Kick-off Pet-HMR: AI-supported detection of new vulnerabilities
A new project led by X41 D-Sec GmbH and funded by the German Federal Ministry of Education and Research (BMBF) aims to improve cybersecurity for companies developing and deploying new applications and working in cloud environments. The research project PET-HMR aims to improve the state of automatization in vulnerability research to enable continuous security testing and to identify known and hidden vulnerabilities inproduction systems at scale, typically those that are not easily detected by conventional methods. In this way, improved security testing will become available and cost efficient for smaller businesses and big enterprises alike.
Testing for potential security vulnerabilities in modern applications is an important part of the software development lifecycle. Such security testing, however, can slow down the adoption of updates and can be very costly for organizations that have a lot of applications. On the other hand, neglecting security testing incurs serious risks that could result in the unavailability or interruption of business processes due to hackers exploiting an unnoticed vulnerability or launching a potential cyberattack. A recent high-profile example of this is the REvil ransomware attack that affected hundreds of organizations, where the initial vector was a deficiency in the legitimate application Kaseya VSA. These types of attacks are called supply-chain attacks and they use unknown vulnerabilities and misconfigurations to scale their attacks. The SolarWinds attack at the end of 2020 demonstrated how advanced threats actors can misuse software supply-chains to gain a significant foothold into the internal networks of even the biggest IT organizations in the world. Despite all these ever-changing and newly emerging challenges, there is also a persistent shortage of security researchers, even as development and deployment in cloud environments are still accelerating.
X41 D-Sec GmbH, the project coordinator, has in-depth expertise in testing various applications and complex system and will collaborate with eminent academic and industrial partners in the PET-HMR project, including:
- University of Lübeck, Institute of IT security (ITS) and Institute of Information Systems (IFIS)
- Lufthansa Industry Solutions
- NetUSE AG
The PET-HMR project, which is due to start in June 2021 will research the potential of a novel honeypot system designed to provide data and add attack patterns to an automatic penetration testing solution. The automated penetration testing solution will use Machine Learning and other AI methods to efficiently find new attack vectors based on the collected data. In this first stage of the project, the focus is on microservices, and in particular, on applications deployed in the cloud.
About X41 D-SEC GmbH
X41 D-SEC GmbH offers premium services in the field of network and application security. These services are provided by a team of specialized IT security experts, operating and skilled to the highest level. X41 employees regularly publish research results and conference papers that attract international attention. Therefore, it is not surprising that X41 count some of the largest companies in the world as its customers, including many outside Europe.
X41 focuses on the execution of penetration tests and code audits, especially of networks, web, and mobile applications, as well as all kinds of new products, protocols, and concepts.