The Magic Behind Over 101,000 Malicious Packages Discovered and Blocked
Nexus Firewall provides industry-leading machine learning by security experts for security experts, detecting suspicious and malicious OSS risks in real-time and at scale before the rest of the world finds out.
Cybercrime and adversaries are getting craftier and more sophisticated with their attacks, placing us amidst a wave of low-cost, high-damage techniques. While hackers used to wait for public vulnerability disclosures to exploit in the wild, they’re now proactively manufacturing vulnerabilities and publishing these into public repositories with no chance of slowing down. With a 742% increase in software supply chain and malware attacks over the last three years, the world that consumes OSS must be proactive to be protected.
How can organizations combat these supply chain attacks that continue to grow in sophistication? It’s more than auditing your repositories for vulnerabilities.
To truly get ahead of supply chain attacks, you must block malicious open source packages before your development organization consumes them.
Sonatype’s repository Firewall is the only solution to detect and block malicious and suspicious open source components from entering your SDLC. Over 101,000 malicious packages have been discovered and blocked using next-generation, proprietary behavioral analysis, and automated policy enforcement. A groundbreaking software supply chain management platform solves the problem of balancing speed, quality, intelligence, and security at scale, equipping engineering teams with the tools they need to code smarter, fix faster, and be secure–all through a single control plane. This is why the world’s leading companies rely on our Nexus platform to prevent risk without hindering developer productivity. Sonatype is able to recognize patterns other solutions can’t, by letting algorithms detect odd behaviors at the time of release, catching attacks that are not known to the world yet.
It’s revolutionary, we know, but how does it work?
Sonatype analyzes the project’s behavior, package namespace, and other (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Chris Good. Read the original post at: https://blog.sonatype.com/the-magic-behind-over-101000-malicious-packages
