Skip to content

Home

Security Audit Automation by AI
This technology uses AI to detect risks early and enable the development of secure systems.

Common Challenges in Security Audits

Common Challenges in Security Audits
I don't have time! When will this be finished?!
What if I've overlooked something...?
There is a severe shortage of experts...

With Fujitsu's Security Audit Automation,

With Fujitsu's Security Audit Automation
Utilizing Large Language Models (LLMs), this technology automatically analyzes audit-required documents to detect potential risks early.

The benefits of Security Audit Automation

  1. Higher precision of audit findings
    		2.  Leveraging large language models allows for the detection of risks that were previously undetectable by conventional vulnerability testing and ledger management tools.
  2. Leveraging organization-specific knowledge
    		3.  By learning from internal rules, past incidents, and other data, the AI proposes optimal security measures for the organization.

Demo
App Click here to try the demo

Technical Overview

Target Industry/Users

IT department personnel at companies, system developers at SI companies, software developers, and system auditors.

Challenges in Target Industry and Operations

The recent surge in cyberattacks has made thorough security measures for information systems an urgent necessity. However, designing systems in compliance with security guidelines and regulations increases the burden on developers, and the resulting workload on audit departments responsible for verifying the adequacy of these measures is also becoming a significant problem.

Technical Challenges

  • Lack of security checks during the design phase
    Currently, existing technologies for checking the adequacy of security measures include vulnerability testing tools and ledger management tools. However, until now, there has been no technology to check the sufficiency of security measures based on design documents before implementation.
  • A lack of security support leveraging organization-specific knowledge
    While development of security support technologies using large language models is progressing, there has been no technology to analyze the validity of security measures based on organizational and human-dependent knowledge, such as internal security policies and audit department expertise.

The benefits of Security Audit Automation(Detailed version)

Automated security audit technology automatically analyzes system information documented in design specifications and other materials to identify potential issues related to internal regulations and security risks. It also automatically generates remediation suggestions for identified problems.

This enables the prevention of overlooked security risks during internal audits and reduces the workload associated with audit tasks.

Fujitsu's Technological Advantage

  • Application of large language models to improve the accuracy of audit results
  • Knowledge base technology for conducting security audits tailored to the customer's security policies

Use Cases

  • Internal Audit
    During internal audits, automation of some verification processes reduces the time auditors spend reviewing documents.
  • Design-phase risk management
    This identifies design-stage risks from system development project specifications and proactively implements security countermeasures.
  • Continuous risk mitigation during operation
    During operation, risks are identified based on operational and usage procedures, and utilized for continuous risk improvement activities.

Case Studies

  • Example 1: Network security inspection of systems
    We conducted a proof-of-concept test of this technology targeting network security inspections of systems provided to our customers. The goal was to evaluate its effectiveness in improving inspection efficiency and enhancing security risk mitigation by efficiently extracting necessary information for network security inspections from design documents and other materials.
  • Example 2: Security Risk Assessment for Confidential Information Management
    We will conduct a proof-of-concept (POC) of this technology on internal system development projects to evaluate its effectiveness in streamlining the process of verifying that the handling of confidential information within systems complies with internal regulations and security policies, and to assess its comprehensiveness in identifying security risks.

Technical Trial

Operational Risk Assessment Demo: We are actively developing and conducting proof-of-concept tests for internal system development projects. This demo focuses on operational risk assessment during the operation/maintenance phase, using a sample document and a demo application.

In the Operational Risk Assessment Demo, you will download a sample cloud system usage application manual and upload it to the demo screen. The system will then automatically analyze the operational processes, threats to the system, risks, and countermeasures. While the demo uses a sample document, you can also analyze your own documents; however, please review the terms of use before proceeding.

This demo uses a relatively simple example. More complex model building will be necessary for practical application. Those interested in modeling their own work processes are encouraged to contact us.

Demo
App Click here to try the demo