Use cases to apply robotics in cybersecurity
There are several opportunities to leverage robotics to enhance your digital strategy, as well as improve security operations.
1.1 Cybersecurity domain Illustrative use case
- Governance Security program: Robotics can help security reporting quality, timeliness and throughput. For example, automated, periodic security posture testing can be fed to a robotics-driven, comprehensive reporting process, providing managers dashboards and highlighted areas of concern.
- Security controls tracking: Robotics help drive automated testing within the information security domain. For example, within the configuration, robotics could enable faster and more efficient compliance testing to policy for security settings on servers, firewalls, routers and applications. Reviews could be conducted on a periodic basis and inputted into automated reporting for dashboarding, etc.
1.2 Software and product security
- Application inventory tracking: Robotics can be leveraged to automate the discovery and inventory applications in the enterprise. Once discovered, cognitive learning can be used to automate the risk classification of the application based on data and controls discovered. Bots can be deployed to discover and update the inventory on an ongoing basis.
- Secure development gates: Cognitive learning can be used to perform gate checks for security activities in the software development life cycle (SDLC). Bots can collect data from project management tools or through automated systems to identify when a codebase is moving to the next phase of the SDLC. Rules can be set and fed into automated reporting for dashboarding,
- Security validation and remediation: Robotics can be used to collect automated information related to the URLs and code that need to be tested to enable efficient analysis of the applications for vulnerabilities available within the industry. Bots can enable efficient scaling of multiple applications at the same time and complete patching of the vulnerabilities discovered. Results of the tests can be integrated with development platforms for remediation through cognitive learning bots as well.
1.3 Digital identity and access
- Access fulfilment: Robotics can help reduce dependency on large help desk and operations teams by automating the majority of provisioning/de-provisioning tasks.
- Access certification: BOTs can be trained to achieve up to 45% operational and cost efficiency gains by automating the manual precertification data validation checks, certification configuration management, manual campaign checks during access certifications/reviews, post-certification reconciliation and reporting.
- Manual access appropriateness check and automated alert notifications: Robotics can help improve the efficiency and quality of access data validation, allowing managers to focus on higher-risk access concerns during the review process. Bots can be upskilled to compose and raise confirmation notifications to users if any anomalies are detected while performing data validations.
1.4 Data identification and protection
- Data discovery, classification and remediation: Robotics can be leveraged to automate the discovery and inventory of sensitive data. Once discovered, cognitive learning can be used to automate the classification of sensitive data. Additionally, bots can be deployed to discover, validate and remove sensitive data stored in unauthorized locations.
- Data loss detection and remediation: Cognitive learning can be implemented to improve the accuracy of internal threat and data loss monitoring. Once issues are discovered through data loss detection, data security controls can be automatically deployed to remediate offending systems and prevent further issues.
1.5 Security operations
- Threat detection and response: Robotics is also used to gather threat intelligence and technical data to enable quick and efficient analysis of malware and threat alerts. Gathered data after robotics logic can help automate the process to make decisions on when and how to respond. Furthermore, automated actions can be taken to coordinate the remediation of incidents identified.
- Threat exposure and vulnerability management: Robotics can improve the efficiency and quality of the risk management program, understanding enterprise vulnerabilities and prioritizing remediation activities, which can be leveraged to automatically notify system and application administrators of the remediation activities and conduct validation for compliance.
DefinitionsBOT: A bot (short for robot) also known as web robots is a program that operates automated tasks over the Internet as an agent for a user or another program or simulates a human activity.