GitGuardian:获融$12M 数据防泄漏
【191206 Pulse2】GitGuardian — a developer-centric cybersecurity startup specializing in finding company “secrets” in online code — announced that it raised $12 million in Series A funding led by Balderton Capital. Fly Ventures, GitHub co-founder Scott Chacon, and Docker founder Solomon Hykes also joined this round.
【谷歌翻译,未经校对】GitGuardian是一家以开发人员为中心的网络安全创业公司,专门研究在线代码中的公司“秘密”,该公司宣布获得由Balderton Capital牵头的1200万美元A轮融资。 Fly Ventures,GitHub联合创始人Scott Chacon和Docker创始人Solomon Hykes也加入了这一轮。
And GitGuardian was built to uncover sensitive company information hiding in online repositories. And GitGuardian’s real-time monitoring platform helps enterprise teams manage data leaks to prevent breaches that could cause millions of dollars in potential damages.
GitGuardian旨在发现隐藏在在线存储库中的公司敏感信息。而且,GitGuardian的实时监控平台可帮助企业团队管理数据泄漏,以防止可能造成数百万美元潜在损失的漏洞。
The scale of this problem represents a major challenge for companies today. For example, a SANS Institute survey this year found half of company data breaches were the result of account or credential hacking, higher than any other attack method among firms using cloud-based services.
这个问题的规模对当今的公司来说是一个重大挑战。例如,SANS Institute今年的一项调查发现,公司数据泄露的一半是帐户或凭据黑客的结果,高于使用基于云的服务的公司中的任何其他攻击方法。
Enterprise software developers rely on the integration of multiple internal and third-party services to offer essential features to clients. And to integrate such services, developers handle incredibly sensitive secrets like login details, API keys, and private cryptographic keys used to protect confidential systems and data such as payment systems, servers, and intellectual property.
企业软件开发人员依靠多个内部和第三方服务的集成为客户提供基本功能。为了集成这些服务,开发人员可以处理难以置信的机密信息,例如登录详细信息,API密钥和专用密码密钥,这些密钥用于保护机密系统和数据,例如支付系统,服务器和知识产权。
To build and refine the code needed to make such integrations work, more than 40 million developers and almost 3 million businesses and organizations worldwide use GitHub. And the collaborative nature of this platform is what makes GitHub such a useful and revolutionary development tool, but it can also lead to “secret leakage” in which developers unwittingly expose sensitive company credentials to the public via their code repositories.
为了构建和完善实现这种集成所需的代码,全球有超过4000万开发人员以及近300万企业和组织使用GitHub。而且,该平台的协作性质使GitHub成为有用且具有革命性的开发工具,但它也可能导致“秘密泄漏”,在这种泄漏中,开发人员会不经意地通过其代码存储库将敏感的公司凭据公开给公众。
“Through our detection and alerting services, GitGuardian has already supported global government organizations, more than 100 Fortune 500 companies and 400,000 individual developers to date,” said GitGuardian co-founder and CEO Jérémy Thomas. “Currently, every company with software development activities is concerned about secrets spreading within the organization, and in the worst case, to the public space. As a company with so much sensitive information at hand, we have built a culture of unconditional secrecy at our core.”
“通过我们的检测和警报服务,GitGuardian已经为全球政府组织,超过100家财富500强公司和40万个人开发商提供了支持,” GitGuardian联合创始人兼首席执行官JérémyThomas说。 “目前,每家从事软件开发活动的公司都关心组织内部(最坏的情况是传播到公共场所)的机密。作为一家手头有这么多敏感信息的公司,我们已经建立了一种无条件保密的文化。”
GitGuardian’s systems are able to detect thousands of credential leaks per day. And while some breaches are relatively low impact, many are of a highly critical nature and may put companies at significant risk. This potentially giving hackers access to entire systems and classified databases. And in recent years, breaches have led to billions of dollars wiped off company valuations and millions being paid in settlement costs and fines.
GitGuardian的系统每天能够检测数千个证书泄漏。尽管某些违规行为的影响相对较小,但许多违规行为的性质却非常关键,可能会使公司面临重大风险。这可能使黑客能够访问整个系统和分类数据库。近年来,违规行为导致公司估值损失数十亿美元,并支付了数百万美元的和解费用和罚款。
GitGuardian originally built its launch platform with public GitHub in mind. But GitGuardian is built to be able to monitor and notify on secrets that are inappropriately disseminated in internal systems such as private code repositories or messaging systems. Internal systems are often treated with complete trust leading to secrets being freely shared on messaging platforms for instance. And this makes these systems high-value targets for hackers: once compromised, secrets found there can be leveraged to make larger and more damaging attacks on other systems.
