The machine learning-based secrets scanner has been added to the vendor’s Chariot Platform and promises faster, context-based matching. Credit: DNY59 / Traffic Analyzer / Getty Images Texas-based cybersecurity vendor Praetorian has launched a new machine learning-based secrets scanner, called Nosey Parker, onto its Chariot Platform, which provides attack surface management and offensive security managed services. Nosey Parker is a machine learning-based service developed using the regular expression (regex) pattern matching technique to detect sensitive secrets like passwords, API keys, access tokens, asymmetric private keys, client secrets and credentials left inadvertently in source code and configuration files. How Nosey Parker works Pattern matching with regular expressions involves scanning for secrets that follow distinct and identifiable patterns. Examples include keys with certain prefixes or of a fixed length. “Traditional secrets scanners are noisy, either suffering from a very high number of false positives or handling custom secret types poorly,” says Richard Ford, CTO at Praetorian. When compared to existing regex scanners, Praetorian aims to provide a more extensive secret patterns list, faster matching, multiple lines pattern matching, and the ability to deduplicate findings.The regex scanner has been trained using a dataset of roughly 7,300 public repository scans from GitHub, consisting of 16 million distinct binary large objects (or blobs), yielding 15,000 matches with an 82% precision rate, according to Praetorian. “Our ML-powered scanner uses neural networks to pull context around the files we’re scanning. This translates to a scanner that is both low noise and doesn’t need to be customized around new secret types,” says Ford. “I think that Praetorian is certainly heading in the right direction,” says Chris Steffen, information security research director at Enterprise Management Associates. “Managed security service providers are clamoring for these kinds of dev and automation tools that drastically improve security, address regulatory and vendor due diligence requirements, and scale to meet customer demands.”Nosey Parker will initially be available to Chariot customers, with plans to launch a standalone scanner tool shortly. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe