Concentric AI announced a deep-learning driven detection capabilities to find any type of hardcoded secrets and key credentials (e.g. API keys, encryption keys, tokens, passwords, etc.) in today’s most popular enterprise on-premise and cloud data repositories, as well as email and messaging applications.
As a result, these updates to Concentric AI’s Semantic Intelligence DSPM solution enable security teams to address risks to sensitive data by deleting this information and reducing the threat of malware attacks that can result in lateral movement and potential loss of sensitive data.
“Recent data breaches have involved attackers looking for authentication credentials once inside the network to gain access to sensitive information and steal data. This capability offered by Concentric AI helps us detect instances of these credentials, such as secrets and keys lying around in our data repositories, and clean them up. This allows us to significantly reduce our data attack risk surface and prevent data loss,” said a CISO of a Fortune 1000 high tech company.
New capabilities such as Generative AI have made spear phishing attacks more sophisticated by making it easier to trick employees into clicking on harmful links or downloading malicious attachments, leaving enterprises more vulnerable to a compromise.
Once malware and attackers successfully compromise a network, they can search for and discover secrets and keys for access to applications in vast amounts of unstructured data.
Gaining access to secrets and keys to repositories including SharePoint, Google Drive, Github, SSH, S3, Box, BiTBucket, and Windows File Systems gives attackers access to sensitive IP such as source code, private client information, and critical financial data.
Uniquely utilizing Deep Learning and Natural Language Processing (NLP), Concentric AI’s Semantic Intelligence detects secrets and keys for a wide variety of applications embedded in unstructured data within today’s most popular on-premise and enterprise cloud data repositories, as well as email and messaging applications.
This capability of being able to scan repositories and use NLP to identify secrets and keys without using static rules or fixed regex patterns is an industry first – organizations lack this ability today because detection of these secrets and keys embedded within data repositories is extremely difficult and it’s impossible to write rules or regex patterns to address this threat without significant false positives and negatives.
The use of Deep Learning and NLP from Concentric AI allows for high fidelity detection with minimal false positives and negatives.
“Today Concentric AI is introducing a critical data security capability that is unmatched in the industry and important for all organizations as they work to prevent more advanced cybersecurity threats,” said Karthik Krishnan, CEO, Concentric AI.
“Being the only company to leverage Deep Learning and NLP to address security issues of secrets and keys hidden in unstructured data gives Concentric AI the advantage in enabling organizations to prevent lateral movement of attackers and malware and ensure that sensitive data is protected. This is a huge win for all organizations with sensitive data in the battle to protect information from loss against sophisticated attacks,” concluded Krishnan.
Detection of secrets and keys beyond unstructured data is important because employees often leave secrets embedded within enterprise collaboration and email/messaging applications for easy access and sharing with other employees. However, a hack into these systems allows attackers to rapidly move around the network, gaining access to applications and sensitive data and rendering an enterprise vulnerable to data loss.
Concentric AI’s DSPM solution scans organizations’ data, detects sensitive or business critical content, identifies the most appropriate classification category, and automatically tags the data. Concentric AI uses artificial intelligence (AI) to improve discovery and classification accuracy and efficiency to avoid endless regex rules and inaccurate end user labeling.
In addition, Concentric AI can monitor and autonomously identify risk to financial and other data from inappropriate permissioning, wrong entitlements, risky sharing, and unauthorized access. It can automatically remediate permissions and sharing issues or leverage other security solutions and cloud APIs to quickly and continuously protect exposed data.
Concentric AI’s Semantic Intelligence automates unstructured and structured data security using deep learning to categorize data, uncover business criticality and reduce risk. Its Risk Distance analysis technology uses the baseline security practices observed for each data category to spot security anomalies in individual files.
It compares documents of the same type to identify risk from oversharing, third-party access, wrong location, or misclassification. Organizations benefit from the expertise of content owners without intrusive classification mandates, with no rules, regex, or policy maintenance needed.
Concentric AI’s latest version of Semantic Intelligence with detections for secrets and keys is available now.