putilov_denis - stock.adobe.com
There are many potential benefits of machine learning and AI for risk management and security-oriented use cases. Many AI risk management offerings rely on the mass computing scale achievable in the cloud, where large quantities of unstructured data can be analyzed and processed rapidly.
Risk management analytics that use cloud-based AI can help organizations evaluate the following:
- uncertain conditions or situations;
- the likelihood of a condition or situation occurring based on context; and
- the effects the occurrence may have, i.e., the possible outcomes.
Risk management tools that use AI can often be integrated into security automation workflows. Additionally, they can also help security leaders make decisions during incidents, business continuity planning, fraud investigations and more.
Applications of AI in risk management
There are many use cases where AI can benefit risk management and mitigation processes and practices. The five most common use cases today include the following:
Threat intelligence analysis
Threat intelligence data provides perspective on things such as attacker sources, indicators of compromise, behavioral trends related to cloud account use and attacks against various types of cloud services. Threat intelligence feeds can be aggregated, analyzed at scale using machine learning engines in the cloud and processed for likelihood and predictability models. With the escalation of account hijacking and ransomware infections, more rapid analysis of data and predictive intelligence could prove invaluable to security teams.
Security event management
Log data and other events are being produced in enormous quantities. Security teams need to quickly recognize specific indicators, see patterns of events as they occur and spot events happening in cloud environments. Machine learning and AI can augment massive event data processing technology to build more intelligence detection and alerting tactics. Microsoft's Azure Sentinel service is an example of a cloud-based, machine learning and AI-focused SIEM.
For financial firms and insurers, fraud detection requires an enormous number of inputs and data types and many intensive types of processing. Cloud AI and machine learning engines could help with text mining, database searches, social network analysis and anomaly detection that are coupled with predictive models at scale. This could be extended to things such as fraudulent use of cloud services, for example, an Office 365-based phishing attack from a hijacked account.
Employee workforce risk reduction
AI and machine learning models can process and analyze data related to workforce activities in high-risk environments where accidents can prove dangerous or even fatal. AI algorithms can evaluate behavioral patterns noted before accidents occur and also perform predictive scenarios to better improve safety procedures and prevent incidents.
Data classification and monitoring
Based on known content types and patterns, AI-based cloud analysis engines can process all data uploaded and created in a cloud environment to classify and tag based on predefined policies, and then monitor for access. Amazon Macie is an example of a service that uses AI for this purpose.
Challenges of AI in risk management
Even with these benefits, there are two potentially major drawbacks to using AI in risk management processes and practices.
The first is cost. Processing large quantities of data, even using cloud-native services, can be expensive. Specialized AI services can also cost a lot to enable.
The second is privacy. Many in the security community are concerned about data privacy with AI and machine learning. Data organizations that upload into cloud services may require data protection controls such as encryption, transport security, tokenization and obfuscation.
While most data storage services in major cloud providers offer data controls, this changes significantly with specialized AI and machine learning services such as Amazon SageMaker; Amazon Rekognition, which uses AI to extract and analyze images and video; Azure Machine Learning and Azure Cognitive Services; and Google Cloud AI. Not all services can use existing encryption key management and usage models and controls that organizations have deployed, so the data may be at risk of exposure. Aside from services in use, the geographic location of sensitive data used in machine learning and AI operations is a major regulatory and compliance focus.
Future of AI in risk management
As the use of cloud-based AI and machine learning services becomes more commonplace, risk management teams will continue to benefit from the rapid analytics processing of large data sets, removing many limitations of more manual risk management and risk analysis processes of the past.