Outshift Leads the Way with AI at RSA Conference 2024

The latest AI-based enhancements for Panoptica will help customers build a complete Cloud Native Application Protection Platform solution.

Outshift by Cisco continues to double down on its investment in cloud application security and artificial intelligence capabilities within its Panoptica product, demonstrating Outshift’s commitment to delivering industry-leading AI products. Looking ahead, AI will be at the forefront of Panoptica’s new features and capabilities, ensuring that customers’ growing application security needs are met, allowing them to keep up with emerging threats, navigate the elusive threat landscape, and stay ahead of attackers.

Outshift’s announcements at RSA Conference 2024 included Smart Cloud Detection & Response (CDR), GenAI Dynamic Remediation, and Security Graph Query. These innovations demonstrate Outshift’s investment in building a complete Cloud Native Application Protection Platform (CNAPP) ready to help customers drive their cloud application security journeys and adoption.

Comprehensive Visibility at your Fingertips with Smart Cloud Detection & Response (CDR)

CNAPP provides comprehensive visibility across cloud environments, enriched with context and correlation specific to cloud activities. Meanwhile, Smart CDR extends capabilities to include AI-powered threat intelligence and predictive threat analysis, integrating cloud security data with wider system protections.

Panoptica’s Smart CDR gives security teams a head start in detecting attacks and continuously monitoring security events as they occur and correlating them with insights and information so that they can respond. Based on Cisco internal GenAI purple team research, Smart CDR provides forensic information about the attack. Every bad actor has an intent, and our job is to help describe what’s going on by painting a picture of the attack story.

Smart CDR detects threats in real time and promptly notifies security teams. Most competitors stop at threat detection, but we go further, stitching these threats together to describe the attacker’s intent. Our approach involves generating synthetic attack simulations to train our ML models to detect attacks like ransomware, data exfiltration, crypto-jacking, container escape, and data destruction. Furthermore, Smart CDR aims to reduce the overall noise and allows security teams to focus on the real issues.

GenAI Dynamic Remediation Accelerates with OpenAI’s ChatGPT-4

Panoptica’s GenAI Dynamic Remediation derives customized, targeted remediations based on the entire security risk context presented by the Attack Path Analysis engine and provides step-by-step instructions on how to apply the controls using CLI, Code Snippets, and Terraform tailored to the unique characteristics of each attack path.

Panoptica integrated GPT-4 with our graph engine, enabling it to present users with in-depth, tailored remediations for each detected attack path, including remediation guidance tailored to each of the critical points of infiltration: network exposure, workload at risk, and identity exposure. This rapidly decreases response time by giving teams sample code that gets right to the source of the issue. No more wasted time figuring out how to solve the problem; a simple code sample shows you exactly how you can fix it right now.

Harnessing the power of generative AI, we have enriched the Attack Path Analysis with several key features:

  1. Interpretation of attack paths using their topological structure and security enrichment details like network exposure and vulnerabilities.
  2. Contextual analysis provided by the associated risks identified by the graph engine.
  3. Four distinct remediation types are offered: web console guidelines, CLI commands, Python SDK code snippets, and Terraform file snippets for different user preferences.
  4. Advanced data privacy measures with pre-processing that masks sensitive information and post-processing that reinserts client-specific details.

Streamlining Policy Creation, Security Compliance, and Policy Management with Security Graph Query

The Security Graph Query added to Panoptica’s CNAPP offering enhances the platform by integrating the Security Graph Query with the policies engine. This integration allows users to create, manage, and enforce security policies directly from the Security Graph Query Builder and Query Library. The feature is a comprehensive search and visualization tool that aggregates data across multiple cloud providers, code repositories, APIs, SaaS applications, and Kubernetes clusters.

It utilizes queries crafted for assets and their relationships and security insights such as attack paths, risk findings, and vulnerabilities. The goal is to streamline policy creation, improve security compliance, and make policy management more efficient and data-driven.

Several use cases include:

  1. Proactive threat hunting: search for signs of compromise and emerging threats by constructing custom queries that indicate potential security risks.
  2. Contextual analysis: understanding the context of an event or entity within the graph allows security teams to make more informed decisions.
  3. Visualization for non-technical stakeholders: graph visualizations can be valuable for conveying complex security information to non-technical stakeholders, which helps them grasp the scope and severity of security posture gaps.
  4. Resource Optimization: security teams can use the insights from the graph to optimize resource allocation, focusing efforts on areas of the network that are most vulnerable or frequently targeted.
  5. Compliance and Reporting: The graph can serve as a valuable resource for compliance reporting, demonstrating that the organization actively monitors and investigates security events.