The Impact of AI on Cybersecurity Part 3: The DefenseStorm Approach to Cybersecurity and AI

Tuesday, October 17th, 2023


Cyber security risk management solutions from DefenseStorm.

In our final entry into our series, The Impact of AI on Cybersecurity, we will explore how DefenseStorm utilizes AI in our own built-for-banking technology.

In Part 2 of The Impact of AI on Cybersecurity, we explored the need to balance technological integration and security so financial institutions (FIs) can fully leverage the power of AI without sacrificing security. In our final entry into this series, we will explore how DefenseStorm utilizes AI in our own built-for-banking technology.

DefenseStorm employs a defined approach and strategy when it comes to investment in AI/ML, which follows important principles.

  • Is ML the right tool to help us solve the specific problems? How does it benefit our customers?
  • Does it automate tasks that users have to perform manually?
  • Can we improve the accuracy of our detection technology?
  • Does it allow users and our managed service to spend more time engaging in threat hunting and other activities where users can do a better job than machines?

At DefenseStorm we start with defining the problem and what is required of a solution, and then determine whether an ML model is the right tool to solve the problem. If it is, the next step is to identify and gather the data to build the model, perform exploratory data analysis (EDA), train a prototype model, and then solicit feedback from stakeholders and subject matter experts on the outputs of the prototype model. The team then iteratively refines the prototype based on this feedback. The specifics of validation of model efficacy differ from model to model, but since the process was started by defining the problem and the requirements for the solution, it is straightforward to know what is needed to validate the efficacy of any particular ML model.

It’s important to note that DefenseStorm takes a measured approach to AI/ML with our focus aimed at how AI/ML can improve our productivity – and the those of our customers – along with added security protection – and enhance our product by carefully selecting the problems the technology can solve.

DefenseStorm Approach to AI in products

As a leading provider of cyber risk management solutions for financial institutions, DefenseStorm has been successfully investing and implementing AI/ML in our technology while consistently aligning with our core values and goals.

GRID Active is our cloud-based intelligent data engine and platform that integrates cyber risk software, technology, and capabilities enabled and enhanced through AI.

Benefits of AI:

  • “See” threat patterns that are hard for humans to detect through traditional methods. review.
  • Ability to efficiently scrutinize larger volume of data.
  • Reduces false positives.
  • Improves anomaly detection/behavior analytics.

AI functionality is developed for use across the GRID Active platform and implemented into multiple technology solutions.

Pattern Scout: GRID Active Platform and Threat Surveillance

  • Detects anomalies in inbound, outbound, and lateral network traffic while accounting for traffic changes related to weekly seasonality and holidays by using sophisticated ML techniques (Box-Cox transforms and SARIMAX model). The detected anomalies may be evidence of suspicious or malicious behavior in the network that would not be detected through a rules-based system.

Incident Similarity: GRID Active Platform and Threat Surveillance

  • AI model compares two incidents’ IP addresses, text, devices or application names, countries of origin, API keys, hostnames, and associated events to enhance incident management. By elevating the view and providing a comprehensive view of a financial institution’s (FI) incident monitoring requirements, FIS gain additional insight into security concerns across their organization.

User Behavior Analytics: GRID Active Platform and Fraud Detection

  • AI learning model for the tracking, collecting and assessing of individual user data and activities to find fraud that might be detectable by changes to a user’s behavior. FIs can monitor suspicious non-monetary activities for individuals to complement rules-based approaches and detect fraudulent activities proactively.

As we look ahead to the future, DefenseStorm remains committed to the continuous improvement and evolution of our platform and our focus in cyber risk readiness. We are always exploring new ways to enhance our services and provide our clients with the best possible solutions to meet their cyber risk management needs. Stay tuned for more exciting developments from DefenseStorm as we work to revolutionize the world of cybersecurity.

The Impact of AI on Cybersecurity Part 1: The Role it Plays

The Impact of AI on Cybersecurity Part 2: The Role of AI in Financial Services

Edward Nazario

Edgardo Nazario

Chief Product Officer & Co-Founder

Edgardo is a 25-year technology industry veteran, executive and product innovator. He previously co-founded Delve Networks, a cloud-based online video platform that was purchased by Limelight Networks. While at Limelight, he served as General Manager of the company’s Video Platform business unit, and later as Senior Vice President of Product. Edgardo was also Group Program Manager for Isilon System, a company later purchased by EMC. In the past Edgardo has held Product Manager positions at Aventail Corporation, a pioneer in the SSL VPN market, and RealNetworks, an early Internet media company. He holds a degree in Biology from Yale University.