The use of AI, Machine Learning, and SOAR within Risk Frameworks
Next-generation (NG) capabilities enable organizations to not only automate and control their everyday processes, but also improve their risk assessments at a much faster speed than humans. Part one of this two-part series will explore different NG technologies (AI, Machine Learning, SOAR) and how they can offer both operational efficiencies and enhanced governance when “fit for purpose” with a suitable design, implementation, control, and maintenance for their organizational needs. This offers the business a more secure, efficient, and predictable digital eco-system which can be a competitive advantage on both an operational, financial, and commercial sales level.
The Technologies
Artificial Intelligence (AI)
Artificial intelligence (AI) is an extensive branch of computer science concerned with building smart machines capable of performing tasks that typically require human intelligence.
AI is meant to replicate a human model by acting and thinking rationally with machines. Like Machine learning, AI models work best when analyzing large amounts of data. With that data, businesses can generate real-time predictions to allow security teams to address the risks quickly. It ensures that the organization can run without interruption and protect stakeholders. Some challenges that come along with the use of AI include data protection, costs, and frequent technological advances.
The first step to implement AI into a risk management system is to uncover the regulatory and reputational risks. The organization should then use the risks to determine the data they need to collect and how they want to process the information. The next step is to determine the data sets to provide to the AI model and source the data. Then, build a model to identify the relationship between the data and the AI. Lastly, the organization must continuously monitor outputs and adjust data configurations as needed.
Machine Learning
Machine learning is a set of methods and techniques that let computers identify patterns and generate predictions based on previously provided data.
This technology is extremely fast, scalable, cheap, and accurate. It is equivalent to having several teams of analysts running hundreds of thousands of queries and comparing the outcomes to find the best result, and it is all done in the blink of an eye. Machine learning can constantly analyze customer activity, so when it
spots anything out of the ordinary it may be flagged for further review. With larger datasets, the machine can determine the behaviors faster and can predict future risks.
Machine learning operates on servers on a 24/7/365 timetable with little to no human interaction, and after tuning are better than humans at uncovering patterns. For example, a neural network can look at suspicious signals, such as how many passwords are being entered to access an account in a period, emails with longer characters, or even ordering goods to locations not anywhere near the previous orders. Using algorithms in this manner mimics the operation of a human brain to recognize relationships between vast amounts of data.
Machine learning can reduce the burden on analysts. It can help teams with investigations, provide insight into how to prevent future attacks, and report the attacks. Machine learning can reduce the time spent on manual reviews and data analysis, allowing the analysts to focus on cases deemed as a priority. It can also allow the analysts to work more efficiently and can allow more time for the analysts to improve the machine itself. Additionally, machines never seem to complain about working overtime. If the machine is having trouble with a case, a human can provide intensive insight. The most important thing for a machine is for it to be labeled and have historical data. Without this, machine learning would not be possible.
SOAR
Security Orchestration, Automation, and Response (SOAR) allows organizations to not only quickly respond to cybersecurity attacks, but also observe, understand, and prevent future incidents, thus improving their overall security posture. SOAR can utilize machine learning alongside human learning to understand and comprehend data to prioritize incident response actions.
Benefits of SOAR include the production of high-fidelity alerts that have relevance to the organization while eliminating human intervention and standardizing investigative reporting capabilities. This results in a more secure environment at a lower overall cost to the business.
Based on the NIST framework, organizations should be able to detect anomalies and events, maintain continuous monitoring, and have a detection process.
Conclusion
Next-generation capabilities from the use of AI and Machine Learning can offer many possibilities in support of modern risk frameworks. This could allow organizations to benefit exponentially from recent heavy investments in NG technologies and to gain a competitive advantage in the marketplace through the development of a more secure digital ecosystem. These technologies allow a business to identify and define “normal” as it relates to their digital security and react to detected anomalies as needed in a more efficient manner. Stay tuned for part two of this series, where we will identify and define the various risk frameworks (NIST, FAIR, FFIEC) and how security teams can leverage the power of NG technology to better align their security posture with the frameworks most relevant for their enterprise.
Thank you to Kevin McGovern for his oversight and to our interns Madilyn Kent, Yash Parekh, and Jake Sullivan whose enthusiasm and energy contributed to the authorship of this two-part series.