Through a partnership with Microsoft, Valence Security has added generative artificial intelligence (AI) capabilities to its security posture management platform for Software-as-a-Service (SaaS) applications.
The Valence platform enables cybersecurity teams to assess the cybersecurity risks associated with a wide range of SaaS platforms used daily by many business units, without ever having to be aware of potential cybersecurity threats.
Valance Security CEO Yoni Shohet said the generative AI capabilities added to the platform will make it easier for cybersecurity analysts to examine the security posture of SaaS applications. Every SaaS application has its own terminology, permissions, data model and security configuration.
He added that generative AI will allow you to construct queries in plain text, as well as take advantage of summary findings.
The number of SaaS applications used within organizations has grown significantly during the COVID-19 pandemic, but there has not been a heightened awareness of the unique cybersecurity challenges these applications present. These applications not only protect credentials from phishing attacks, they are often integrated with a wide range of external services. Shohet notes that the blast radius of attacks against external services and his SaaS application itself is often much wider than most organizations initially realize.
The challenge, he added, is that without the help of AI, it is impossible for any cybersecurity team to thoroughly examine the cybersecurity posture of every SaaS application in use.
Generative AI will soon see widespread adoption across a wide range of cybersecurity tools and platforms. Valence Security chose to work with Microsoft because they have the option to turn off the platform’s logging capabilities to prevent sensitive data from being incorporated into the openly available platform, Shohe said.
In general, cybersecurity teams should expect that as AI advances further, much of the effort currently required to secure IT environments will be significantly reduced. The challenge is to redefine the role of cybersecurity as it becomes more apparent which tasks are about to be automated.
Regardless of the AI approach, cybersecurity teams are now embroiled in an AI arms race with cybercriminals who will arguably use generative AI to launch cyberattacks faster. These attacks won’t necessarily become more sophisticated because of AI, but the insights revealed by platforms like ChatGPT can be used to increase the volume and make the attacks more targeted. There is a nature.
While the use of generative AI is still in its early stages, it is already clear that cybersecurity professionals have a lot of work to do. However, as cybersecurity teams become more productive, the number of open cybersecurity positions that need to be filled may decrease.
In the meantime, cybersecurity teams are encouraged to spend some time analyzing every SaaS application in use in their organization. As it becomes clear that applications are becoming portals to access all kinds of sensitive data across the enterprise, many will discover a problem that will scare them.
Recent articles by author
