The LeverX team developed an AI-driven assistant for the customer’s SAP Cybersecurity & Compliance Monitoring platform and successfully migrated the solution to AWS.
Riscomp GmbH, an SAP Gold Partner with recognized expertise in GRC (Governance, Risk & Compliance), offers the SAP Cybersecurity & Compliance Monitoring Add-On. This solution leverages an integrated GRC approach, helping to ensure a secure and compliant SAP S/4HANA transformation and deployment. It addresses various challenges that SAP customers face, including resource constraints, reliable prioritization of vulnerabilities, and organizational and solution silos between Operations and Compliance.
Riscomp’s customers manage multiple SAP landscapes to support various business processes. The SAP Cybersecurity & Compliance Monitoring platform helps them to ensure a sufficient level of protection and demonstrate compliance with applicable regulations. While this solution has built-in Fiori dashboards, some complex analytics needs, e.g., cross-system comparison of risk vectors, considering multiple conditions and attributes, can require additional manual filtering and assessments. The main challenge was enhancing the existing reporting process and covering the additional analytics need, leveraging the advantages of the GRC-integrated approach of the platform to the maximum.
During collaborative sessions with the Riscomp representatives, it was decided to develop an AI-powered chatbot utilizing neural networks designed to address all incoming user inquiries concerning the security of specific systems. LeverX was engaged in extending the SAP Cybersecurity & Compliance Monitoring platform through an AI Assistant.
The project's primary goal was to streamline the evaluation across multiple systems and provide an alternative to using the dashboards. By automating responses to user inquiries, the chatbot can provide quick and accurate information about vulnerabilities, risks, their impact on SAP landscapes, and mitigation options, saving time and effort for both users and system administrators.
The available Fiori-based interface was extended by a convenient and user-friendly AI-chatbot, available 24/7. Users can easily obtain the information they need as an alternative to using dashboards or to request more complex evaluations, saving manual efforts and enhancing overall satisfaction with the platform.
The project took about three weeks, taking into account the part-time work of all involved specialists. The team consisted of:
The LeverX team chooses the latest technologies when possible. To meet the customer's requirements and maintain consistency with other applications available in the customer landscape, we decided to create an extension to the existing Fiori app. The other technologies that corresponded to the customers' needs were LangСhain and SAPUI5.
The LeverX and Riscomp joint teams’ efforts in training the bot based on the client's dataset have involved the following essential steps:
To provide a common user experience for support chat, the team built a custom SAPUI5 control based on the latest industry standards. It was important for users to be able to move chat around the screen, and the flexibility of UI5 made this possible.
In three weeks, the client received a fully operational AI-driven chatbot for their database. Quick and responsive bot empowered security experts to promptly access insights on system security comparisons and receive recommendations for addressing specific challenges.
To expand the bot's capabilities in the future and potentially expand the list of available AI models, the decision was made to move the API and database from Azure to AWS. Data migration provided the client with the following capabilities:
The migration solved another major challenge for the customer. Initially, the client was concerned that sensitive data uploaded to the AI could become available to third parties – for example, to train the AI on Microsoft's servers.
The LeverX team took these concerns into account with the utmost importance. The AI was embedded into the bot with the stipulation that all uploaded information remains on secure servers and cannot be shared with third parties in any way.
Overall, the developed solution provided the customer with the following benefits:
Here’s how customer’s processes changed with the automation support:
One of the most significant chatbot’s benefits is that it can handle complex inquiries, including those with non-obvious formulations. Despite the subject area's specialized jargon, the bot was swiftly trained to understand these intricacies so that those users who don't know SQL can get this information, too. Here are some examples of how the bot responds to user queries:
Question 1: What system has the highest number of violations?
Bot answer: System A has the highest number of violations (number). Do you want me to provide further information?
Question 2: Which system is most compliant?
Bot answer: System B is the most compliant as it has the maximum number of compliant parameters (number).
Question 3: Please provide a list of systems with the highest violating first.
Bot answer: Please find the list of systems sorted by the number of violations: C (the number of violations), D
(the number of violations), E (the number of violations).
Overall, as Riscomp expands its client base and operations globally, AI-driven add-ons can scale effortlessly to handle increasing volumes of inquiries and support requests without compromising quality. Data migration has allowed accessing over 200 fully featured AWS services from data centers globally, protected by more than 140 security standards and compliance certifications.
The project work is ongoing, with upcoming plans to explore visualization options. Further plans include enhancing analytics by incorporating graphical representations, such as graphs and charts, to provide more comprehensive insights into system performance. Further collaboration between Riscomp and LeverX involves using new technologies to improve system strategies and performance, promoting ongoing partnership growth. AI usage for SAP Cybersecurity and Compliance monitoring is subject to an exclusive collaboration between LeverX and Riscomp.