Announcing Jit Tags: Track the security posture of your business-critical services
Updated November 27, 2024.
Today, we’re thrilled to announce Jit Tags, which organizes security risks across your environment by microservice, application, business unit, and other vectors, while providing a high-level risk overview of each component.
Tags will enable customers to easily detect changes in the security posture of their most business-critical services, and prioritize the top risks within them – so they can spend less time hunting for security issues in their most sensitive assets, and ensure no severe vulnerabilities fall through the cracks.
Why we built Jit Tags
The complexity of modern application architectures can make it exceedingly difficult to understand the risks across the many different components of businesses and systems. Security teams often lack visibility into the high-level security posture across their microservices, applications, and business units.
Product security scanners are notoriously noisy, and as a result, severe security vulnerabilities in business-critical assets can easily get lost in the complexity.
This may lead security teams to ask: how does the security of one application compare to another? What is the security posture of my most business critical assets? Where should I prioritize remediation efforts?
Jit Tags provide quick and easy answers to these questions. By enabling security teams to organize their code repositories by microservice, application, business unit, and other vectors, they can understand the security posture of their system’s most critical components with a quick glance.
As a result, security teams spend less time determining the security posture of their applications and services, and stay focused on the vulnerabilities within their most business-critical assets.
How Tags work, and how to use them
Jit recently announced our new Resources Dashboard, which discovers resources (e.g. GitHub code repositories and GitLab projects) to keep a continuously updated inventory of the customer’s codebase. These resources are automatically classified by “Priority factors”, which are characteristics of a resource that indicate heightened risk – like whether they’re deployed to a production environment, are externally accessible via the internet, or call a sensitive database.
Jit Tags is an extension of the Resources Dashboard, which allows customers to tag resources so they can classify them in other ways: like which business unit or application they fall under.
To tag a resource, navigate to the Resources Dashboard and click the full list of resources within your environment in the top left corner (Risks → Resources → # resources). From there, simply click on a resource, where you’ll see the option to add a tag in the top right corner of the screen.
This will bring up the option to add a Key-Value pair. Choose a Key depending on how you want to organize your resources, or create your own. Then, add a value to name the tag.
In the example below, we’re tagging a code repository as part of the “Sales business unit”.
As you can see, you can also group resources by Application, Business unit, and other Keys. You can also create your own to serve a specific use case (like “criticality”, which was manually added in the screen above).
Zooming back out to the Resource Dashboard, we’ll see the new Tag populate the dashboard, which indicates how many resources have that same tag.
By clicking on the “Business unit: Sales” group, we’ll see the resource we just tagged, as well as other resources with the same tag. From there, we can view all of the security issues within those resources – so we can quickly view every security risk within the Sales business unit in the future.
Each Tag group is assigned a Risk score, which is based on the actual risk introduced by the security issues residing within the tagged repositories. The risk of each issue is determined by its business and runtime context – like whether it is in production or externally accessible via the internet.
With an organized and high-level overview of the risk across business units, applications, and services, security teams can quickly understand the security posture of various components that make up their business and systems. This also makes it easy to prioritize code and cloud security issues residing in the most business-critical assets, so that they don’t get lost in the noise.
Summing up Jit Resources + Tags
Complex application architectures and sprawling cloud environments makes it difficult to focus remediation efforts on the most business-critical assets – raising the risk that severe vulnerabilities go unnoticed and increasing the time it takes to find them.
Using Jit Resources and Tags, our customers can:
Automatically discover all resources across their environment to keep a continuously updated inventory of their codebase.
Classify resources according to their Priority Factor or Tag, providing an organized overview of risk across complex systems.
Prioritize security remediation efforts for their most business-critical assets and ensure severe security issues don’t slip through the cracks.
Try it out yourself by navigating to the Resources Dashboard under “Risks” in the left menu. You’ll need to integrate with AWS or GCP to begin viewing the data.
Not yet a Jit user? Start a free trial to check it out yourself.
