GenAI Attack Path Remediations for Panoptica

By: Roy Maor

Mar 28, 2024

Generative AI technology is rapidly evolving, offering groundbreaking capabilities in various fields, including cloud native environments and CNAPP (Cloud-Native Application) solutions. Development of generative AI technology holds immense promise for enhancing the capabilities and performance of cloud-native environments and CNAPP solutions.

By enabling advanced data generation, security testing, content personalization, automation, adaptive architecture design, predictive analytics, and continuous improvement, generative AI empowers organizations to unlock new levels of innovation, efficiency, and user satisfaction in the cloud-native ecosystem.

With this in mind, Panoptica, Cisco’s cloud application security solution, has added GenAI capabilities to its Attack Path Remediations.

Read more about Cisco’s GenAI developments here.

Challenges with Static Remediation

Up until now, the Panoptica platform has used static, textual remediations shown to the user on the Attack Path page for every detected path. This has brought challenges in two main aspects.

  • First, from the development cycle side, it got hard to manage manually hundreds of static remediations and craft new ones for every new attack path or new variations of existing ones.
  • Second, from the user experience side, the remediations suggested were not thorough enough and did not include specific instructions on mitigating the issues presented in the attack path.

The remediation suggestions were mostly short, general explanations that left the user with a lot to do by itself to remediate the different issues.

Bringing GenAI to Panoptica’s Attack Path Remediations

To solve this pain point, Panoptica has integrated the graph engine of the platform with OpenAI’s Chat-GPT4.

For every detection, the LLM-based chatbot is presented with the attack path graph, including the topological structure of the path (nodes and relationships) and its security enrichment details (network exposure, security findings, vulnerabilities). Additionally, the risk cause (generated by the graph engine) is aimed to provide context for the attack path and explain why it was detected.

Finally, the chatbot is asked to provide a text explaining the attack path and a technical remediation to the end user of the platform, including reducing the attack path risk and patching the CVEs or removing the malware if found.

What does the structure of the solution look like?

The solution provides separate detailed remediations to each of the three attack path infiltration paths:

  • Network exposure - ACLs and gateways
  • Workload at risk - configuration risks and vulnerabilities
  • Identity exposure - permissions and policies

For each phase, four remediation types are formed:

  1. Remediation guidelines - guidelines that can be followed in the web console of the cloud provider.
  2. CLI remediation - cloud provider's CLI commands that can be used in the terminal.
  3. SDK remediation - code snippets that use the official cloud vendor SDK for python.
  4. Terraform remediation - terraform files snippets for Infrastructure-as-Code applications.

This allows the user to use its preferred method of remediation for every phase of the attack path, depending on its accepted practices and preferences.

All remediation types are presented as step-by-step instructions, with the goal of being as clear as possible for the user to follow.

Ensuring Data Privacy

No UIDs or other client-sensitive identifiers are exposed to ChatGPT. That attack path goes through a pre-processing phase before being sent to ChatGPT as part of the prompt, in which all UIDs and resource names are replaced with hashed masks, making it impossible to reverse-engineer these details. After receiving the response and building the remediation, all the UIDs and the client-specific details are injected back to it in a post-processing process, to keep the user experience complete and detail-oriented.

Accelerating User Experience and Cloud Security Innovation

As strides are made in GenAI technology, Panoptica will continue to fine-tune the AI-generated remediations. This capability equips the platform with the ability to identify more critical points and address them out-of-the-box in the solution.

Accelerate your path to a more secure cloud with Panoptica.

Connect with us to schedule a live demo.

Panoptica blog

Becca Gomby

Tuesday, Mar 26th, 2024

Rami H.

Thursday, Mar 14th, 2024

Sarabjeet Chugh

Wednesday, Dec 20th, 2023

Shweta Khare

Tuesday, Nov 21st, 2023

Popup Image