Artificial Intelligence (AI) and Machine Learning (ML) have dominated the headlines in 2024, and we expect this trend to accelerate in 2025. Identifying the most effective use cases for AI/ML has been a central topic of discussion.
It is a mistake to believe that benefiting from AI/ML requires developing a massive project to transform the entire enterprise. More often than not, companies that will benefit from AI are those that implement AI/ML agents to improve specific business processes, workflows, or data processing.
DeNexus models the complex cyber risk that industrial enterprises face. Our AI experts and data scientists have used AI/ML for several years to build a robust model that quantifies and helps manage industrial cyber risk. In parallel, they are now using AI/ML algorithms to automate, simplify, and even make possible some of the many processes that surround our complex modeling platform and make it run more efficiently. The benefits and efficiencies from those side projects are significant. Here are five examples:
(1) Mapping Vulnerabilities to Cyber Attack Techniques (as defined by the MITRE ATT&CK frameworks for enterprises and ICS)
Identifying vulnerabilities that threat actors are actively exploiting and understanding how a vulnerability enables the attacker at each stage of the attack lifecycle is critical to vulnerability assessment and management.
DeNexus’ DeRISK is a unique platform that enables risk-based vulnerability management. It enriches the information about vulnerabilities identified by cybersecurity tools by incorporating the characteristics of the assets and business processes in which they reside. In addition, it provides accurate information about the exposure these vulnerabilities represent within the potential cyber attack path.
Linking common Vulnerabilities and Exposures (CVEs) to the MITRE ATT&CK frameworks is crucial for understanding how vulnerabilities align with adversarial tactics and techniques. To address this challenge, DeNexus uses a deep learning model that automates the mapping of CVEs to MITRE ATT&CK techniques, providing a scalable solution to this complex task, that, if done manually, is time-consuming and delays the understanding of how zero-day (newly discovered CVEs) might result in significant financial damage for an enterprise.
(2) Measuring a Company’s Attractiveness to Threat Actors
Not all enterprises are equal to threat actors. Some are more appealing than others, either because they possess valuable assets, process valuable data, are well-known for their weak cybersecurity posture or present any combination of these 3 factors.
When assessing an enterprise's cyber risk status, it’s essential to evaluate its attractiveness to threat actors.
DeNexus developed a novel methodology to assess the fundamental attractiveness of organizations to attackers based on the inherent attributes that define each organization. By leveraging these attributes and advanced machine learning techniques, this approach delivers a comprehensive evaluation of a company's vulnerability to cyber incidents.
(3) OT Cyber incidents knowledge base
Organizing a knowledge base that automatically collects and aggregates data from multiple data sources and structures it for easy consumption by multiple users is paramount to efficiently process the constantly evolving threat landscape that industrial enterprises face.
- First, why should we use multiple data sources? It is unfortunate that there is no official repository for all cyber attacks and incidents. Numerous parallel initiatives exist that store different incident data. There are valid reasons for this: incident data is sensitive, and different entities can access various subsets based on the part of the incident they observe or are permitted to access. Additionally, there are no incentives for companies to disclose incident information unless it’s required by regulations. Even so, we learned in 2024 that the new SEC regulation on cybersecurity has led to minimal information being shared.
- What are the potential uses of such a knowledge base? Use cases are abundant, ranging from descriptive statistics about what is happening in the world to predictions about what might happen in the near term to regular publications of general knowledge and research on the impact of cybersecurity incidents on businesses. The list of incidents is also key in computing the attractiveness index.
DeNexus ventured into creating a knowledge base that automatically aggregates data from multiple data sources and structures it for easy consumption by multiple users. This knowledge base is used to constantly calibrate and validate existing models and new developments.
The team applied Natural Language Processing (NLP) to identify and treat duplicate cases, identify entities, and organize the information collected.
(4) Intelligent Monitoring of SEC 8-K for new SEC Cybersecurity S/K regulations
The DeNexus team set the goal to monitor daily (=continuously) the 8-K filings reporting cybersecurity incidents disclosed by public companies and extract relevant information to enrich DeRISK™, its cyber risk quantification and management platform.
- The team used BERT (Bidirectional Encoder Representations from Transformers), a powerful natural language processing model, to automatically identify 8-K filings that report cybersecurity incidents. Unlike traditional keyword-based approaches, BERT can understand the full context of the text, improving the accuracy and relevance of identification.
A secondary goal is to analyze the 10-K (item 1C) to determine the type of cyber security strategy they have adopted.
(5) Automatically inferring the existence and maturity of Cyber Security Controls based on Internal Telemetry
The objective is to assess the maturity of cybersecurity controls using Intrusion Detection Systems (IDS) data. While it is unrealistic to expect that all controls from the NIST Cybersecurity Framework (CSF) or other frameworks like ISO27001 can be mapped solely through IDS, DeNexus has been able to automate up to 45% of the NIST CSF controls using internal telemetry made available by customers.
The examples above are just a few ways the DeNexus data science and AI team is pushing the boundaries of what’s possible with AI. We continue to discover intriguing opportunities to integrate AI into tasks that are currently cumbersome, time-consuming, or beyond the capabilities of humans and pre-AI computing technologies.
Some additional research areas include using AI agents to assist our users in making the most out of the data, output, and recommendations compiled by the DeRISK platform.
If you want to learn more, get in touch with our team, or understand how the above is put to use to quantify and manage cyber risks at 250+ industrial sites monitored by DeNexus, you can contact us at https://www.denexus.io/contact