LeverX Implemented AI-Driven Chatbot for Riscomp Solution

The LeverX team developed an AI-driven assistant for the customer’s SAP Cybersecurity & Compliance Monitoring platform and successfully migrated the solution to AWS.

Customer

Riscomp GmbH, an SAP Gold Partner with recognized expertise in GRC (Governance, Risk & Compliance), offers the SAP Cybersecurity & Compliance Monitoring Add-On. This solution leverages an integrated GRC approach, helping to ensure a secure and compliant SAP S/4HANA transformation and deployment. It addresses various challenges that SAP customers face, including resource constraints, reliable prioritization of vulnerabilities, and organizational and solution silos between Operations and Compliance.

Challenge

Riscomp’s customers manage multiple SAP landscapes to support various business processes. The SAP Cybersecurity & Compliance Monitoring platform helps them to ensure a sufficient level of protection and demonstrate compliance with applicable regulations. While this solution has built-in Fiori dashboards, some complex analytics needs, e.g., cross-system comparison of risk vectors, considering multiple conditions and attributes, can require additional manual filtering and assessments. The main challenge was enhancing the existing reporting process and covering the additional analytics need, leveraging the advantages of the GRC-integrated approach of the platform to the maximum. 

Solution

During collaborative sessions with the Riscomp representatives, it was decided to develop an AI-powered chatbot utilizing neural networks designed to address all incoming user inquiries concerning the security of specific systems. LeverX was engaged in extending the SAP Cybersecurity & Compliance Monitoring platform through an AI Assistant.

The project's primary goal was to streamline the evaluation across multiple systems and provide an alternative to using the dashboards. By automating responses to user inquiries, the chatbot can provide quick and accurate information about vulnerabilities, risks, their impact on SAP landscapes, and mitigation options, saving time and effort for both users and system administrators.

The available Fiori-based interface was extended by a convenient and user-friendly AI-chatbot, available 24/7. Users can easily obtain the information they need as an alternative to using dashboards or to request more complex evaluations, saving manual efforts and enhancing overall satisfaction with the platform.

Products and Services

• AI Solutions Implementation
• Fiorization Services

Project Scope

The project took about three weeks, taking into account the part-time work of all involved specialists. The team consisted of:

• Project Manager
• Data Scientist
• Python Developer
• Frontend Developer
• Designer – joint Riscomp and LeverX team.

The LeverX team chooses the latest technologies when possible. To meet the customer's requirements and maintain consistency with other applications available in the customer landscape, we decided to create an extension to the existing Fiori app. The other technologies that corresponded to the customers' needs were Langchain and SAPUI5.

The LeverX and Riscomp joint teams’ efforts in training the bot based on the client's dataset have involved the following essential steps:

1. Clean and organize the dataset from the initial Excel document to prepare it for training.
2. Create a custom chat UI in the existing Fiori application.
3. Develop suitable prompts to perform.
4. Develop chatbot logic to parse user entries and provide text search results. Set it up as an external API server.
5. Check the model's performance and adjust it to improve its accuracy and effectiveness.
6. Ongoing optimization of Riscomp’s platform data structure output to match NL and SQL capabilities of the underlying AI solution. 

To provide a common user experience for support chat, the team built a custom SAPUI5 control based on the latest industry standards. It was important for users to be able to move chat around the screen, and the flexibility of UI5 made this possible.

Project Results

In three weeks, the client received a fully operational AI-driven chatbot for their database. Quick and responsive bot empowered security experts to promptly access insights on system security comparisons and receive recommendations for addressing specific challenges.

To expand the bot's capabilities in the future and potentially expand the list of available AI models, the decision was made to move the API and database from Azure to AWS. Data migration provided the client with the following capabilities:

• AWS’s Identity and Access Management (IAM) and CloudTrail features for maintaining the highest security standards. The built-in control over access levels is crucial in Riscomp’s Governance, Risk, and Compliance processes.
• Azure's SQL Server databases are based solely on Microsoft SQL Server, while AWS's RDS supports multiple database engines like Amazon Aurora, MySQL, Microsoft SQL, MariaDB, Oracle, and PostgreSQL. Given the chatbot’s scalability, AWS will provide a broader range of options for users in the future.

The migration solved another major challenge for the customer. Initially, the client was concerned that sensitive data uploaded to the AI could become available to third parties – for example, to train the AI on Microsoft's servers.

The LeverX team took these concerns into account with the utmost importance. The AI was embedded into the bot with the stipulation that all uploaded information remains on secure servers and cannot be shared with third parties in any way. 

Overall, the developed solution provided the customer with the following benefits:

• Can be used simultaneously by up to 10,000 users regardless of geographical location
• Can handle varieties of input and provide robust output
• Easily detects non-relevant questions and can reply accordingly

Here’s how customer’s processes changed with the automation support:

One of the most significant chatbot’s benefits is that it can handle complex inquiries, including those with non-obvious formulations. Despite the subject area's specialized jargon, the bot was swiftly trained to understand these intricacies so that those users who don't know SQL can get this information, too. Here are some examples of how the bot responds to user queries:

Question 1: What system has the highest number of violations?
Bot answer: System A has the highest number of violations (number). Do you want me to provide further information?

Question 2: Which system is most compliant?
Bot answer: System B is the most compliant as it has the maximum number of compliant parameters (number).

Question 3: Please provide a list of systems with the highest violating first.
Bot answer: Please find the list of systems sorted by the number of violations: C (the number of violations), D

 (the number of violations), E (the number of violations).

Overall, as Riscomp expands its client base and operations globally, AI-driven add-ons can scale effortlessly to handle increasing volumes of inquiries and support requests without compromising quality. Data migration has allowed accessing over 200 fully featured AWS services from data centers globally, protected by more than 140 security standards and compliance certifications.

The project work is ongoing, with upcoming plans to explore visualization options. Further plans include enhancing analytics by incorporating graphical representations, such as graphs and charts, to provide more comprehensive insights into system performance. Further collaboration between Riscomp and LeverX involves using new technologies to improve system strategies and performance, promoting ongoing partnership growth. AI usage for SAP Cybersecurity and Compliance monitoring is subject to an exclusive collaboration between LeverX and Riscomp.