Your digital "Home of IT Security"
365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
Make an appointment with
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
Create an onsite appointment with
So that you can make an onsite appointment, the appointment request will open in a new tab.
Artificial intelligence is now indispensable in many offices, but it is not always safe. Solutions for these and other current challenges were presented at the it-sa Expo&Congress. The first part of the trade fair review focuses on AI, EASM (External Attack Surface Management), DSPM (Data Security Posture Management), CSPM (Cloud Security Posture Management) and ASPM (Application Security Posture Management).
The use of generative AI is now part of everyday office life, but this is not always to the benefit of the company. The innovations presented at it-sa Expo&Congress include products that offer solutions against AI misuse, as well as other innovations.
Artificial intelligence (AI) has arrived in everyday working life. In the office, letters or concepts are created and analysed using generative AI such as ChatGPT. However, if business reports or tables with sensitive data are to be analysed with AI, the relevant documents need to be uploaded. Only then they can be processed by the AI in the cloud. In this way, company secrets are transferred to the AI systems on a daily basis, although it is unclear what else happens to the data there and what analyses it is used for.
Programming with AI can be dangerous
But the problem goes further, because programmers also use AI. Stefan Strobel, CEO and founder of the security specialist Cirosec, illustrates this with an example: "Copilot from Microsoft can link directly into the software environment, from where the entire code is then transferred to the AI so that it can supplement or check a programme". This has already made headlines, as reported by the online magazine Golem, for example. Following an incident at Samsung in which developers used ChatGPT and uploaded source code, the South Korean company banned the use of ChatGPT and other chatbots.
"This raises the question of how to solve problems caused by the use of AI," says Stefan Strobel. Providers of security solutions have recognised this and have recently added corresponding products to their portfolio. "In some cases, these products are embedded in browsers, determine whether the user is connected to an AI and block this or remove critical data from it," explains Strobel. It works in a similar way with developer environments.
AI is also increasingly being introduced in the form of APIs, tools or libraries that are integrated into applications. To safeguard the use of AI in the company, pentesting with a focus on AI is now also being offered. "These providers generate queries for AI systems that could deliver sensitive or dangerous data or even reveal internal company information," explains Strobel.
Looking at the company from the outside
This year's it-sa Expo&Congress had many other innovations to present beyond the topic of AI. One of these was External Attack Surface Management (EASM). This approach is a response to increasingly globally distributed systems and cloud usage. This is because external components and resources, which are often integrated into internal business processes, create new attack surfaces. These include publicly accessible websites, applications and the like. Monitoring and security measures for these systems often do not meet the standard for systems behind the firewall. In the worst case, they have already been forgotten by those responsible for IT, blind spots have emerged. Attackers therefore specifically look for these components in order to penetrate the company network from there. Therefore EASM solutions use suitable vulnerability scanners to scan the company from the outside and also find addresses that have been forgotten. They also reveal vulnerabilities or configuration errors. Monitoring is carried out regularly and automatically.
Database vulnerability
There are also new developments for in-house IT, such as database systems. A company's most important data is often stored in huge databases. If attackers manage to access them, they can use suitable queries to extract sensitive data or extract the entire database. Protection systems try to prevent this. They are usually located at the interface between the database management system and the query component in order to analyse queries for potential threats. For this purpose, query authorisations are checked, access rights are set granularly and queries are analysed for further problems. Some of these security solutions also have the ability to learn what are legitimate queries and what are not. In addition, such solutions are now also possible for SAP applications, which also contain extensive data collections that are of great relevance to a company. SAP uses its own query language, which security solutions must master in order to carry out checks. These technologies are usually referred to as Data Security Posture Management (DSPM).
Nowadays, databases are often located in the cloud, as are the applications based on them. DSPM is then expanded to include Cloud Security Posture Management (CSPM) to protect them. Among other things, this also involves detecting configuration errors, problematic access rights and similar issues. But what would the industry be without a constant stream of new terms and abbreviations? That's why another variant comes into play: Application Security Posture Management, or ASPM for short. The focus here is on an overall view of the security of all web applications and associated data. ASPM tools often have interfaces to other testing tools, for example to check the source code of your own web applications. Among other things, this involves ensuring that the libraries used are up-to-date or that data access is secure.
