GitGuardian raises $12million to fund cybersecurity platform that finds company secrets hidden in online code
- Using a combination of sophisticated algorithms, GitGuardian detects thousands of company “secrets” leaked online every day
- Secrets include sensitive company credentials which provide access to payment systems, private messages, databases, servers, internal applications
- Modern software development techniques and workflows have led to an increasing number of secrets being widely and dangerously spread, both publicly and privately
- Many of these breaches are highly critical vulnerabilities that companies struggle to detect, but could cause system-wide loss of service, compromise customer data and lead to both regulatory and litigation issues, with the potential to result in huge losses in valuation and million-dollar fines.
4 December 2019: GitGuardian – the developer-centric cybersecurity startup specialising in finding company “secrets” in online code – has secured $12 million in Series A funding, led by Balderton Capital. Fly Ventures, an early stage VC based in Berlin and investing across Europe, Scott Chacon, co-founder of GitHub, and Solomon Hykes, founder of Docker also participated in the round.
Built to uncover sensitive company information hiding in online repositories, GitGuardian’s real-time monitoring platform helps enterprise teams manage data leaks to prevent breaches that could cause millions of dollars in potential damages. The scale of this problem represents an enormous challenge for companies today. In 2019, a SANS Institute survey found half of company data breaches were the result of account or credential hacking – higher than any other attack method among firms using cloud-based services.
Solving one of enterprises’ most critical threats
Today’s enterprise software developers rely on the integration of multiple internal and third-party services to offer essential features to clients. To integrate such services, developers handle incredibly sensitive “secrets”, such as login details, API keys, and private cryptographic keys used to protect confidential systems and data, such as payment systems, servers and intellectual property.
In order to build and refine the code needed to make such integrations work, more than 40 million developers, and almost 3 million businesses and organisations worldwide use GitHub, a public platform which lets developers share and collaboratively work on coding projects. The collaborative nature of this platform is what makes GitHub such a useful and revolutionary development tool, yet it can also lead to “secret leakage” in which developers unwittingly expose sensitive company credentials to the public via their code repositories.
GitGuardian’s systems detect thousands of credential leaks per day. While some breaches are relatively low impact, many are of a highly critical nature and may put companies at significant risk; potentially giving hackers access to entire systems and classified databases. In recent years, such breaches have led to billions of dollars wiped off company valuations and millions being paid in settlement costs and fines.
GitGuardian originally built its launch platform with public GitHub in mind, probably the best place on Earth to train its algorithms at scale. Today, however, GitGuardian is built to be able to monitor and notify on secrets that are inappropriately disseminated in internal systems as well, such as private code repositories or messaging systems.
Indeed, internal systems are often treated with complete trust leading to secrets being freely shared on messaging platforms for instance. This makes these systems high-value targets for hackers: once compromised, secrets found there can be leveraged to make larger, more damaging attacks on other systems.
Jérémy Thomas, Co-Founder and CEO at GitGuardian:
Through our detection and alerting services, GitGuardian has already supported global government organisations, more than 100 Fortune 500 companies and 400,000 individual developers to date. Currently, every company with software development activities is concerned about secrets spreading within the organisation, and in the worst case, to the public space. As a company with so much sensitive information at hand, we have built a culture of unconditional secrecy at our core.
Suranga Chandratillake, Partner at Balderton Capital said:
The modern software development process is remarkable in its ability to allow large, distributed teams to deliver complex systems quickly. However, the very connectivity and openness this depends on has left many companies unwittingly exposed. Rather than encumber technology organisations with limiting compliance procedures, GitGuardian allows the modern enterprise to develop code quickly and how it wants to, but with automated visibility and protection over how data, credentials and other sensitive information is used, moved and shared. We are delighted to be joining Jeremy and Eric on their mission to build a platform that allows more people to build more code faster and more safely.
Solomon Hykes, founder of Docker and investor at GitGuardian, said:
Securing your systems starts with securing your software development process. GitGuardian understands this, and they have built a pragmatic solution to an acute security problem. Their credentials monitoring system is a must-have for any serious organisation.
GitGuardian plans to use the investment from Balderton Capital to expand its customer base, predominantly in the US. Around 75% of its clients are currently based in the US, with the remainder being based in Europe, and the funding will continue to drive this expansion. GitGuardian has also developed a monitoring platform for private sites.
How GitGuardian neutralises the threat
GitGuardian’s technology works by linking developers registered on GitHub with their companies and scanning the content of over 2.5 million commits (or code revisions) per day in search for signs of company secrets. This equates to almost 1 billion commits a year, covering more than 300 different types of secrets from keys to database connection strings, SSL certificates, usernames and passwords. These secrets are detected through a combination of algorithms, including sophisticated pattern matching techniques and machine learning.
Once a secret is leaked, it takes just four seconds for GitGuardian’s technology to detect it and send an alert to the developer and a client’s security team. Its algorithm is constantly learning through a feedback loop with developers and teams who rate how accurate each alert is, and whether or not it was a true or false alert, via a single click. This helps future-proof GitGuardian against the evolution of how secrets are leaked as well as the types of secrets.
GitGuardian is a French cybersecurity startup founded in 2017. The company helps developers write code that is more secure. It protects their enterprises against unauthorised access to some of their most critical systems and data. The company raised $12m from American and European investors, including top-tier VC firms. Among some of the visionaries who saw this unique to the market value proposition are the co-founder of GitHub, Scott Chacon, along with Docker founder and CTO Solomon Hykes. GitGuardian has already helped more than 100 of the Fortune 500 as well as government organisations find exposed sensitive information on GitHub, that could often lead to tens of millions of dollars in potential damage.
About Balderton Capital
Balderton Capital is a London-based venture firm focused exclusively on backing the best European-founded technology companies. In the two decades since our founding, we have worked with hundreds of extraordinary European founders, and have raised eight funds totalling more than $3bn. Previous exited investments include Betfair (FTSE: BET), Magic Pony (Twitter), NaturalMotion (Zynga), Recorded Future (Insight Partners), Sunrise (Microsoft), Talend (NASDAQ: TLND) and Yoox Net-a-Porter (BIT: YNAP). Among Balderton’s current portfolio of over 90 companies are Aircall, Carwow, Citymapper, Contentful, Frontier Car Group, GoCardless, Hiya, The Hut Group, Kobalt Music, Labster, Nutmeg, Prodigy Finance, Revolut, SOPHiA Genetics, Vestiaire Collective, Vivino and Voi.