Table A5 AI capabilities in cyber risk... | Emerald Publishing

Table A5

AI capabilities in cyber risk monitoring: selected evidence

Second-order themes	Selected quotes on first-order categories
Learning for risk monitoring	Learn from data in monitoring system behaviors
Learning for risk monitoring	“The machine learning models that are inside the various antivirus applications, the various EDRs that monitor the behavior of what various executables do, working on large amounts of data and what are the anomalies compared to normal operation.” – System Integrator A
Adaptation for risk monitoring	Adapt to data changes in system monitoring
Adaptation for risk monitoring	“The same thing happens in endpoint protection, where process analysis on the machine can tell when an operation is actually done by a user or not done by a user, because maybe there is malware behind it that is simulating the user's presence. AI can figure out that that activity is not a human activity.” – System Integrator D
Reasoning for risk monitoring	Correlation analysis in web scanning
Reasoning for risk monitoring	“If we talk about AI on the monitoring part, we can see it applied in the threat intelligence platforms, which put the information together, the system there correlates and says watch out, an event is generated on the firewall, then afterwards I collect this information, put it together and realize it looks like a similar attack that happened right now on the other side of the world in another company.” – System Integrator D
Perception for risk monitoring	Text analysis in dark web monitoring
Perception for risk monitoring	“Another type of AI we use is related to semantics. When we automate certain types of analysis on the dark web, such as monitoring forums and similar platforms” – Vendor B

Second-order themes	Selected quotes on first-order categories
Learning forrisk monitoring	Learn from data in monitoring system behaviors
Learning forrisk monitoring	“The machine learning models that are inside the various antivirus applications, the various EDRs that monitor the behavior of what various executables do, working on large amounts of data and what are the anomalies compared to normal operation.” – System Integrator A
Adaptation forrisk monitoring	Adapt to data changes in system monitoring
Adaptation forrisk monitoring	“The same thing happens in endpoint protection, where process analysis on the machine can tell when an operation is actually done by a user or not done by a user, because maybe there is malware behind it that is simulating the user's presence. AI can figure out that that activity is not a human activity.” – System Integrator D
Reasoning forrisk monitoring	Correlation analysis in web scanning
Reasoning forrisk monitoring	“If we talk about AI on the monitoring part, we can see it applied in the threat intelligence platforms, which put the information together, the system there correlates and says watch out, an event is generated on the firewall, then afterwards I collect this information, put it together and realize it looks like a similar attack that happened right now on the other side of the world in another company.” – System Integrator D
Perception forrisk monitoring	Text analysis in dark web monitoring
Perception forrisk monitoring	“Another type of AI we use is related to semantics. When we automate certain types of analysis on the dark web, such as monitoring forums and similar platforms” – Vendor B