Building Guardrails for the AI Frontier: AppSOC’s Vision for Secure Innovation

AI tools have created new attack surfaces that need to be addressed

Building Guardrails for the AI Frontier: AppSOC’s Vision for Secure Innovation

Following are excerpts from an interview by Sean Martin of ITSP Magazine during Black Hat 2024 with Willy Leichter, CMO of AppSOC, discussing the evolving landscape of application security and the innovative approaches his company is taking to address these challenges. You can view the full interview here

Background and Mission of AppSOC

AppSOC, a startup founded by serial entrepreneur Pravin Kothari, operates in the emerging AI and Application Security and Governance space. The company aggregates and normalizes data from various security tools, ranging from development through operations, to reduce the overwhelming number of security alerts into a manageable set. Their goal is not just detection, but also orchestration of remediation to ensure vulnerabilities are addressed efficiently. Leichter highlighted that the challenge of managing numerous security alerts is compounded by data silos across different teams, such as DevSecOps and vulnerability management. AppSOC's platform aims to break down these silos and provide a comprehensive view of an organization’s security posture.

“We take all the data from many security point solutions… and then we try to prioritize it as intelligently as possible. The perennial problem is prioritizing through all the noise that the analysts get.”

Pravin Kothari’s Influence and the Evolution of Security Management

Kothari’s extensive background in security management, including his experience with SIEM and CASB, has significantly influenced AppSOC’s approach. Leichter noted that while the terminology in security management has remained consistent—terms like "consolidate," "aggregate," and "normalize"—the threats have evolved, requiring more advanced technology and better prioritization. 

Challenges of Security Silos

Leichter discussed the persistent issue of security silos within organizations, where different teams, such as DevOps, CloudOps, SecOps, and IT Ops, operate in isolation. While specialization is necessary, he emphasized the importance of finding "connective tissue" to correlate threats across these silos and gain a holistic view of the organization's security posture. He pointed out that critical information often gets lost in spreadsheets or emails, leading to inefficiencies and delayed responses to security threats. AppSOC’s platform seeks to overcome these challenges by integrating and automating workflows, enabling teams to collaborate more effectively and respond to threats in real time.

“You want specialists, but you've got to find the connective tissue so you can get the bigger picture because the same threat can hit multiple places.”

Real-World Scenario and Success Story

Leichter provided an example of how AppSOC has helped a mid-sized insurance company improve its security management. The company's CISO faced the challenge of providing real-time security posture updates to the board and CEO. Previously, they relied on consultants for periodic assessments, costing about $500K every six months, and they were quickly outdated. AppSOC’s platform allowed the company to continuously monitor and prioritize risks based on business context, significantly improving their security management and reducing the reliance on periodic, manual assessments.

“The CISO is looking for a platform to get this in real time, get it as a continuous process rather than a one-off... It was dead on arrival in terms of the validity of the data.”

Remediation and Automation

Regarding remediation, Leichter stressed the importance of eliminating bottlenecks and automating communication workflows. AppSOC’s platform prioritizes alerts to prevent overwhelming users and integrates with tools like ServiceNow and Jira for bidirectional communication. This approach ensures that important information is not lost, and that the remediation process is efficient. Leichter also mentioned the significance of exception management, where known issues that are not critical can be filtered out to avoid unnecessary alerts.

AI Security: The New Frontier

Leichter discussed the emerging field of AI security, noting that while it is still in its early stages, it is a rapidly growing concern. The proliferation of AI tools, such as large language models (LLMs), has created new attack surfaces that need to be addressed. He highlighted the challenges of governing AI projects, particularly as they are often managed by new players, such as data scientists and business owners, who may not follow traditional security practices. AppSOC is working on “Shadow AI” discovery, similar to Shadow IT, to identify and manage these projects within a compliance framework. The goal is to establish guardrails for AI systems to ensure they are secure and aligned with the organization’s overall security strategy.

Leichter also emphasized the importance of integrating AI security into existing security frameworks to avoid creating new data silos. He drew parallels to the early days of web security, where organizations had to learn how to manage the risks of employees surfing the web or using cloud services. He believes that, similarly, organizations will need to learn how to enable AI securely, rather than attempting to block it altogether.

“Whatever is happening, it should be enabled properly. And if you don't, it'll happen anyway.”

Conclusion

In conclusion, Leichter’s insights reflect AppSOC’s innovative approach to the evolving challenges of application security. By breaking down silos, prioritizing risks based on business context, and integrating AI security into existing frameworks, AppSOC is positioning itself at the forefront of the ASPM space. The AppSOC team is leveraging their extensive experience in security management to develop solutions that are both pragmatic and forward-thinking, addressing the immediate needs of organizations while also preparing for future challenges. The interview underscores the importance of continuous innovation in security management and the critical role of AI in the future of cybersecurity.