise of some of them.

Learn more

Securing NHIs in Salesforce and NetSuite for SOX Compliance
Corporate

Securing NHIs in Salesforce and NetSuite for SOX Compliance

Danielle Guetta
Danielle Guetta 15 Oct, 2024
Employee offboarding: What about their NHIs?
Corporate

Employee offboarding: What about their NHIs?

Danielle Guetta
Danielle Guetta 30 Sep, 2024
CSA and Astrix Research: The State of Non-Human Identity Security
Research

CSA and Astrix Research: The State of Non-Human Identity Security

Danielle Guetta
Danielle Guetta 12 Sep, 2024

© 2024 Astrix Security. All rights reserved.