Portfolio

GitGuardian raises $12 million to find sensitive data hidden in online code

DEC 04, 2019

The developer-centric cybersecurity startup specialises in finding company “secrets” in online code. The Series A round was led by Balderton. Scott Chacon, co-founder of GitHub, and Solomon Hykes, founder of Docker also participated.

GitGuardian’s real-time monitoring platform helps enterprise teams manage data leaks to prevent breaches that could cause millions of dollars in potential damages.

GitGuardian plans to use the investment to expand its customer base, predominantly in the US, where around 75% of its clients are currently based. 

Why is "secret" leaking a problem? 

Developers today rely on the integration of multiple services to offer essential features to clients. To integrate these, developers handle incredibly sensitive “secrets”, such as login details, API keys, and private cryptographic keys used to protect confidential systems and data, such as payment systems, servers and intellectual property.

In order to build and refine the code needed to make such integrations work, more than 40 million developers, and almost 3 million businesses and organisations worldwide use GitHub, a public platform which lets developers share and collaboratively work on coding projects. The collaborative nature of this platform can also lead to “secret leakage” in which developers unwittingly expose sensitive company credentials to the public via their code repositories.

GitGuardian’s systems detect thousands of credential leaks per day. While some breaches are relatively low impact, many are of a highly critical nature and may put companies at significant risk; potentially giving hackers access to entire systems and classified databases. 

In recent years, such breaches have led to billions of dollars wiped off company valuations and millions being paid in settlement costs and fines.

In 2019, half of company data breaches were found to be the result of account or credential hacking – higher than any other attack method among firms using cloud-based services. 

 

Currently, every company with software development activities is concerned about secrets spreading within the organisation, and in the worst case, to the public space. As a company with so much sensitive information at hand, we have built a culture of unconditional secrecy at our core.

Jérémy Thomas, Co-Founder and CEO at GitGuardian

GitGuardian's platform detects thousands of credential leaks per day

GitGuardian already supports government organisations, 100+ Fortune 500 companies and 400,000 individual developers

How does GitGuardian neutralise the threat? 

GitGuardian’s technology works by linking developers registered on GitHub with their companies and scanning the content of over 2.5 million commits (or code revisions) per day in search for signs of company secrets. This equates to almost 1 billion commits a year, covering more than 300 different types of secrets from keys to database connection strings, SSL certificates, usernames and passwords. These secrets are detected through a combination of algorithms, including sophisticated pattern matching techniques and machine learning.

Once a secret is leaked, it takes just four seconds for GitGuardian’s technology to detect it and send an alert to the developer and a client’s security team. Its algorithm is constantly learning through a feedback loop with developers and teams who rate how accurate each alert is, and whether or not it was a true or false alert, via a single click. This helps future-proof GitGuardian against the evolution of how secrets are leaked as well as the types of secrets.

The modern software development process is remarkable in its ability to allow large, distributed teams to deliver complex systems quickly. However, the very connectivity and openness this depends on has left many companies unwittingly exposed. Rather than encumber technology organisations with limiting compliance procedures, GitGuardian allows the modern enterprise to develop code quickly and how it wants to, but with automated visibility and protection over how data, credentials and other sensitive information is used, moved and shared.

Suranga Chandratillake, Partner at Balderton

GitGuardian originally built its launch platform with public GitHub in mind, probably the best place on Earth to train its algorithms at scale. Today, however, GitGuardian can monitor and notify on secrets that are inappropriately disseminated in internal systems as well, such as private code repositories or messaging systems.

Indeed, internal systems are often treated with complete trust leading to secrets being freely shared on messaging platforms for instance. This makes these systems high-value targets for hackers: once compromised, secrets found there can be leveraged to make larger, more damaging attacks on other systems.

Read more about the fundraise in

Watch an interview with Jérémy Thomas, Co-Founder and CEO, on FrenchWeb below. 

Jérémy Thomas interviewed by Patrick Randall of FrenchWeb

Stay in touch with Balderton

Sign up for our newsletter to stay up to date on news from Balderton, and our portfolio.