GitGuardian最初是在考虑公共GitHub的情况下构建其启动平台的。但是,GitGuardian的构建是为了能够监视和通知在内部系统(例如私有代码存储库或消息传递系统)中不适当传播的秘密。内部系统经常受到完全信任的对待,从而导致例如在消息传递平台上自由共享秘密。这使这些系统成为黑客的高价值目标:一旦受到威胁,发现的秘密就可以被利用来对其他系统进行更大和更具破坏性的攻击。
“The modern software development process is remarkable in its ability to allow large, distributed teams to deliver complex systems quickly. However, the very connectivity and openness this depends on has left many companies unwittingly exposed,” added Balderton Capital partner Suranga Chandratillake. “Rather than encumber technology organizations with limiting compliance procedures, GitGuardian allows the modern enterprise to develop code quickly and how it wants to, but with automated visibility and protection over how data, credentials and other sensitive information is used, moved and shared. We are delighted to be joining Jeremy and Eric on their mission to build a platform that allows more people to build more code faster and more safely.”
现代软件开发过程的出色之处在于它可以使大型的分布式团队快速交付复杂的系统。但是,这所依赖的高度连通性和开放性使许多公司不知不觉地暴露了出来。” Balderton Capital合伙人Suranga Chandratillake补充说。 “ GitGuardian不会使技术组织受到严格的合规性程序的限制,而是使现代企业能够快速开发代码以及其希望的方式,但是具有对数据,凭证和其他敏感信息的使用,移动和共享方式的自动可见性和保护。我们很高兴加入Jeremy和Eric的使命,建立一个平台,使更多的人可以更快,更安全地构建更多代码。”
With this round of funding, GitGuardian plans to expand its customer base, predominantly in the US. And around 75% of its clients are currently based in the US with the remainder being based in Europe. And the funding will continue to drive this expansion. Plus GitGuardian also developed a monitoring platform for private sites.
通过这一轮融资,GitGuardian计划扩大其客户群,主要是在美国。目前,约有75%的客户位于美国,其余的则位于欧洲。资金将继续推动这一扩张。此外,GitGuardian还为私有站点开发了一个监视平台。
“Securing your systems starts with securing your software development process. GitGuardian understands this, and they have built a pragmatic solution to an acute security problem. Their credentials monitoring system is a must-have for any serious organization,” explained Docker founder and GitGuardian investor Solomon Hykes.
“保护系统安全始于保护软件开发过程。 GitGuardian理解这一点,他们已经针对严重的安全问题建立了务实的解决方案。 Docker的创始人和GitGuardian投资者Solomon Hykes解释说,他们的凭据监视系统对于任何严肃的组织都是必不可少的。
GitGuardian’s technology works by connecting developers registered on GitHub with their companies and scanning the content of over 2.5 million commits (or code revisions) per day in search for signs of company secrets. This equates to about 1 billion commits a year, covering more than 300 different types of secrets from keys to database connection strings, SSL certificates, usernames, and passwords.
GitGuardian的技术通过将在GitHub上注册的开发人员与其公司联系起来,每天扫描超过250万次提交(或代码修订)的内容,以寻找公司机密的迹象,从而发挥了作用。 这相当于每年约10亿次提交,涵盖从密钥到数据库连接字符串,SSL证书,用户名和密码的300多种不同类型的秘密。
网安团队找钱 / 投资人找网安项目
+微信 junshao
—— 全球网安投融事件 TimeLine ——
2019年12月
2019年11月
2019年10月
【业务安全】Duality:获融$16M 隐私与数字IP保护
【整体并购】Carbon Black:被VMware收购 强化网安能力
【工业网安】SparkCognition:获融$100M AI驱动安全
2019年9月
2019年8月
【终端安全】CrowdStrike:设立$20M基金 布局平台应用
【反欺诈】Cofense:获BlackRock投资 加码防钓鱼平台
【整体并购】PageSeal:被PerimeterX并购 强化终端威胁防护
【整体并购】Veriflow:被VMware并购 强化网络维护
【云安全 】CloudCheckr:获融$15M 多云管理平台
2019年7月
2019年6月
2019年5月
2019年4月
2019年3月
2019年2月
2019年1月
2018年12月