Anomalous Activity Detection
Last updated
Last updated
Xygeni’s Anomaly Detection provides robust security by actively monitoring and addressing vulnerabilities and risks as they are detected. Our real-time analytics ensure that any attempt to exploit these vulnerabilities is identified and mitigated quickly, protecting the integrity and security of your software operations.
Anomaly Detection platform provides an additional layer of security by continuously monitoring and analyzing activities within your SCM and CI/CD infrastructure to identify and respond to unusual behavior quickly. Xygeni detects anomalies that indicate unauthorized modifications, access, or exploitations in real time. This proactive approach ensures that potential security breaches are addressed before they can escalate into serious threats.
Xygeni’s Code Tampering secures your applications by detecting unauthorized modifications in your codebase, pipelines, and configurations. It scans critical file changes, promptly identifies malicious alterations, and notifies findings for immediate action. Furthermore, it provides detailed insights including commit details and specific affected files, enhancing your response efficiency.
Find mismatches from the expected state at each point in the software pipeline
Certain mismatches between data from tools across the supply chain may alert the organization of a potential issue that could be exploited by a bad actor. Examples of such mismatches include differences between IaC configurations and the settings at production, integrity failures like differences between files in the code repository and the build / CI systems, or changes in important files that should not change without notification, like installation scripts, CI configurations and pipelines or protection controls in tools.
Protect critical code against unintended changes
Parts of software source code, like installation or upgrade scripts, build pipelines, or important configuration files should have changes blocked by default, and a strict procedure should be enforced for their modification. Xygeni helps with implementing such procedures and detecting any change in critical code not following them.
Code Tamper Scanner
Code Tamper Scanner is equipped with a variety of detectors designed to identify unauthorized modifications across several crucial areas:
CI/CD: Detects changes in build and workflow files.
Context-Aware Prioritization: Monitors modifications in CODEOWNERS, configuration, environment files, and shell scripts.
Descriptor: Scans for unauthorized changes in dependency descriptor files.
Infrastructure as Code (IaC): Identifies modifications in IaC templates.
Policy: Tracks changes in security policy files.
Security Tool Configuration: Detects alterations in the configuration of security tools.
Custom Critical Files: Alerts on changes to files designated as critically important by the user.
Xygeni ensures proactive security by providing real-time alerts for detected anomalies, allowing your team to respond quickly to potential threats.
Identify anomalies in behavior as evidence for a potential security breach
Unusual activity, on the other way, might hold evidence that an actual breach took place. Imagine a resource like an organization’s private code repository: clones from unintended users or from anomalous geographic locations, adding-and-removing permissions in a short time period, deleting branch protection rules, or using admin rights to merge code without review or with failed status checks, are examples of such anomalies.
Xygeni warns of such anomalies across the DevOps process, and signals any drift in sources and configurations along the chain.
Alerts can be sent directly via email, a webhook, or integrated into messaging platforms like Slack, ensuring that your teams receive immediate notifications. This rapid alerting system is equipped to deliver crucial context about each incident, enabling a quick and informed response to protect your operations.
Organization Detectors: Monitor changes in configurations, compliance frameworks, and administrative privileges.
Repository Detectors: Detect unusual repository operations such as anomalous merges, deletions, and permission changes.
Branch Detectors: Focus on commits that bypass protections, along with branch setting alterations.
Jenkins Detectors: Track suspicious login behaviors and unusual plugin installations or build durations.
Adapt your anomaly detection strategy to your environment’s specific needs with Xygeni’s customizable rulesets. Tailor rules align with your organization’s unique risk profile, ensuring that alerts are relevant and timely. This customization capability allows you to fine-tune the sensitivity and specificity of the detection system, enhancing the relevance of alerts and improving overall security posture.
