Cycode, a cybersecurity company, has introduced Cimon, a monitoring tool designed to enhance visibility into the continuous integration and continuous delivery (CI/CD) process. The main goal of Cimon, short for CI Monitor, is to secure code against data exfiltration and other malicious activities.
By utilizing the enhanced Berkeley Packet Filter (eBPF) system, Cimon acts as a runtime security agent that allows for direct insight into the CI pipeline. It develops a baseline understanding of normal behavior and constantly monitors for any abnormalities. Alex Ilgayev, Cycode’s head of security research, explained that the use of eBPF provides flexibility and visibility into the operating system.
Cimon is capable of monitoring various CI/CD environments, such as hosted runners on GitHub or CircleCI, as well as self-hosted runners based on containers. Once the agent is installed, it has the ability to observe everything within the system. This comprehensive monitoring aims to prevent cyberattacks on software code bases.
Ilgayev highlighted two common forms of attacks that Cimon aims to address. The first is data or credential theft, where attackers target sensitive information within the CI build, such as tokens or environment variables. The second form involves altering packages through malicious changes to dependencies in the supply chain. Cimon monitors the CI/CD process at the kernel level, as well as network and file system events, in order to detect and prevent these attacks.
IDC research vice president Jim Mercer emphasized the importance of Cimon’s capability to provide visibility across the entire software supply chain, not just open source components. He praised Cycode’s approach, stating that they are proactively looking for any unusual activities in the pipelines and taking action to stop them.
One of the key advantages of Cimon is its use of eBPF. Mercer noted that this approach allows for the identification of problems in a software build without the use of more resource-intensive agents. Cimon can analyze packets and quickly identify any unusual patterns that may indicate a potential security issue.
Cycode has made Cimon available in two formats. Firstly, there is a stand-alone version that can be accessed for free. Additionally, Cimon is offered as a part of the paid Cycode AppSec platform, which provides a comprehensive suite of application security services.
As cyberattacks targeting software code bases and dependencies continue to increase, solutions like Cimon are crucial for organizations to protect their software development process. By leveraging eBPF technology and providing visibility into the CI/CD pipeline, Cimon offers a proactive and robust defense against data exfiltration and malicious activities.