Events , Infosecurity Europe 2023

How to Snare Software Supply Chain Hackers With Honeytokens

GitGuardian's Mackenzie Jackson on Tracking Adversaries and Detecting Attacks
Mackenzie Jackson, developer advocate, GitGuardian

Attackers targeting the software supply chain are "quite predictable in their movements; they want to persist their access, so they're looking for credentials," said Mackenzie Jackson, developer advocate at GitGuardian. In a supply chain attack, it could take weeks and even months before a problem is detected, he said.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Jackson recommends the deployment of honeytokens to document and track the predictability of criminals' actions. "We can track where the attackers go, and we can find information about them, what tools they're using and how they're trying to exploit us," he said.

In this video interview with Information Security Media Group, Jackson discussed:

  • How software supply chain attacks have evolved in recent years;
  • Why traditional security tools and defenses are not able to prevent these attacks;
  • How honeytokens can help organizations in their supply chain defenses.

Jackson shares his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code. Previously, he was co-founder and former CTO of a healthcare tech startup, where he learned firsthand how critical it is to build secure applications with robust developer operations.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.