The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.
"The call is coming from inside the house"
A lot of security practices are focused on preventing someone from getting into systems, but what happens when someone is already inside? That's the premise of Insider Threat. We want to detect, identify, and respond to threats inside the GitLab platform as well as your deployed applications.
Insider Threats can be grouped into a few types:
Our goal is to provide Insider Threat features for your applications as well as GitLab itself. We will help proactively identify malicious activity, accidental risk, compromised user accounts or infrastructure components, anomalous use of the GitLab platform, and various high-risk behaviors where actionable remediation steps are possible.
We intend our Insider Threat capabilities to be "batteries included" with minimal to no configuration for initial usage. We will default to presenting actionable insights but will leave the decision to block up to GitLab administrators unless specifically configured otherwise.
Detecting issue abuse and spam - Today, GitLab’s Trust and Safety team responds daily to spammers and reported content. Much of this activity is manually reported by a person. This will help automate daily tasks for the Trust and Safety team and hopefully allow us to start automatically quarantining high-scoring spam and abuse such that real users don't ever see it. This is an easy first application of data science to actively score and automate initial reviews of potential issue abuse and spam.
This effort is a joint project between GitLab’s Trust and Safety team, the Govern stage team, and the AI Assisted team.
Spamcheck is one of the tools that we use to prevent spam and is included in the product to allow self managed instances also detect, manage, and block spam in their instance.
This category does not currently have a roadmap as investment is focused on the Instance Resiliency category. Once that category is sufficiently mature, we intend to shift additional investment to focus on this category. The priority list for the Anti-Abuse group can be viewed here.
Many of today's Threat Detection products are focused on the desktop environment, using deployed agents to gather data and monitor behavior and User Entity Behavior Analytics (UEBA). Most solutions are run as a physical appliance or in an on-premises data center. Virtual machines for cloud deployment are in the minority; cloud-native UEBA is even less common.
Additionally, there continues to be a convergence of UEBA features with adjacent products such as SIEMs or the acquisition of standalone vendors by larger security companies. We intend to work towards making UEBA a built-in feature of GitLab focused on usage of GitLab.
Last Reviewed: 2024-04-16
Last Updated: 2024-04-16
