How Machine Learning Helps to Improve Security Part 2
In Part 1 of this series, we reviewed the continued disconnect between corporate IT security spending and the cause of most security incidents. Most breaches are known to be caused by the misuse or takeover of user access authorizations. In this concluding chapter, we suggest some machine-learning based approaches to user access that will help improve organizational security. In addition, we highlight SAP’s delivery of related machine-learning components that address improved information security.
Five Ways Machine Learning Can Improve Enterprise Security
1) Repudiate compromised credential attacks with risk-based models that validate user identity based on behavioral pattern analysis.
- Machine learning uses constraint-based and pattern matching algorithms. These techniques are ideal for analyzing behavioral patterns of people signing in to systems that contain sensitive information. Compromised credentials are the most common and destructive type of information security breach. Applying machine learning to this challenge using a risk-based model that “learns” user behaviors over time is superior to many other intrusion detection methods being used today.
2) Maintain “zero tolerance” security settings using risk scoring models that include evaluations of changing information management requirements.
- Machine learning enables security frameworks to scale, providing threat assessments and graphic analysis that across locations. Scoring models are valuable in planning and executing growth strategies quickly across multiple geographic regions.
- Some CEOs view multi-factor authentication as a foundation of security frameworks that can help them grow faster. Machine learning enables IT resources to accelerate the development of these frameworks and to scale them globally. Removing security-based barriers to business growth potential is a high priority for several forward-thinking CEOs. A scalable security framework can contribute to total revenue growth alongside major distribution and selling channels.
3) Streamline security access for new employees with 360-degree role-based risk models that can be customized by IT for specific needs.
- Some CEOs are worried about how poor user experiences can impact productivity. Multi-factor authentication workflows that have slowed user performance can be improved with contextual insights based on more precise person-based risk models. As machine learning models “learn” the behaviors of employees related to access, user authentication accuracy improves. By learning a range of approved patterns over time, machine learning can accelerate authorized employee access to secure services and systems.
4) Apply predictive analytics to the sources of data security threats, threat profiles, and remediation priorities.
- CIOs, CSOs and security teams increasingly need enterprise-wide visibility to all potential threats, prioritized by potential frequency and impact severity. Machine learning algorithms can provide this capability with threat assessments and priority threat identification at a level of sophistication that allows both incident prevention and predictive response capabilities.
5) Stop malware-based breaches by learning how hackers modify code bases to bypass authentication.
- One of the most popular techniques used by hackers to penetrate enterprise networks is to use impersonation-based logins and passwords that deliver malware onto corporate servers. Malware breaches are notoriously challenging to track and remediate. One effective approach involves implementing an enterprise security framework with specific scenarios that trap, stop and eliminate malware.
SAP’s Offerings for Security Are Powered by Machine Learning
Fortunately for SAP customers, machine learning has been embedded in SAP S/4HANA to monitor breach activity from social media and the “dark” (non-indexed) web. These SAP capabilities are known as Social Media Analysis for Security on HANA and SAP Web Asset Monitoring (SMASH and SWAM). Live alert monitoring techniques used by SMASH protect our customers’ data from attacks staged from social media platforms. When confidential SAP HANA source information (in a variety of languages) is shared and sold on the dark web, such incidents are triggered via password intrusion detection, and SWAM sends alert information to our customers’ security analysts.
We’ve also embedded machine learning in SAP Business Integrity Screening as one of the ways to take advantage of “learned screens” capabilities from predictive analytics pointed at fraud detection and suspicious payment blocking. SAP Business Integrity Screening performs live calculations using complex multi-factor queries, applying predictive analytic algorithms in SAP S/4HANA. Intelligent risk sensing capabilities that employ machine learning in SAP Business Integrity Screening can be attuned to parse user profiles and individual characteristics as well as to reveal their data use patterns.
The predictive model in SAP Business Integrity Screening can be trained multiple times, as and when there are more confirmed use cases from transaction records. As the number of alert decisions and actions increases, the predictive range and accuracy of the model also increases. The closer the predictive power comes to the confidence levels of the model, the stronger the algorithm is at predicting cases of fraud.
Join Us at Upcoming Events
The SAP GRC team will be exhibiting at several events related to cybersecurity this year. We hope you’ll join us there.
- ISACA GRC Conference – August 13-15 Nashville, Tennessee, USA
- SAPinsider Cybersecurity for SAP Customers – June 27-29 Prague