AI’s impact on the future of web application security
In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, and strategies for securing web applications.
Perez also addresses how AI-driven threats are shaping the future of web security and the need for adaptive defenses.
Could you elaborate on the importance of continuous monitoring, especially for detecting zero-day vulnerabilities and runtime threats?
Continuous monitoring is probably one of the most undervalued security controls an organization can employ, it’s also probably one of the least expensive. Continuous monitoring offers us real-time visibility across all our assets and when deployed and managed correctly offers a security team the means to quickly identify anomalous behavior (or Indicators of Compromise).
In all our years of incident response work, there were always little indicators that could have helped the teams more quickly identify a hack, zero-day, or another similar security event. That being said, continuous monitoring without the appropriate training and skills to make sense of the noise is also useless.
What unique security challenges do APIs and microservices pose, and how can they be effectively protected?
APIs are unique because they expose an organizations endpoints intentionally, and unintentionally. They can function as attack vectors and because they don’t have an obvious front of site component it’s easy to forget. They also tend to be misconfigured, specifically with poor authentication controls. This is why we see more data breaches and unauthorized access security events stemming from APIs.
Securing APIs is relatively straightforward, everything from the basics of ensuring encryption for data in transit to things like appropriate authentication / authorization controls, rate limiting and other similar controls like input validations.
What common misconceptions about web application security need to be addressed?
I think the biggest misconception is that security teams treat web applications as they would their traditional networks and devices, but they are fundamentally different. You should not be thinking traditional network /perimeter defense solutions, instead you should be thinking, seeing these applications, as entry vectors into your network bypassing traditional defenses.
It’s why you want to ensure web environments are isolated from your organizations network, ensure you’re thinking of edge-based solutions like Web Application Firewalls and spending more time thinking about application layer type threats. We love to talk about strong passwords and encryption (i.e., HTTPS) but security for web applications require a more comprehensive approach.
How do you see the future of web application security evolving, especially with the rise of AI-driven attacks and defenses?
We won’t have much choice but to also integrate AI-solutions in our defensive solutions. AI is bringing about an entirely new adaptive and sophisticated approach to security that we will all need to adapt to. On the defense side machine learning technologies have been employed for a long time, it’s been used for anomaly detection across networks and devices and have been leveraged to proactively mitigate attacks.
With AI I’d wholly expect to see improved detection and response times, both for identifying security events and anomalous behavior as well as mitigating responses once an event has been identified. The one area that we should absolutely expect to see is the use of AI in social engineering with deep fakes and other similar tactics, this is the area that should probably concern is the most. Especially when it is used to improve Phishing and similar attacks.