Ordr Taps AI to Augment Attack Surface Management
Ordr this week added an attack surface management (ASM) tool infused with artificial intelligence (AI) to its existing asset management portfolio.
Pandian Gnanaprakasam, chief product officer for Ordr, said OrdrAI Cyber Asset Attack Surface Management (CAASM+) uses multiple types of machine learning and generative AI models to continuously identify assets in real-time based on classifications that a correlation engine then uses to surface risk levels based on configuration.
IT teams can also launch natural language queries using generative AI models developed by OpenAI to better understand their overall security posture after, for example, an anomaly has been discovered, he added. Cybersecurity teams will be able to take advantage of retrieval augmentation generation (RAG) techniques to expose those LLMs to additional data, said Gnanaprakasam.
In addition, OrdrAI CAASM+ is designed to be integrated with IT service management (ITSM) platforms that enable organizations to automate remediation workflows, noted Gnanaprakasam.
As ASM continues to evolve, a convergence with traditional IT approaches to managing assets has become inevitable, especially as IT operations teams take on more responsibility for security operations (SecOps). The challenge is the rate at which organizations are adding unmanaged devices to networks makes it challenging to ensure, for example, that the latest secure version of an operating system is running.
IT needs to be able to leverage AI to achieve that goal in a way that doesn’t run afoul of any potential data privacy regulations, added Gnanaprakasam.
That type of capability is critical because the volume and sophistication of cyberattacks is only going to increase as cybercriminals continue to experiment with artificial intelligence (AI) tools that make it simpler for them to create malware. Much of that research is being done by nation-states that eventually share those insights with allied cybersecurity syndicates that provide, for example, ransomware-as-a-service platforms across an ecosystem of cybercriminals.
It’s not clear at what point ASM and traditional IT asset management might one day converge, but it’s apparent that anything connected to a corporate network is a potential target. The challenge is there is simply not enough cybersecurity expertise available, so a larger percentage of security operations (SecOps) tasks need to be assumed by IT operations teams. After all, the issue, as always, is that which can’t be seen can’t be managed, much less secured.
In the meantime, the one thing that is certain is that cyberattacks will only increase in volume and sophistication as cybercriminals also leverage AI. Arguably, the only way organizations are going to be able to defend themselves is to rely more on the AI technologies being embedded in various platforms by security vendors that have the data science expertise required to build AI models.
The level of AI expertise those vendors provide will depend on the quality of the data used to train those models. In the case of Ordr, the company is betting that all the devices it already tracks will provide the base of data required to train AI models today and, just as importantly, continuously update them.
