real time web analytics
Back Automate Security Due Diligence with Machine Learning
Patrick Murray | EVP Product
2019-05-076 min read
The Machine Learning Era in Security There are many kinds of machine learning used today across industries, each offering different solutions based on the problem they solve. In the security industry, the majority of machine learning solutions have been centered around detection and prevention of cyber attacks. For example, at Zimperium, they use a supervised machine learning solution to check for on-device anomalies for mobile devices. The app learns what good and suspicious processes on a mobile device looks like from scanning millions of devices, and then alerts on behavior indicative of cyber attacks such as man-in-the-middle attacks or elevation of privilege attacks. Another example is DataVisor, which uses unsupervised machine learning to detect online fraud attacks. In this model of machine learning, they do not rely on labels at all, instead using machine learning to detect clusters of malicious user accounts acting in coordination with one another. This is a great model for fast-changing attack techniques carried out by a massive number of accounts. There are many AI-based “attack detection” solutions in the security industry; however, there seems to be a shortage of machine learning solutions to help automate the day-to-day activities of the security team defining, implementing and sharing their InfoSec plan.

The “Security Due Diligence Stage” Problem One of the most confusing and time consuming activities for security and sales teams emerges during the sales cycle. A client wants to buy your product, but before that can happen, they need to complete their due diligence that you are able to protect their data by asking you to respond to a vendor security questionnaire. Most people respond to these questionnaires by emailing them around to different contributors via email, but this is ripe with many problems:
Poor Responses: Many times there are questions where the person answering lacks domain knowledge, resulting in lost time or responses that are not best practice. This oftentimes results in losing business.
Wasted Time : On average, manually answering a security questionnaire with hundreds of questions results takes over 20 hours each time. That is a lot of wasted effort hunting through old spreadsheets for previous answers or reaching out to the security owner that knows the answer to a particular question.
Liability : Since security questionnaires live in a siloed documents with multiple authors, there is a high risk of contributors “writing checks their body cannot cash” by committing to security controls that have yet to be implemented. This may create exposure from a sales and legal liability standpoint if you make contractual commitments that you fail to deliver.
How Machine Learning Can Help Fortunately, there are machine learning solutions now available, such as Tugboat Logic, that use machine learning to help you demystify and automate the security questionnaire process.  
Great responses: By tying the security questionnaire into the same platform that houses your InfoSec policy of record, as well as automatically learning from all of your previously answered questionnaires, you can ensure that you have a great response every time.
Save time : Using a machine-learning based recommendation engine, Tugboat Logic will automatically import your questionnaire into the system, and instantly find the best answer to each question in seconds, reducing a 20-hour task to minutes.
Stay Compliant & Keep Clients Happy :  Track all commitments made and tie them to the actual security controls, so you have visibility to any liabilities, and can assign them to someone to implement before it damages revenue or creates loss from liability.
Scale Your Team

Machine learning has helped make a lot of industries more efficient by automating repetitive processes, and quickly learning from datasets that are too difficult for the human mind to process. Given the current scarcity of qualified security professionals, combined with the growing number of tasks facing InfoSec departments, it is a good time to consider a way to work smarter using automation. Tugboat Logic provides one such technology platform that employs a combination of expert security guidance and machine learning to help you scale your team. You can reap immediate benefits by answering a security questionnaire in minutes, while improving sales win rates over 3x, all while avoiding liability associated with promising security methods to clients that you don’t actually practice. With regulations becoming stricter, and clients demanding more documentation on compliance, it is time to swap out your spreadsheets for a better solution.