Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

AI augmentation in security software

March 2024 Security Services & Risk Management, AI & Data Analytics

By Paul Meyer, Security Solutions Executive, iOCO.


Paul Meyer

If you missed it, the first article in this series can be found at www.securitysa.com/21546r.

Static Application Security Testing (SAST) is defined as the products and services that analyse application source byte, or binary code for security vulnerabilities. These tools are one of the last lines of defence to eliminate software security vulnerabilities during application development or after deployment.

These software security tools and services report weaknesses in source code that can lead to vulnerabilities that can be exploited, which can, of course, lead to a breach and subsequent damage to your organisation. SAST enables companies to assess and transform their security posture.

This paradigm shift in static analysis dramatically increases return on investment as the time and cost of audit results decrease substantially. Rather than reducing the breadth of security issues, scan analytics platforms can distinguish non-issues from the real thing, and they can do this automatically. This innovative approach utilises big data analytics to scale secure software assurance to the enterprise without sacrificing scan depth or integrity.

Automated application security must be built into their processes, especially as businesses transition to DevSecOps environments. Automation reduces the repetitive, time-consuming work of issue review through the scan analytics platform.

Human intervention is still needed

SAST reports categorise issues in terms of criticality, but they must then be manually confirmed by expert application security auditors as either exploitable or not a problem. These specialists are required to validate findings using details specific to the enterprise, such as the context of an application and its deployment. Time-consuming audits have traditionally come at a significant cost to businesses and expose fundamental challenges attached to delivering secure applications.

The much-reported cybersecurity skills gap adds to the challenge of software security assurance. Static analysis tools make the impossible job of securing code possible, and a skilled auditor’s software security expertise verifies actionable findings. Even the best security teams are ultimately limited by the human experience available. However, this often pales into insignificance compared to the innumerable software flaws companies can be exposed to.

This is where machine learning (ML) comes to the fore with the next evolution of applications making the process of securing developing ones quick and efficient. These techniques extend the reach and better scale the expertise of security professionals through the entire development lifecycle.

ML coupled with predictive analytics - the next generation of SAST - provides actionable intelligence with problems being assessed by scan analytics platforms.

AI-driven static analysis and ML vastly increase speed and accuracy in application security by running thousands of static, dynamic, and mobile scans per week, scanning billions of lines of code. The scan results are then passed to a team of expert auditors who identify and prioritise the findings.

In this way, it is possible to confidently assess the vulnerability and complexity of threats and determine how issues must be categorised, for example, labelling them as exploitable, indeterminable, or not a problem.

Through ML technologies, a company’s application security program can become more efficient and effective without expanding headcount or allocating additional budget. This shift in SAST from scarce human expertise to the limitless scalability of AI can reduce non-issue findings by up to 90 percent. 

Conclusion

Enterprises no longer need to accept noisy scan results, nor do they need to make trade-offs between scan comprehensiveness and time-to-audit. It is also not necessary to negatively impact product delivery dates with scan review time. Classifiers trained on anonymous issue metrics can reduce the expense of software security assurance programs without the risk of identifiable data being transmitted to the cloud. Today, it is possible for businesses to reduce their overall security workload through vulnerability prediction software.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

When your security starts thinking with you
Secutel Technologies Surveillance Perimeter Security, Alarms & Intruder Detection AI & Data Analytics
If you manage a warehouse or logistics environment, you already understand how quickly risk can escalate during the day and after hours. The question is: how quickly can you respond?

Read more...
Africa’s opportunity to shape the future of human-centred AI
AI & Data Analytics Security Services & Risk Management
Across the Global South, countries are not yet locked into decades of legacy AI systems, energy-intensive infrastructure, or governance frameworks designed for a different technological era. That creates something rare in technology development: a cleaner slate.

Read more...
AURA appoints Taryn Winer as global head of people
News & Events Security Services & Risk Management
Following its €13,5 million Series B funding round last year and accelerating international expansion, particularly across the United States, AURA has appointed Taryn Winer as global head of people.

Read more...
95% do not have full trust in cybersecurity vendors
Information Security Security Services & Risk Management
Trust in cybersecurity vendors is fragile, difficult to measure, and increasingly shaping risk posture at both operational and board levels. Lack of verifiable transparency undermines cybersecurity decision-making, according to Sophos-backed research.

Read more...
Enhancing control room operations
iFacts Security Services & Risk Management Surveillance
As South Africa faces complex and more advanced security challenges, the demand for advanced surveillance solutions, including CCTV and security control rooms, continues to surge, but what about the people in front of the screens?

Read more...
The AI goldrush has a credibility problem
Refraime Editor's Choice Surveillance AI & Data Analytics
The single most important question a surveillance buyer can ask is deceptively simple: “Was this system programmed or was it trained?” That question alone will reveal more about what you are evaluating than any feature list or marketing video.

Read more...
Crime behaviour insights more important than ever
Leaderware Editor's Choice Surveillance Training & Education AI & Data Analytics
Behavioural surveillance skills are as essential now as they have ever been, especially in situations where quick evaluation of context is needed. Training operators in behavioural recognition skills is a vital part of control room success.

Read more...
Large-scale AI boosts manufacturing efficiency
Hikvision South Africa Surveillance Industrial (Industry) AI & Data Analytics
Video systems, once used mainly for security, are rapidly becoming one of the most valuable sources of operational data in factories and industrial parks, accelerating smart manufacturing process.

Read more...
Understanding the Shared Responsibility Model
Infrastructure Security Services & Risk Management
While the cloud can certainly be a growth enabler in many ways, it can also introduce new security risks. Companies want to have a clear understanding of where their security duties end and where their cloud service provider’s begin.

Read more...
From vibe hacking to flat-pack malware
Information Security AI & Data Analytics
HP issued its latest Threat Insights Report, with strong indications that attackers are using AI to scale and accelerate campaigns, and that many are prioritising cost, effort, and efficiency over quality.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.