How does Saas Sentinel work?
SaaS Sentinel is looking to help organizations detect intrusion as it unfolds and reduce the Mean-Time-to-Detect.
SaaS Sentinel is using the honeytokens technology. Honeytokens are secrets (like AWS API keys, or other credentials) that are left in an infrastructure to tempt attackers to try and exploit them. Once an attacker uses a honeytoken, it sends an alert and this lets users know when and how someone is breaking in while they are breaking in.
After initial access, attackers often execute lateral movement techniques, thanks to exposed credentials or secrets. Using clear-text credentials found in source code, configuration, or logs is one of the simplest ways to achieve persistence.
It can be clear when examining the logs that suspicious activity occurred on a data server; by that point, it is too late, as the data has already been compromised.
Software supply chain attacks have increased in number and sophistication. Attackers are increasingly turning to components in the software supply chain as entry points: Source Control Management (SCM) systems, Continuous Integration and Continuous Deployment (CI/CD) pipelines, and software artifact registries. Hence, SaaS Sentinel scope of surveillance.