Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

Security Monitoring in GitHub

Are you keeping an eye on what happens inside your source code management platform?

Service
Cyber Security Services
Use cyber security to protect your future.

In today's data-rich environment, organizations constantly grapple with the need to manage, secure, and analyze valuable information. For organizations whose success depends on software development, the ability to control and monitor access to such data in the Source Code Management (SCM) platforms is critical for maintaining security and compliance. Logs are essential to this system – they record nearly everything in the platform, from code commits to file uploads, permission changes to error messages, and much more. However, most organizations don't pay enough attention to the activity happening in their SCM platforms.

Over the years, SCM platforms have increasingly become of interest to malicious actors who seek to exploit vulnerabilities and gain unauthorized access to a company's intellectual property or sensitive information. When a breach occurs, SCM logs can be an essential tool for determining the scope of the attack, assessing the damage, and tracing the source of the intrusion back to its origin.

This highlights a critical priority: organizations must proactively ensure that their SCM platforms generate adequate logs and, more importantly, that those logs are appropriately stored and analyzed. Below are a few recommendations on how organizations can achieve this within GitHub, Microsoft’s AI-powered SCM platform product:

  1. Turn on IP addresses in GitHub logs: GitHub allows administrators to turn on IP addresses in their logs, which enables organizations to identify where traffic is coming from and where potential attacks are occurring. This can be particularly useful for identifying unauthorized access, as organizations can more quickly determine any suspicious login attempts or activity, which in turn can be used to take immediate action in case an attacker has compromised user credentials. Additionally, this can also aid in strengthening the organization's security posture, as IP address data can provide signals to further refine security policies and potentially implement IP-based access controls for preventive risk reduction.
  2. Monitor logs proactively: It's not enough to generate logs and store them somewhere. Organizations should also proactively monitor their logs for signs of malicious activity, such as unusual user behavior, large file transfers, unauthorized access, and failed authentication attempts. By monitoring logs around software development proactively, organizations can detect security incidents faster and take prompt action to mitigate the damage.
  3. Send GitHub logs to your SIEM: As a step towards the previous recommendation, organizations may opt to send their logs to their Security Information and Event Management (SIEM) platform such as Microsoft Sentinel. SIEM systems aggregate and analyze logs and events from various sources, allowing organizations to quickly detect incidents, investigate issues, and take appropriate action. Audit logs generated by GitHub are a valuable resource that provides a trail of user and system activities. Sending these log events to your SIEM empowers your organization to comprehensively view your GitHub environment and detect any anomalies or potential threats.

Capturing logs can help organizations diagnose and troubleshoot issues, track user behavior, improve performance, and, most importantly, detect potential security incidents before they escalate into expensive incidents. By prioritizing the logs from GitHub and monitoring the data for potentially suspicious events, organizations are better prepared for potential cyber threats and can focus more on innovation and growth.

Insights on cyber security

KPMG professionals are passionate and objective about cyber security. We’re always thinking, sharing and debating. Because when it comes to cyber security, we’re in it together.

Meet our team

Image of Caleb Queern
Caleb Queern
Managing Director, Cyber Security, KPMG US
Image of Jackie Mak
Jackie Mak
Director Advisory, Cyber Security Services, KPMG US

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline