Valence Security Taps Generative AI to Secure SaaS Apps
Valence Security added a generative artificial intelligence (AI) capability to its security posture management platform for software-as-a-service (SaaS) applications via an alliance with Microsoft.
The Valence platform enables cybersecurity teams to assess the cybersecurity risks attached to a wide range of SaaS platforms that many business units routinely use without any awareness of their potential cybersecurity threats.
Valance Security CEO Yoni Shohet said the generative AI capabilities added to the platform will make it simpler for cybersecurity analysts to investigate the security posture of SaaS applications, which all have unique terminology, permissions, data models and security configurations.
Generative AI will make it possible to create queries in plain text in addition to consuming summaries of findings, he added.
While the number of SaaS applications being used within organizations greatly expanded throughout the COVID-19 pandemic, there has not been a corresponding increase in appreciation for the inherent cybersecurity challenges those applications bring. In addition to protecting credentials against phishing attacks, these applications are often integrated with a wide range of external services. The blast radius of an attack on an external service or the SaaS application itself is often much wider than most organizations initially understand, noted Shohet.
The challenge is that, without AI’s help, it’s not feasible for any cybersecurity team to thoroughly investigate the cybersecurity posture of all the SaaS applications being used, he added.
Soon, generative AI will be pervasively employed across a wide range of cybersecurity tools and platforms. Valence Security chose to work with Microsoft because there is an option to turn off the platform’s recording capability to prevent sensitive data from being incorporated into an openly available platform, said Shohet.
In general, cybersecurity teams should expect much of the toil currently required to secure IT environments to be sharply reduced as more AI advances are made. The challenge is redefining cybersecurity roles as it becomes more apparent which tasks are about to become automated.
Regardless of the AI approach, cybersecurity teams are now locked in an AI arms race with cybercriminals that undoubtedly use generative AI to launch cyberattacks faster. Those attacks are not necessarily going to be any more sophisticated because of AI, but they are likely to increase in volume and become more targeted using insights surfaced by platforms such as ChatGPT.
Although the use of generative AI is still in its early days, it’s already apparent there will be plenty of work left for cybersecurity professionals to do. However, as cybersecurity teams become more productive, the number of open cybersecurity positions that need to be filled may be reduced.
In the meantime, cybersecurity teams would be well advised to spend some time analyzing all the SaaS applications their organization uses. Many of them will discover issues that will likely leave them feeling uneasy as it becomes apparent the applications have become a portal through which all kinds of sensitive data can be accessed throughout the enterprise.
