RA-03(04) Predictive Cyber Analytics
Employ the following advanced automation and analytics capabilities to predict and identify risks to ra-03.04_odp.02: ra-3.4_prm_2.
|ra-3.4_prm_2||organization-defined advanced automation and analytics capabilities|
|ra-03.04_odp.01||advanced automation capabilities|
|ra-03.04_odp.02||systems or system components|
|ra-03.04_odp.03||advanced analytics capabilities|
A properly resourced Security Operations Center (SOC) or Computer Incident Response Team (CIRT) may be overwhelmed by the volume of information generated by the proliferation of security tools and appliances unless it employs advanced automation and analytics to analyze the data. Advanced automation and analytics capabilities are typically supported by artificial intelligence concepts, including machine learning. Examples include Automated Threat Discovery and Response (which includes broad-based collection, context-based analysis, and adaptive response capabilities), automated workflow operations, and machine assisted decision tools. Note, however, that sophisticated adversaries may be able to extract information related to analytic parameters and retrain the machine learning to classify malicious activity as benign. Accordingly, machine learning is augmented by human monitoring to ensure that sophisticated adversaries are not able to conceal their activities.