METHOD FOR CYBER THREAT RISK ANALYSIS AND MITIGATION IN DEVELOPMENT ENVIRONMENTS

Abstract

A method for a cyber security appliance incorporating data from a source code repository, hosted by a software development environment, to identify cyber threats related to source code being stored and developed in that source code repository is provided. The method comprises: receiving, at one or more modules of the cyber security appliance, data indicating a network entity representing a user's interaction with the source code repository; and comparing the data, received from the one or more modules, to one or more machine learning models trained on a normal benign behavior interacting with the source code repository using a normal behavior benchmark describing parameters corresponding to a normal interaction behavior. The method further comprises identifying whether the data indicating the network entities interaction with the source code repository corresponds to behavior that deviates from the normal benign behavior; identifying whether a threshold level of deviation from the normal benign behavior has been exceeded; and, if the threshold level of deviation from the normal benign behavior has been exceeded, determining that a cyber threat may be present and executing an autonomous response to restrict the network entities interaction with the source code repository.

CPC Classifications