Improve Application Security with Cycode’s Knowledge Graph and Policies

Tony Loehr
Developer Advocate

The risks of sensitive data exposure due to deliberate or accidental employee action are growing. Research by Forrester predicts insiders will cause 33% of all data exposure incidents in the upcoming year. The only answer to this growing problem is to mitigate these threats. One solution to this problem is to detect suspicious activity to improve application security: Cycode’s knowledge graph and policies are a combination that serves this purpose well.

About Cycode Policies

A key to successful security is to manage security policies centrally. Consistent management allows an organization to enforce governance across all DevOps tools within the SDLC. Cycode’s policies allow its clients to achieve this enhanced level of control by implementing security best practices for software supply chains

Organizations can spend less time checking configurations without sacrificing security by centrally enforcing policy, allowing developers to focus on delivering quality software. Assisting developers with security checks helps improve application security while actually enhancing developer productivity.

Cycode Policies allows us to identify insider threats by learning how users interact with tools in the SDLC and then automatically detecting high-risk deviations from learned baselines. These deviations may include behaviors like cloning code from unknown locations or cloning excessive repositories within a short period. 

Detect Anomalous Activity

If a security tool triggers too many alerts, the tool becomes useless as security teams become conditioned to ignore warnings. The policies in the Cycode platform use data from multiple points of the SDLC, preventing the excessive alerts that can describe outdated AppSec tools. 

The platform includes policies that can identify suspicious behavior to improve application security; for example, there exists a policy that identifies and alerts security teams when a questionable repository clone is detected:

Cycode recently added policies designed to identify suspicious developer behavior. Attackers highly seek developer credentials because of the lateral movement they allow within an organization; these policies help protect against compromised developer accounts and malicious insiders. These policies include:

  1. A developer bypassed branch protection rules.
  2. A developer pushed a commit to a repository they had not used in 6 months.
  3. A developer deleted branch protection.
  4. A developer used admin permission to merge code that failed status checks.

The perk of enforcing policies this way is that this may be implemented over every source control platform your organization uses, thus helping alleviate the visibility gap within software security. Governance of software supply chains by policy helps promote security best practices within GitHubGitLabBitBucket, Gerrit, and other SCM and cloud service providers.

Improve Application Security by Combining the Cycode Knowledge Graph and Policies

Cycode’s Knowledge Graph correlates data across the software development lifecycle, extending the scope of the platform’s protection. When paired with Cycode’s policy capabilities, this allows for protections against anomalies resulting in code tampering, source code leaks, and other forms of supply chain attack.

According to Gartner, 65% of application development will be low code by 2024. Cycode’s knowledge graph fits into this future by offering no-code security policy creation and enforcement, which will help improve application security. The following example demonstrates the capabilities of the knowledge graph:

Do I have a publicly accessible image that originates from a private repository?

Implementing this policy will help prevent conflicting configurations which can result in code exfiltration, thus improving the security of our deployment pipeline. 

Under the “Policies” tab on the Cycode platform, users may click the “Create New Policy” button, opening up the following page:

This allows users to create a new policy–no coding required. Users may give this new policy a name, assign a default severity, and prescribe remediation guidelines within this policy builder. Rather than programming functionality for this policy, we select the “Add query” button–this leads us to the query builder built on the knowledge graph. 

Using the knowledge graph, we may define the following query:

This policy alerts the team when there exists a private source control management repository associated with a container image that is not private. This query allows security to gain enhanced visibility into the configurations determined at different points of the SDLC by enabling data from each to be intelligently analyzed.

And presto! We have made our first custom policy harnessing the power of Cycode’s knowledge graph.

Improve Application Security: Beyond Detecting Security Anomalies

Cycode’s platform also helps organizations centrally manage security policy and establish meaningful governance to help reduce risk. One such control is to enforce the principle of least privilege, which reduces the ability of users to perform activities that security could flag as anomalous. This step is also needed to achieve compliance requirements such as SOC 2 Type II; guidelines including Google SLSA recommend enforcing this policy as a part of their common requirements.

Learn More about the Knowledge Graph and Policies

The knowledge graph and combined policies allow Cycode to enhance its clients’ application security significantly. The key to this strength lies in sharing data between different stages of the SDLC to generate unique insights. This knowledge graph helps track code integrity, user activity, and events to prioritize risk, find anomalies, and prevent code tampering.

Cycode provides visibility, security, and integrity across all phases of the SDLC. Cycode hardens your SDLC’s security posture by implementing consistent governance; this reduces the risk of breaches with a series of scanning engines that look for issues like hardcoded secrets, misconfigurations, code leaks, and more.

To sum it up: Cycode helps establish strong governance by providing a cross-SCM inventory of all your organization’s users, contributors, teams, organizations, and repositories; this governance extends into providing more oversight into changes made to code as a means of further protecting key code. Cycode also helps you automatically audit access privileges to identify and reduce unused access and implement separation of duties. Furthermore, Cycode helps ensure that strong authentication and secure development practices are in place, helping apply security best practices for IaC code when using TerraformKubernetes, YAML, ARM, and CloudFormation.

Want To Learn More?

A great place to start is with a free assessment of the security of your DevOps pipeline