2024 November End User Challenge Statement

CS01: Analysis of Privileged Access Management Session

Challenge

Construct an Artificial Intelligence (AI) module designed to seamlessly amalgamate with current Privileged Access Management (PAM) systems, enabling the scrutiny of PAM session recordings to pinpoint irregularities in user behaviour.

Background

PAM serves as an identity security mechanism that identifies and obstructs unauthorised entry to vital assets while monitoring the activities of privileged users during their access to these critical resources. It maintains a record of the sessions via logs and screen video captures.

Presently, the analysis of screen recordings is conducted manually, a process that is both tedious and time-consuming. The log recordings are not exhaustive and are challenging to interpret due to their lack of natural language, while video recordings can be extensive and cumbersome to review, often leading to human oversight. Consequently, there is a pressing requirement for a cost-effective, standalone AI component that can be effortlessly incorporated into existing PAM frameworks.

Requirements

The solution should encompass, but not be limited to, the following features:

1. Extract and process data from PAM solutions, handling both word-formatted logs and screen recording videos.
2. Perform automated real-time behavioural analysis, comparing user actions against benchmarks or blacklisted processes.
3. Control and restrict user access to designated assets.
4. Conduct scheduled behavioural analyses after PAM sessions to ensure compliance with benchmarks.
5. Identify and flag unacceptable behaviours during both real-time and post-session analyses.
6. Recognise acceptable behaviours that may deviate from benchmarks but are not considered security risks.
7. Allow for benchmark settings to be input in various formats, including release notes and natural language instructions.
8. Utilise User and Entity Behaviour Analytics (UEBA) training with ‘golden images’ and typical user behaviour patterns as references.
9. Operate efficiently without excessive bandwidth, time, or processing power consumption.
10. Classify the confidence level of detected anomalies into categories such as HIGH, MEDIUM, and LOW.
11. Provide real-time and post-session alerts for detected anomalies.
12. Enable querying of recording contents using natural language.
13. Generate analysis reports in a user-friendly format.

Additional Information

1. Integrate smoothly with existing PAM systems without complex setup procedures or loss of existing PAM features.
2. Function in offline environments, particularly in Operational Technology (OT) settings.
3. Be compatible with both Information Technology (IT) and OT environments, accommodating one-way data transfer from OT to IT using Data Diodes.
4. The solution may be a non-video analytic tool, provided it meets the requirement

2024 November End User Challenge Statement

CS03: Incorporating Generative AI into Cybersecurity Incident Management in OT/IoT.

Challenge

Develop a cyber security incident response utility employing GenAI to synthesise the incident details, carry out an impact assessment, offer remediation strategies, and compile a report summary.

Background

Cybercriminals around the world now have access to new AI tools as these become more commercially available. These tools significantly enhance their ability to conduct sophisticated cyber-attacks. The inherent limitations in OT/IoT environments, such as the inability to install agents and security tools, further increase cybersecurity risks.

To adapt to these changing times and upgrade our capabilities, our organisation must also embrace AI to bolster our rapid response to cyber-attacks while meeting global regulatory reporting requirements. The solution we seek should not only reduce response times but also improve the accuracy of incident handling in OT/IoT environments.

Our organisation requires a swift response to any cybersecurity incidents to enhance our capabilities in responding to cyber-attacks and to comply with reporting requirements from regulators worldwide, thereby protecting our Operational Technology (OT)/Internet of Things (IoT) environments globally.

Requirements

The solution should encompass, but not be limited to, the following features:

1. The ability to collect information on and conduct analysis of a cybersecurity incident.
2. The ability to conduct impact analysis of the cybersecurity incident.
3. Utilising AI to summarise the cybersecurity incident and generate user-friendly reports for management and local authorities.
4. Ensuring that incident summarisation is conducted swiftly, within the response times mandated by local authorities.
5. The ability to identify the point of entry and the path of the cybersecurity incident to pinpoint vulnerabilities within our organisation.
6. The ability to provide recommended remediation and guided responses.

Additional Information

The solution could be an end-to-end system or an integration with existing Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), or extended Detection and Response (xDR) platforms.