Miggo Security Leverages AI to Apply Virtual Patches in Near Real Time
Miggo Security today launched a cybersecurity platform that employs artificial intelligence (AI) to not only track and assess cybersecurity threats but also apply tailored mitigations.
Miggo Security Leverages AI to Apply Virtual Patches in Near Real Time
Miggo Security today launched a cybersecurity platform that employs artificial intelligence (AI) to not only track and assess cybersecurity threats but also apply tailored mitigations.Company CEO Daniel Shechter said Miggo Pulse makes it possible for cybersecurity teams to apply virtual patches at machine speed to reduce the chances adversaries will be able to exploit vulnerabilities before an actual patch can be developed, tested and deployed.The Miggo Plus platform, at its core, is based on a Predictive Vulnerability Database (PVD), a curated repository that continuously tracks new Common Vulnerabilities and Exposures (CVEs), exploit releases, known exploited vulnerabilities (KEV) updates, and active exploitation signals across the application ecosystem.Every vulnerability is enriched to provide root cause analysis, vulnerable function mapping, exploit intelligence, predicted attack mutations, and identification of emerging threats. In effect, disclosed and undisclosed vulnerabilities can be broken down into their underlying exploit primitives, attack chains, and conditions in a way that makes it possible to track evolving exploitation techniques as they mutate.DeepTracing sensors that Miggo has developed then automatically validate every vulnerability against your actual production environment. That approach validates that a vulnerable component is running, the code path is reachable from the internet, and which specific services are affected by cluster, namespace, and deployment.If an issue is detected, the Miggo Pulse platform will then leverage the threat intelligence it has collected to generate, test, and deploy targeted protections, combining customized web application firewall (WAF) rules at the perimeter with runtime blocking enabled by the application detection and response (ADR) capability enabled by an extended Berkeley Packet Filter (eBPF) sensor embedded in the platform. That integrated approach makes it possible to use a Miggo WAF Copilot to generate a production-ready WAF rule tailored to the specific vulnerability and environment that can be deployed with a single click.In the absence of that integrated platform, a cybersecurity team will need to stitch together vulnerability feeds, manual triage processes, environment correlation, and mitigation tools on their own, said Shechter.While the Miggo Pulse platform enables cybersecurity teams to apply a virtual patch in near real time, cybersecurity teams should still make sure that a patch is developed to remediate the issue altogether, he added.However, the Miggo Pulse does reduce the dependency that cybersecurity teams have on application developers who may not have the time needed to quickly develop and deploy a patch, he added. That issue can be especially problematic if the issue manifests itself in third-party open source code, where the maintainers of the project might not even have the expertise needed to remediate an issue, said Shechter.More challenging still, cybercriminals are clearly starting to make greater use of AI to discover and exploit both known and unknown vulnerabilities faster than ever, he added.Each cybersecurity team will need to determine for itself to what degree it needs to invest in threat intelligence, but as the National Institute of Standards and Technology (NIST) cut back on enriching CVE with additional data, there is a clear need for cybersecurity teams to determine the risk a vulnerability actually represents to their organizations. Otherwise, they will simply be overwhelmed, especially in the age of AI, by a never-ending series of alerts that, for the most part, are likely to become yet one more false positive alert that wastes precious time and limited resources.
About Author
