AI for risk management and automation innovations

The next session at Zscaler '24 was on AI for risk management and automation innovations.

Raj Krishna, SVP, Product New Initiatives, Zscaler, spoke regarding Uber. Zscaler has assessed how much data needs to be stored. managed, and kept relevant. How do you keep algorithms and calculations relevant? What are the audit, compliance, and operational requirements? How do we integrate all this data with other risks across businesses? We need to build risk visualizations. Who owns the platform, tools, and operators?

A live demo of Risk360  was shown. Eg., a risk score is 36, which is medium. There are contributing factors to organizational risk scores. Eg., known vulnerabilities, etc. There may be exposed servers. We are trying to leverage power of data fabric. Another example is presence of botnets. We will be launching a new Zscaler product soon.

We can also have a deception strategy. Attackers can leave risk signals from attacks. We can check where the attacker is coming from. We can also create identity risk scores. We can check accounts with more permission. Banks are using this to discover threats in their environments. We built the Monte Carlo modeling. We can reduce financial exposure by at least 50%. 

Hardik Mehta, Head of Cyber Risk Management, Zscaler, said that eg, in MITRE, adversaries may use internal attacks. With risk score of 36, we have estimated financial exposure of $11.5 million. With Zscaler, we can reduce this to $4.5 million approximately.

We can create alerts for risks. Risk360 gives  good top down view of organizational risk. We will soon go live with asset-level risk score. We can look at the full inventory of assets. We also have lookup for sensitive files that may be leaking. CISOs have told us they are using these slides for risk management. We can write natural language report for risk assessment using GenAI. It is a cyber quantification model.  It was suggested to get cyber hygiene ready before diving in.

Risk360 was launched 12 months ago, and has over 350 customers. Avalor is going to supercharge our efforts. 

Raanan Raz, VP & GM, Data Analytics, Avalor said vulnerability management is an important practice. We need to know about assets. We need to know about critical vulnerabilities that present greatest risk. 

We need to focus on using data, and not compiling it. We look at risks. User clicks on phishing links is key here. Risk360 and UVM work better together. M&T Bank is a partner. 

Erik Bataller, SVP, Director, Cyber Security, M&T Bank, said we look at totality of the risk. All infrastructure is used for insights into environments. UVM brings value into our programs. We can understand our entire ecosystem very well. We have fully integrated workflow. We also have integrated reports and dashboards. My team was able to see everything in context quickly. We had risk-based conversations with business leaders. Avalor helped us advance our programs.

Later, Avalor took everyone through a demo regarding vulnerability protection.