Deepfence Revolutionizes Cloud Security with AI-Powered Remediation: Introducing ThreatRx! - PART 1
November 27, 2023
In the ever-evolving landscape of cybersecurity, the stakes are high, and every organization, regardless of its size or industry, is a potential target. As cloud environments grow increasingly complex, ensuring their security becomes more challenging than ever before. Today, we're thrilled to announce our latest game-changer: AI-assisted remediation via a new feature called ThreatRx for cloud misconfiguration issues and vulnerabilities. The best part is that we are open-sourcing ThreatRx by integrating and launching it first within Deepfence’s Open Source Cloud Native Application Protection Platform (CNAPP), ThreatMapper, before extending its capabilities into the runtime workload protection space with integration into ThreatStryker next week.
We will use today’s post (part 1 of 2) to explore the ThreatRx integration into ThreatMapper and all of the different ways in which AI-assisted remediation benefits customers in cloud scanning, risk remediation, and vulnerability management. We'll walk you through the ThreatRX announcement, our strategic open-source approach to democratizing AI technologies for security use cases, and how ThreatRx provides remediation assistance for misconfigurations (CSPM scans), CVEs (vulnerability scans), exposed secrets (secret scans), and malicious software (malware scans).
What We're Announcing Now and What's Coming Soon
Announcing Now: ThreatRx, LLM-Assisted Remediation for Cloud Misconfigurations (CSPM Scans)
In today's fast-paced cloud environments, misconfigurations can be a ticking time bomb. Recognizing the critical importance of remediation, we've integrated cutting-edge Large Language Models (LLMs) into ThreatMapper’s Cloud Security Posture Management (CSPM) feature set via ThreatRx.
What does this mean for you? It means that when a misconfiguration is identified and alerted on, Deepfence doesn't just stop at detection. We provide you with actionable, AI-driven remediation suggestions. Not only are they actionable suggestions, but remediation results are presented via different technology instrumentation methodologies such as CLI, terraform, Pulumi, etc. Think of it as having a virtual security expert at your disposal, ready to guide you step-by-step through the remediation process and present the exact code snippet you need to implement it in whatever technology layer you choose. This allows companies to resolve the subject matter expert shortage as complexity explodes in the cloud that they have to manage.
Threat Rx, LLM-Assisted Remediation for CVEs (Vulnerability Scans)
In the same way cloud misconfigurations are exploding, vulnerability management is becoming increasingly important to organizations in today’s complex and diverse cloud environments. Whether it’s maintaining healthy security postures, responding to zero day incidents, or maintaining continuous compliance in the cloud, being able to identify a vulnerability by its severity, exploitability and remediate it quickly is of critical importance. If we can’t get the fundamentals of cloud security right then we’ll continue to fight an uphill battle against threat actors. That’s why we wanted to extend the simplicity of ThreatRx's AI-assisted remediation to vulnerability management.
ThreatRx, LLM-Assisted Remediation for Malicious Software (Malware Scans)
AI-based remediation suggestions can be obtained from the results of scans done to check for various malware signatures on hosts and containers.
ThreatRx, LLM-Assisted Remediation for Exposed Secrets and Sensitive Data (Secret Scans)
ThreatRx can easily assist in providing recommendations to remediate open secrets and sensitive data that is left behind within the infrastructure.
ThreatRx Leverages Today’s Industry-Leading Learning Models to Power Cloud Security Remediation
Not only that, but we have integrated the top LLMs into ThreatStryker Enterprise that are out today in order to help you get a myriad of helpful suggestions regarding remediation strategies and tactics. These integrations include: ChatGPT from OpenAI and AWS Bedrock, which allows us to leverage a single API to integrate into today’s leading LLMs.
Over the Next Few Weeks: Expanding Remediation into Runtime; Integration of ThreatRx into ThreatStryker
We're not stopping here. Our commitment to your security extends beyond cloud misconfigurations. Deepfence will harness its wealth of runtime security context and the intelligence of AI to keep your attack surface pristine and protected against the latest threats. Whether it's runtime protection, data breaches, or any other security challenge, we're harnessing the power of AI to make your remediation efforts more effective and efficient.
That’s why the next step in our immediate journey and one that will be explored in more detail in Part Two of this post is the ThreatRx Integration into ThreatStryker. In particular, we will look at how AI can assist in the development of runtime detection and protection policies given what security observability data Deepfence is able to gather on an environment and how AI helps us extrapolate insights into incident data that we are gathering about a cloud environment.
Why We Chose This Path
You might wonder why we've chosen this specific path when there are numerous other exciting possibilities in the world of generative AI and security. Let's break it down:
At Deepfence, our decisions are guided by the needs of our customers and open source user base. Customer-driven innovation starts in the realm of open source and should continue to have a home there! Open-source projects provided the tools that AI and machine learning needed for storing and processing large amounts of data on clusters of machines. Without this data and quick access to it, Large Language Models (LLMs) couldn't work. Also, maintaining data sets, rules, queries and their parameters, etc in open source is critical to ensuring that open source models remain fair, free from bias, and safeguarded via community checks and balances. Therefore, it was important for us to launch ThreatRx as an open source feature set first, democratizing access to AI capabilities for users and ensuring that our code for said feature is always publicly available for audit and community contributions!
We've listened extensively to customer feedback on which direction we should proceed with the roadmap and in particular our usage of AI and one resounding request echoed through - the need for easier remediation in the face of complex, resource-strapped environments. AI-driven remediation is our response to your needs.
So while we could have pursued a number of other AI-related projects both leveraging AI and helping companies implement AI in a safe and secure manner, customers were guiding us to this initial launch for AI-assisted remediation. While companies were indeed beginning to leverage AI more often within their application stacks, these use cases were often still in R&D environments, leveraging sandboxed technology sets, and/or merely cloud applications.
At Deepfence we have always believed deeply that security cannot move forward unless we get the fundamentals around risk prioritization of our attack surface correct and the operational concerns of securing complex cloud environments are addressed. Guided remediation fits perfectly with this philosophy of helping companies tackle the operational challenges of responding to a multitude of security alerts across their cloud environments. The ability to quickly identify a remediation and be guided through it based on the runtime context Deepfence has about your environment can help alleviate the amount of time, people and subject matter expertise you need to fix a particular issue, particularly given the complexity and fragmentation that exists within cloud infrastructure today. You can forgo ensuring you have expertise present at all times for every system and focus instead on alleviating risk in your environment in a continual manner. This is critical to healthy security and compliance management in the cloud today and is a fundamental we cannot ignore before moving onto more complex problems.
The Future of Cloud Security
As we stand at the intersection of AI and cybersecurity, the future holds incredible promise. With Deepfence, you're not just investing in a security solution; you're securing a future that's agile, proactive, and AI-powered.
Imagine having real-time detection and response for your AI-based models, seamlessly integrated into your security infrastructure. Picture a world where your AI configurations are effortlessly managed and optimized, ensuring your applications are both secure and efficient. Envision a virtual CISO, ready to decipher your security data with the precision of a seasoned expert.
This is the future we're building at Deepfence, where AI is not just a buzzword, but a practical tool that transforms how you safeguard your assets. With AI-driven remediation, we're taking the first step into this future, and there's so much more to come.
In conclusion, our commitment is unwavering - to empower you with the tools you need to stay ahead in the cybersecurity race. The future is here, and it's secure. Join us in this exciting journey into the world of AI-driven cloud security and keep an eye out for part two of this blog post where we dive into the ThreatRx integration into ThreatStryker, how that plays into runtime protection, and the future AI roadmap here at Deepfence.