As organizations increasingly utilize DevOps for software development and IT operations, DevOps environments have become a priority target for would-be cybercriminals. Throughout the development process, it is critical to continually assess whether attackers have injected malicious code into the environment, and the nature of DevOps development can make this a challenge. DevOps works according to continuous integration/continuous delivery (CI/CD) mechanisms, and there are specific areas where attackers can interface with CI/CD. Identifying ways to derail those attacks is a critical part of DevSecOps, and deception and denial technology has emerged as a valuable tool capable of mitigating risk during each phase of DevOps development.
Deception and denial technology steps in to divert attack tactics such as credential access, when attackers steal credentials that point to CI/CD systems; AD reconnaissance, which can allow attackers to find CI/CD servers; and lateral movement and privilege escalation, which can enable attackers to own the CI/CD systems. Breaking down DevOps into four distinct phases (plan, build, deploy and operate) is a helpful way to illustrate the potential value of deception and denial. Each phase has areas where the technology can derail attackers attempting to infiltrate and exploit DevOps environments.