RA-03(04) Predictive Cyber Analytics

Employ the following advanced automation and analytics capabilities to predict and identify risks to ra-03.04_odp.02: ra-3.4_prm_2.

Parameter ID Definition
ra-3.4_prm_2 organization-defined advanced automation and analytics capabilities
ra-03.04_odp.01 advanced automation capabilities
ra-03.04_odp.02 systems or system components
ra-03.04_odp.03 advanced analytics capabilities

Baselines

Guidance

A properly resourced Security Operations Center (SOC) or Computer Incident Response Team (CIRT) may be overwhelmed by the volume of information generated by the proliferation of security tools and appliances unless it employs advanced automation and analytics to analyze the data. Advanced automation and analytics capabilities are typically supported by artificial intelligence concepts, including machine learning. Examples include Automated Threat Discovery and Response (which includes broad-based collection, context-based analysis, and adaptive response capabilities), automated workflow operations, and machine assisted decision tools. Note, however, that sophisticated adversaries may be able to extract information related to analytic parameters and retrain the machine learning to classify malicious activity as benign. Accordingly, machine learning is augmented by human monitoring to ensure that sophisticated adversaries are not able to conceal their activities.