DeRISK: AI & ML for Cyber Risk Quantification

Artificial Intelligence (AI) is part of our daily activities. “We carry AI in our pockets”. But what is AI? AI is not a new concept, as it has been around since the mid-20th century when the term was coined by John McCarthy in 1956.

However, defining AI is not easy. AI has become a buzzword that needs to be properly defined. In its broader definition, AI is sometimes equated with any computational algorithm that does some kind of data mining and sometimes its equated with the latest technology. None of them are accurate, as the essence of AI is the ability of machines or software to perform tasks that normally require human intelligence, such as reasoning, learning, understanding, and problem-solving.

What is not in question is that AI has become more accessible and applicable to various domains and industries, such as healthcare, education, entertainment, and finance. Cyber Risk Quantification and Management, is no exception to that rule.

Cyber risks are constantly evolving

Cyber Risk Quantification and Management -CRQM-, including Risk Transfer practices, can benefit from using AI and data-driven tools to better understand, manage, mitigate and eventually transfer cyber risks. One challenge to overcome: there are multiple gaps in publicly available data. To fill these gaps, in DeNexus we have applied our ICS/OT cybersecurity and data science expertise in our CRQM platform DeRISK.

Cyber risk differs significantly from other types of risks, such as those associated with life or natural catastrophes. This difference arises from the limited availability of data and the inability to apply traditional actuarial methods to estimate potential financial consequences. In the absence of substantial empirical data, inherent uncertainty becomes a key challenge in quantifying cyber risk.

Uncertainty can occur in a variety of forms, such as uncertain data, uncertain outcomes, or uncertainty in the decision-making process. Handling uncertainty is a complex but important aspect of developing robust and reliable systems. There are some approaches and techniques to handle uncertainty using AI. Probabilistic models are one of them.

DeRISK is an AI-data-driven SaaS Platform that uses probabilistic models to account for uncertainty.

DeRISK Main Modules

Probabilistic models utilize models like Bayesian networks, Markov models, or probabilistic graphical models to represent uncertainty explicitly. These models assign probabilities to different outcomes, helping the AI system make informed decisions based on uncertain data.

• Absorbing Markov Chain Models. DeRISK  uses them to estimate the probability of a cyber incident progressing in an attack path using a combination of given MITRE ATT&CK tactics and techniques.

• Branched Random walks. DeRISK uses them to simulate the probability of success, or probability of a site being impacted given its network topology. Topology that is automatically informed by DeNexus’ proprietary evidence-based Inside-Out data approach.

• Graph analytics. DeRISK uses it to simulate how a successful attack can cause financial impact: Primary and Secondary Loss.

• Count processes with Bayesian Inference. DeRISK uses it to estimate a range for the Number of Attempts. How many attacks a given customer or industrial facility may experience.

• Stochastic optimization with simulated annealing. The DeRISK platform runs 40 million simulations each time to solve a constrained global optimization problem over the mitigations of a given cybersecurity framework.

• Vine copulas for Risk Aggregation to model the joint distribution that represents the joint exposure dependencies.

DeNexus is also working on several R&D AI/ML projects that we will be explained further in future blog posts, including:

• Mapping Vulnerabilities to MITRE ATT&CK Tactics and Techniques
• Compiling Metadata on Cyber Incidents. Cognitive Services from Metadata using Natural Language Processing -NLP- and Machine Learning -ML- algorithms to enrich the DeNexus Knowledge Center (read more on DeNexus Risk Center and our approach to security) 
• Building ICS/OT Networks Risk Profiles, leveraging the Inside-Out data in the DeNexus Knowledge Center.
• Automatically inferring the existence and maturity of Cyber Security Controls based on the Inside-Out data.
  

Stay tuned, DeNexus will keep unfolding how DeRISK leverages the power of AI and ML to produce best-in-class, evidence-based Cyber Risk Quantification and Management in future blog posts

Click Here to learn more about DeNexus Inc.'s comprehensive Cyber Risk Quantification and Management platform.

Click Here to read more about the DeNexus Knowledge Center and the DeNexus Trusted EcoSystem.