RPA, a robotic contributor to cybersecurity

June 8, 2020

By Thomas Defontaine and Marouan Bellioum

The acceleration of the compagnies’ digital transformation is now essential for all CIOs present in the global economic fabric: it is no longer a question of knowing which system, process or tool can potentially be developed to improve productivity within companies, but how, with what means and at what cost.

RPA has emerged as one of the essential tools as the core of a set of diverse solutions answering to one of the problems of this massive digitalisation: automation in the sorting, management and use of data made available to business teams.

However, digitalisation has also seen the emergence of a new question: how to ensure the protection of emerging systems, and what resources should be allocated to this protection? If at first glance, robotization and cybersecurity are two diametrically opposed subjects, there is in fact a great proximity between these two aspects of digital acceleration, which we can divide into two points.

The first requires us to look further than pure mechanical properties. It suggests that we no longer see robots as potential security holes, but as workers capable of interacting and fighting these holes alongside human cybersecurity experts. Indeed, cybersecurity is seeing the development of a form of weapon race in which the most experienced experts will try to develop protocols as quickly as possible to repair the slightest flaw before it is exploited in a potentially malicious manner. This race involves a significant amount of time spent tracking traces, understanding errors and developing tools to correct these security breaches. These experts are limited by the exponential cost that must be spent on these tasks. This is where we immediately perceive the interest of low-code robotics, RPA, to support these teams. By providing a rapid development tool -thanks to low-code – and versatile -being a robotic solution, RPA adapts to any system requiring protection work.

The second, and most obvious, is to ask what impact robotic systems will have on data security: if we can humanly control manually processed data, it becomes essential to ensure strong certification of more automated systems. Robots do not make mistakes, of course, but they are not immune to any attempt at intrusion or manipulation, a danger for which the most developed RPA publishers on the market are responding.

It is these two axes that we will try to explore and introduce today, in order to determine how to integrate the basics of your RPA system to the cybersecurity needs of your digital acceleration.

The human factor, a risk that the RPA has demonstrated?

The benefits of using RPA are logistical, risk-oriented and compliance-aimed. On the one hand, it makes cyber security more effective by removing the burden of repetitive manual tasks. On the other hand, it helps to minimize the greatest cyber security vulnerability, which is human interaction. Whether intentionally or by mistake, people represent the greatest risk.

RPA as a Weapon of Mass Processing

RPA also helps us reduce cyber security vulnerabilities in other ways; by reducing response time through automated threat detection and alert notifications; by facilitating application and device discovery and inventory, by helping to identify exposed attack surfaces to mitigate cybersecurity risks; and by improving security through automated deployment of updates and patches, providing 24/7/365 security coverage; by limiting resource involvement so that resources can focus on other highly cognitive tasks; and finally by limiting human involvement in the management of sensitive information.

Robotics can be used to collect data, deploy data breach notifications, as well as to document all data held by organizations for audit and compliance (GDPR, PCI DSS…).

In addition, RPA offers some perks to organizations. However, none of them should rely solely on RPA for more in-depth security operations that require higher cognitive and analytical capabilities. This is best left to a mix of cognitive learning technologies and human analysts. RPA offers a side deployment solution for these different tools, but the core of the solution remains rooted in the use of machine-learning and deep-learning technologies.

It should be noted that the people responsible for analysis at the SOC (Security Operational Center) level are flooded with millions of events every second (this is called EPS, or Event Per Second). These are incidents such as an attempt to connect to the organization’s network from two different geographical locations. Analysts alone cannot handle these requests, and a solution must be found or developed to automate the role of the analyst and the response to incidents. This is where the role of cognitive cybersecurity has great potential, and where EPS makes sense thanks to the great reactivity induced by its development in low-code.

Digital monitoring comes out stronger from this merger, called cognitive cybersecurity, and is gaining more and more ground in terms of effectiveness and efficiency in meeting the demands of organizations.

Cognitive cybersecurity allows us to simulate the thought processes of analysts, using AI that uses data mining, recognition and processing using Machine Learning techniques, improving as threats evolve, learning from real-time data to identify abnormal patterns and behaviours. As a result, it allows anticipating changes in cyberspace and locating unknown threats as they occur. It can also identify false positives issued, creating normal-mode profiles for an internal user or organization, flagging discrepancies that could indicate that a network or system is compromised. The question then arises as how to integrate RPA into this second phase of robotization.

More than a technology, it is the very structure of the software itself which, when added to the speed of deployment and scaling with the complexity of the algorithms used in cybersecurity, should make it possible to reinforce and apply cognitive cybersecurity on a large scale.

What are the security certifications and compliance elements that ensure the viability of the RPA?

It should be noted that one of the major questions that arise when implementing an RPA project is to what extent the software itself can be secured within the deployed infrastructure.

Two elements allow us to judge this, the first theoretically, the second empirically.

A certain number of certifications exist on the market today that allow us to quickly identify the partners to be favoured in the context of secured infrastructures. The various RPA editors have been working for the past ten years to obtain these certifications in order to facilitate their integration in the banking and financial sectors. Thus, leaders such as UiPath or Blue Prism are Veracode certified at the highest level. Their competitor Automation Anywhere has the same certification, but also offers an implementation methodology corresponding to the FISMA standards, which is necessary for the implementation of IT projects in the infrastructures of American federal organizations.

The empirical element is based on the main experiences of these major editors: Automation Anywhere or UiPath, for example, has a significant number of sensitive customers in their portfolio. NASA collaborates with UiPath for the development of robots for its back-office, AA has in France a large pool of robots for major telecom operators, and many banks now trust these leaders to develop their robots and robotic capabilities. It is with the strength of this experience that the editors have been able to continue improving their solution, whether by protecting the backlogs or by encrypting all the user data necessary to navigate the different bricks of an IT architecture.

As we have seen, it is as much on the purely technical aspects as in its implementation philosophy that the use of RPA makes sense to improve and follow a cybersecurity policy.

The security certifications and the years of experience that the editors have in the most sensitive sectors such as finance and banking testify to the consequent investment made by these players in order to determine the optimal security conditions brought by their solutions to their customers.

At the same time, low-code will massively transform the way we see the world of development, and more generally the management of IT systems. If yesterday’s world was based on the creation of code adapted only to a given situation, reinforcing its tendency to obsolescence, it is now towards the use of more versatile, adaptable and reusable code that we seem to be moving towards. Though, there is no deal in opposing these two worlds, traditional code still represents the best way to respond to specific situations, where low-code becomes the tool to quickly reinforce a pre-existing system.

The use of RPA in cybersecurity is only a mirror of this reality, by being grafted onto a base of knowledge and expertise acquired by specialists in the field, and by offering an adaptable and rapidly developable overlay to respond to tomorrow’s threats. RPA’s contribution to cognitive cybersecurity can now prove to be essential, inviting us to rethink the use of AI in a more agile, user-friendly, and scalable environment to protect our IT systems.

Thomas Defontaine, Innovation and Solution Manager at ADNEOM Paris

Marouan Bellioum, Cybersecurity Consultant at ADNEOM Paris

Categorised in:

This post was written by mebernier