Agentless cloud security provider Orca Security has integrated Microsoft Azure OpenAI GPT-4 into its Cloud Native Application Protection Platform (CNAPP) under the ChatGPT implementation program that the cybersecurity company started earlier of year
“With our transition to Azure OpenAI, our customers benefit from the security, reliability and enterprise-grade support that Microsoft provides,” said Avi Shua, chief innovation officer and co-founder of Orca Security. “By integrating GPT-4 into Orca Security’s CNAPP platform, security professionals can instantly generate high-quality remediation instructions for their platform of choice.”
The integration could help devsecops teams working in cloud environments.
“In cloud-native applications, it’s ideal to make as many changes as possible early in the lifecycle, for example in IaC or Terraform tools, as teams generally struggle to address all the issues that security tools identify in production,” said Jimmy Mesta, co. -founder and CTO of KSOC, a Kubernetes security company. “Orca’s intent is to address this reality by trying to help customers reduce the amount of time they spend acting on alerts in their solution.”
In addition, Orca has announced a set of new features that include integration. Integration and enhancements are available immediately.
GPT allows you to query patch instructions
With a Representational State Transfer (REST) API-based integration to OpenAI’s Generative Pre-Trained Transformer (GPT) engine, Orca aims to enable security professionals to generate remediation instructions for each alert from the Orca CNAPP platform.
“Orca advertises the use of GPT-4 to generate remedial instructions for the alerts that its product creates. These remedial instructions would be used in different places depending on the nature of the recommendation; for example, they could apply to an Infrastructure as Code (IaC) tool or a cloud services account such as Azure Kubernetes Service (AKS) or Google Kubernetes Engine (GKE),” said Mesta.
The generated remediation instructions can be copied and pasted into platforms such as Terraform, Pulumi, AWS CloudFormation, AWS Cloud Development Kit, Azure Resource Manager, Google Cloud Deployment Manager, and Open Policy Agent.
Additionally, developers can ask follow-up questions to ChatGPT, a large language model (LLM) based on the GPT architecture, directly from within the Orca platform.
“Orca displays alerts for cloud misconfigurations at runtime, post-deployment, so by the time the alerts are displayed, the problem is already present. The integration is useful in the sense of going back in the cycle of the application development lifecycle to fix the problem in the code. A kind of “detect in production, fix early in the lifecycle,” Mesta said.
GPT-4 automates the creation of code snippets
Orca had introduced support for GPT-3 (an earlier version) to the Orca platform in January and has since claimed a dramatic reduction in mean time to fix (MTTR) for customers. The GPT-4 integration is expected to take advantage of this momentum, as the model update includes improved accuracy in addition to the ability to generate code snippets.
Other enhancements accompanying the GPT-4 integration for Orca include “rapid optimization to produce even more accurate remediation responses, inclusion of remediation instructions in assigned Jira tickets, support for remediation of Open Policy Agent (OPA) and new cloud provider-specific remediation methods, including AWS, Azure and Google Cloud,” according to Shua.
The Open Policy Agent (OPA) is an open-source, general-purpose policy engine that enables the implementation of policies as code. It provides a declarative language called Rego that allows users to specify policies as rules that evaluate whether a request should be allowed or denied.
Additionally, GPT-4 integration is added activated Microsoft business security and support, including privacy, compliance, 99.9% uptime SLA, and regional availability.
“With our transition to Azure OpenAI, our customers benefit from the security, reliability and enterprise-grade support that Microsoft offers. While Orca already ensures privacy by anonymizing requests and masking any sensitive information before ‘sending them to GPT, Azure OpenAI offers more privacy guarantees and is fully compliant with regulations (HIPAA, SOC2, etc.),” said Shua.
GPT integration raises questions about data security
Despite his appreciation for Orca’s integrated effort, Mesta has some reservations about the risks associated with using GPT to process any kind of customer data.
“The first problem is that, as AI models go, GPT is trained using other people’s data, and that’s the information it pulls the model from. They don’t use your data to train the model , so on several occasions the model has been known to simply make up answers based on arbitrary references. If that were to happen here, false repair advice could create more harm than good,” he said.
Mesta’s second concern is the security of the data uploaded to the GPT systems which, for the most part, are claimed to be handled by the joint efforts of Orca and Microsoft. He cites a recent Samsung incident in which employees entered confidential information into ChatGPT, noting that “this human error is always a possibility when opening another system, but it’s especially a problem with the conversational appeal of GPT.”
“What if you need to describe a location for secret stores and source code in patching guidelines and someone accidentally puts sensitive information in there? The intent might not be malicious, but the action could be quite damaging,” Mesta added.
Several companies and countries are introducing some sort of restrictions on the use of GPT-based models for privacy reasons. “These decisions validate the real risk involved, whether you’re a government body or a security provider,” he said.
Copyright © 2023 IDG Communications, Inc.
Ikaroa, a full stack tech company, is pleased to announce an exciting integration between their cloud app security platform and GPT-4. The integration allows users to easily and securely run GPT-4 tasks on their own system with the full protection of the cloud app security platform.
GPT-4 is a natural language processing (NLP) model developed by OpenAI, designed to create human-like text. By integrating this advanced technology with the cloud app security platform, users can accurately use GPT-4 tasks to generate higher quality and more creative content.
The integration with the cloud app security platform provides improved protection for users. Data is secured and protected at rest with robust encryption and other advanced security technologies. Additionally, users are ensured that their GPT-4 tasks are run securely, and no data is ever stored on their device. This makes the system highly secure while allowing users to benefit from the power of GPT-4.
Ikaroa is thrilled to add the secure GPT-4 integration to their cloud app security platform. The integration allows users to easily and securely run GPT-4 tasks on their own system with the full protection of the cloud app security platform. With a secure platform, users can now create higher quality, more creative content than ever before.