Reimagining Contextualized SaaS Security with Generative AI

In an increasingly complex digital landscape, modern enterprises are using hundreds of SaaS solutions, accessed by almost every employee and external users, while critical business data  is being shared thousands of times a week. There are 3 main steps in order to effectively secure the SaaS environment:

• Discover your SaaS applications being used
• Discover who is using them and how
• Discover the data being accessed and data risks

At Reco, we are using a different approach to solve these challenges. We leverage Graph analytics and generative AI to provide a contextualized SaaS security solution that links together apps, identities and data.

‍

Today, I’ll share how Reco is harnessing Generative AI to help with the first challenge - Discover SaaS applications effectively.

‍

Shadow Applications - The Unseen Challenge

Understanding the array of applications utilized within an organization is no longer a luxury but a necessity. Shadow Applications are applications used without official organizational approval. They pose significant challenges, including heightened cybersecurity threats, critical data exposure, compliance issues, operational inefficiencies, and elevated costs. Identifying and managing these shadow applications is often complex due to the different names that the same application may have across various audit logs, such as Google Workspace, Microsoft 365, Okta, Salesforce, etc..

‍

‍

Decoding the Complexity with Generative AI 

To tackle this, we developed a unique 'Application Discovery Consolidation' process based on an LLM chain. An LLM Chain, is a powerful concept that combines different primitives and LLMs to create a sequence of operations for natural language processing (NLP) tasks. Our AI chain, links different instances of the same application automatically, despite variations in naming across different platforms. For instance, 'Zoom' appearing as 'Zoom for GSuite for Google', and ‘Zoom for Outlook’ in certain logs, are identified as instances of the same application.

‍

‍

Exploring the LLM-Chain’s Technical Core

At the heart of our application consolidation process is n chain powered by LangChain and OpenAI's GPT-4, a state-of-the-art Large Language Model (LLM). Whenever the system encounters a new app instance name, the chain conducts two parallel operations. First, it uses Google search to enrich the app instance with relevant information, to cross-reference and validate these associations. Secondly, it employs a similarity search to find comparable app instances or generic apps already mapped in our database.

These two streams of information—enriched data from Google and similar instances from our database—are then fed into the LLM. The AI model uses its understanding of language and context to predict if the new app instance corresponds to an application we've already identified or if it's an entirely new application.

‍

Understanding the Impact: App Instances in Numbers

Our work with multiple customers has brought to light the sheer scope of the application consolidation challenge. We've found that more than 10% of the apps have multiple instances. Yet, these applications aren't marginal - they account for over 90% of the user accounts. Even more striking is the fact that over 40% of user accounts are associated with apps that have 10 or more instances.

‍

‍

These statistics underscore the necessity and value of our unique approach to application consolidation. By effectively mapping and linking these multiple instances, we're able to bring clarity and efficiency to a complex landscape, greatly enhancing our capacity for comprehensive app governance and shadow app discovery.

‍

The Intersection of App Governance and Shadow App Discovery

This process is central to our application governance strategy, and it also serves as a powerful shadow app discovery feature. By consolidating the application landscape, we not only map out authorized software within an organization but also bring to light unauthorized, shadow applications.

‍

We can then track each application's usage and associated users within the organization. This gives us a 360-degree view of the software ecosystem within the firm, including shadow IT, allowing us to propose governance measures for application usage and mitigate potential risks.

‍

Reimagining Contextualized SaaS Security with Generative AI

Our approach to application consolidation has far-reaching implications for bolstering security and streamlining software management, reinforcing our commitment to pioneering security innovation. With a comprehensive graph that normalizes apps, identities and asset together, we can better contextualize securiy risks, enhancing our clients' overall security posture.

‍

As we continually refine our AI-based systems, we aim to further redefine SaaS security and application governance. This dedication to leveraging advanced technology to deliver robust and intelligent security solutions positions Reco at the leading edge of this rapidly evolving field.

‍

Reco is a SaaS security platform that provides protection for data in SaaS, as well as ensuring proper posture is enforced in SaaS tools. Reco's platform harnesses the power of AI to take all unstructured data and communication in SaaS tools and build a real-time interaction graph for the specific organization, providing context around sensitive data and people to assess the risk in SaaS tools.