New generative AI-powered SaaS security expert from AppOmni

Enterprises use an enormous amount of Software as a service (SaaS) applications. According to one estimate, the largest organizations use as many as 371, a 32% increase from 2021. 

However, these apps are often disparate among departments with no clear clarity or oversight into who’s using what. And — whether intentionally or unintentionally — they can very easily be misconfigured, presenting a slew of security issues. 

“SaaS applications today are so complex, you almost need a dedicated expert in each one to secure them,” Joseph Thacker, principal AI engineer for SaaS Security Posture Management (SSPM) provider AppOmni, told VentureBeat. “No organizations have that type of expertise, so you end up with overworked security teams trying to go in and understand all the security settings.”

To help enterprises handle all this sprawl, AppOmni today announced its new trademarked tool AskOmni, a generative AI-powered SaaS security assistant. Users can ask critical security questions and the system, in plain language, will report back critical data and remediation steps. 

“It’s effectively a SaaS security expert,” said Thacker.

Too much complexity, noise

Enterprises don’t prioritize SaaS security enough, Thacker contended, even when that’s where their core IP and sensitive data reside.

But organizations and security teams need to change their mindsets when it comes to SaaS, he said — threat actors can access data directly as opposed to attacking a device or framework, making it a “whole different ecosystem.”

The amalgam of apps are difficult to rein in, and the number of security findings and alerts coming in can feel like facing an avalanche. So simply understanding what to tackle is the first big problem. “It’s shadow IT all over again,” said Thacker, adding that “AI is the new shadow IT.”

Added to this is the fact that Salesforce, Microsoft 365 and others have thousands of developers pushing changes every day. 

“Where do you start?” said Thacker. “You’ve got complexity, a step below that you have a security team that doesn’t even know what’s in the wild and being used by your staff. How can you keep up?”

While alerts can be overwhelming, much of it is just noise, he noted. “There’s hardly anything malicious going on at scale, but there are small things.”

Furthermore, permissions management can be extremely difficult. 

For instance, Thacker posited, that if you want to check username-to-admin correlation in audit logs across SaaS apps, how do you do that across apps where field names are all different? (In one, a username might be “user_name,” in another “username,” and in a third “username1,” with no consistency.) 

“Most employees have access to way too much data,” said Thacker, but tracking that down can be problematic and sometimes unfeasible. 

AskOmni a SaaS security expert

To address these problems, AskOmni — which is available today as a tech preview and will be rolled out in phases in 2024 — uses gen AI and natural language queries for common SaaS security decisions. Users can ask the system questions to understand what SaaS apps they’re using and AppOmni’s security capabilities. 

The user-friendly platform performs contextual analysis and aggregates disparate data points to identify issues and assess risk, then alerts in plain language critical issues and walks users through remediation steps.

AskOmni pulls in relevant findings on alerts for context and can surface attack chains, Thacker explained. Going forward, it can notify administrators about issues caused by privilege overprovisioning based on account access patterns, user permissions and access levels, sensitive data or compliance requirements. It also flags new threats, explaining potential consequences and offering remediation steps.

One of AskOmni’s biggest asks, Thacker said, is ‘If I want to secure ‘X’ environment, how can I do that in AppOmni?’ 

In response, the system will use context on how AppOmni prefers to secure Slack, for instance, pulling from Slack documentation to enhance its answer. Or, it can interact with the Azure Active Directory and write a Powershell script to secure a particular component of Microsoft 365. 

“It can walk you through remediation advice and write remediation scripts,” said Thacker. 

‘Killer features’ are still aspirational, but on the horizon

AskOmni is still in its early stages, Thacker pointed out, but down the line, the goal is that it will be able to handle “really grandiose questions.”

This could include “What should I remediate first?,” or “This user was just let go, what SaaS apps did he use and how do I secure those?”

“The killer feature will be when we can ask a single question about the entire AppOmni instance,” said Thacker. 

While giving AI the ability to access all data in a tenant is still aspirational at this point, it is the future. Models will only continue to improve and become less expensive with time, Thacker pointed out. 

“We’re barely scratching the surface of what’s possible for AI,” he said. 

He added that “so many people are ‘Debbie Downers’ about what AI can do.” 

Focus is often placed on what AI can’t do, but those ‘can’ts’ can be overcome with more context and examples and “harnesses or libraries wrapped around the LLM” that the model can use to shore up its weaknesses, he said. 

Ultimately, “AI is going to revolutionize and make everything higher utility, lower effort so that we can spend more time solving new problems.”

Originally appeared on: TheSpuzz