Development of an AWS Native Cybersecurity Regulatory Reporting Product
Cyber breach is a global challenge. As cybersecurity threats increase exponentially, so do the number and extent of the regulations that seek to protect organizations and their clients. Financial services institutions being the prime targets for cybercriminals, have to follow complex systems of regulations and standards. But now they have a targeted solution to help them demonstrate compliance with multiple regulations while also reducing associated time, effort, and, ultimately, cost.
Birlasoft, with its AWS native cybersecurity regulatory reporting product developed for Regulativ.ai is transforming the cybersecurity reporting function across regulated industries. We have created a lightning-fast, scalable, and cost-efficient governance platform using leading-edge AI technology and an innovative cloud platform to streamline cybersecurity self-assessment processes.
The Challenge
Current cost-prohibitive methods
- Cybersecurity teams are spending hundreds, if not thousands, of hours in manual effort to become compliant with rules and regulations across multiple jurisdictions
- Individual cybersecurity self-assessments are taking up a large part of the cyber team effort and typically require hundreds of hours of manual effort to complete
- CISO teams are under increasing time and budget pressures
- Massive infrastructure and its associated costs
- Cybersecurity costs is incurred by banks as regulatory fines due to non-compliance
Risks related to other 3rd-party vendors
- Inconsistent cyber risk reporting across different geographies
- Third-party supplier risk assessments are typically lengthy, time-consuming, difficult to manage & co-ordinate
- Inadequate risk analysis
- Significant skill shortage in cyber teams, as well as an increase in the exodus of critical cyber skills from the profession due to exhaustion and burn-out
The Solution
Implementation of a single automated platform using AWS and AI/ML solutions in areas like Cyber Regulations, Breach Reporting, Cyber Insurance, etc.
Birlasoft created an AWS native product to provide a differentiated solution and offering for a BFSI client in the cybersecurity regulatory space. The AI/ML-based platform helps clients to streamline and automate cybersecurity regulatory assessment and reporting. The solution streamlines the cyber regulatory reporting and third-party security risk assessment process for major FIs, regulators, third-party and regulated SMEs.
The product provides data management and automated narrative generation for cyber-regulations across all business sectors. It collects data from multiple sources with its integration plugins, using the latest AI techniques. It also provides NLP-generated reports as well as narratives for any submissions or internal reporting. The solution standardizes, optimizes, and automates all processes from data gathering, security posture assessment, and compliance reporting to regulators, auditors, and internal governance boards.
The technology stack used in the AWS native product is:
- Amazon RDS - MySQL for Database
- Amazon CloudWatch Service - Used to store logs of VPC (Virtual Private Cloud)
- Amazon EventBridge: Used to trigger Lambda functions at a particular time (to start servers)
- AWS Lambda : Serverless automation
- Amazon S3 - Store files, trigger Lambda to save data to MySQL
- Amazon Elastic Kubernetes Service - To run Dev & Test environments
- Amazon Elastic Compute Cloud (EC2) -Servers for Tableau, Manta, Mattermost, etc., all servers
- Amazon Route53-For internal domains
- Amazon VPC (Virtual Private Cloud): This service allows you to launch AWS resources in an isolated virtual network.
- Amazon ECR (Elastic Container Registry) -To store container images
- AWS Secret Manager - To store database credentials
- AWS Certificate Manager - To store SSL certificate
- AWS Load Balancer: Application load balancer.
- Amazon EKS CTL is an open-source tool - Command line tool to provision an EKS (Elastic Kubernetes Service) Cluster.
- AWS Cloud formation: Infrastructure as code
The Impact
The key features of the product include:
- The product provides fast and cost-effective responses to regulators using all available historic and current data, across all regulators, using the latest machine learning models.
- Data sourced inside your firm via direct API or via manual requests is processed in all major languages and translated into english, our operating language.
- Historical assessments are analyzed to provide the basis for training the innovative machine learning models and to optimize current submissions.
- Final review of the completed assessment is performed by a security analyst before finalization and submission to regulators via an electronic or manual interface.
- One View Cyber Risk Assessments for 3rd Party, NIST, ISO 27001, PCI-DSS, COBIT Regulations
