KPMG Managed Security Services partnered with NovaceneAI to improve the efficiency of their security operations and achieve consistent results.
Customer: KPMG | Category: Predictive Security Operations Intelligence
Table of Contents
About KPMG Managed Security Services
The Challenge: Inability to Keep Up
The Solution: AI That Learns from Analysts
Results: Smarter, Faster, Scalable Security
The Future: Expanding AI-Driven Cybersecurity
Executive Summary
KPMG’s Managed Security Services team faced a growing crisis; cyber threats were increasing at an unmanageable rate, and their security experts were struggling to keep up. Therefore, Vice President René Bouchard began questioning the sustainability of their approach:
- How could his team process an ever-growing flood of security alerts?
- How could they reduce human error while handling large volumes of data?
- How could they deliver consistent assessments and results to clients?
He realized that simply adding more experts wouldn’t solve the problem. The team needed a smarter, scalable solution.
Solution
An intelligent SecOps automation solution that integrated with the Security Operations Centre (SOC) to automatically classify alerts, close false positives, and escalate real threats.
Key Measurable Outcomes:
- 20% automation within the first 6 months
- Increased client satisfaction scores
- An automation decision-making framework for future growth
About KPMG Managed Security Services
KPMG’s Managed Security Services division is a leader in protecting organizations against evolving cyber threats. With a team of over 100 security experts, KPMG helps several hundred organizations strengthen their security posture and respond effectively to cyber threats. Their expertise spans managed detection and response, offensive security, cyber threat intelligence, governance, compliance, risk management, and business continuity.
The Challenge: Inability to Keep Up
The number of security threats is increasing rapidly and will continue to increase even faster. To keep pace, adding skilled experts to deal with the incoming flow is essential. But this type of approach is unsustainable: the advent of technologies has simplified the creation of new attacks, and the speed with which these attacks spread.
“Skilled security analysts are scarce and in high demand. It’s only a matter of time until we are simply unable to meet demand while meeting with quality standards that our clients expect from us.”
René Bouchard, VP, Managed Security Services
KPMG
This scenario created two challenges:
Unsustainable Cost Structure
The team was automating a large portion of their alerts using rules-based workflows, also known as playbooks. Being rule-based, this approach can only detect known threats. When attackers introduce new techniques, this approach fails until new rules are written—by which time, the damage may already be done. Therefore, while this automation has been effective at reducing much of the noise, the more complex alerts were still getting through. To quantify the challenge, the following pre-AI scenario was identified:
- 12,500 alerts per month need investigation
- It takes 20 minutes in average to investigate each alert
- 4,167 hours are spent per month investigating alerts
- 80% of expert time is spent investigating alerts
- 26 security experts are needed to keep up with demand
Inconsistent Client Deliverables
Delivering 24/7 service requires that experts be hired around the world to work shifts. This decentralized approach translates into experts following to some extent their own processes and making their own judgements. This decentralization has led to delivering conflicting messages to clients. For example, an alert deemed to be a false positive by one expert, was escalated as a breach a few days later by a different expert.
“Attackers are constantly evolving, and analysts are playing catch up. It’s impossible to mitigate all the attacks without the smart automation provided by the NovaceneAI Platform.”
René Bouchard, VP, Managed Security Services
KPMG
NovaceneAI’s solution, Bouchard believed, could improve his team’s chances to predict future incidents and allow them to react before irreparable damage takes hold.
The Solution: AI That Learns from Analysts
Mr Bouchard is an seasoned business technologist. He knew that AI had the potential to automate and enhance cybersecurity decision-making. Therefore, he started exploring whether an AI system could be trained to understand the patterns of the most complex alerts and act as a human analyst. If this worked, his team could add an expert analyst that would investigate complex alerts in seconds and around the clock. Not only would this expert investigate the alerts, but the results from their investigations would be consistent every time. In summary, Bouchard could instantly add capacity to help the team manage a larger number of threats while making the process more systematic. That’s when he partnered with NovaceneAI.
With its capability of identifying patterns from large amounts of unstructured data, and to apply Machine Learning (ML) to train AI to recognize patterns un future data, the NovaceneAI Platform was a natural choice when it came to explore a solution.
Implementation
KPMG and NovaceneAI launched a proof-of-concept (PoC) to answer a crucial question: Could AI accurately model how KPMG’s analysts assess threats? To find out, NovaceneAI’s data scientists embedded themselves with KPMG’s security team, studying how they evaluated alerts and made decisions.
The collaboration resulted in an AI model that could:
- Mimic the decision-making process of top analysts
- Identify real threats from false positives with good accuracy
- Standardize and systematize the alert triaging process
Based on these factors, the PoC was deemed a success.
Operationalization
NovaceneAI and KPMG worked together to scale the PoC into KPMG’s stack. The solution integrated with KPMG’s existing tech stack seamlessly thanks to NovaceneAI’s robust API.
A key component of the full solution involved an ongoing learning module. Given thatcyber threats are constantly changing, and no AI model is perfect from the start, NovaceneAI implemented a human-in-the-loop feedback system, where experts’ real-time corrections continuously improved the AI model. The more KPMG used the system, the smarter it became.
Marcelo Bursztein, founder and CEO of NovaceneAI, says he sees an opportunity to leverage the role that experts will play in the overall system.
“The solution involves a feedback loop that takes the corrections that analysts make to the AI predictions, and uses them as training signals to continually improve the models. This human-in-the-loop approach not only ensures that key security decisions are duly supervised, but also enables the ongoing improvement of the overall system. The more analysts use the system, the smarter it gets.“
Marcelo Bursztein, Founder & CEO
NovaceneAI
Results: Smarter, Faster, Scalable Security
Before
Analysts were overwhelmed, reacting to endless and increasing security alerts with no scalable solution.
- Analysts drowning in routine alerts
- Rules-based Playbook automations
- No solution to scalability
- 20 minutes per alert
- Subjective & biased classification
After
NovaceneAI enabled the proactive identification and mitigation of threats before they could cause real harm
- Analysts focus on high-priority threats
- Playbooks + AI-drive automation
- Positioned to scale sustainably
- 2 seconds per alert
- Algorithm-driven classification
“This type of human and machine collaboration is a persistent theme with AI-driven automation use cases. Our customers approach us for solutions that free up their analysts from routine work so they can focus on tasks that require human ingenuity. It’s a shame to see organizations’ most highly skilled resources spend time on tasks that are transactional and should be automated.“
Marcelo Bursztein, Founder & CEO
NovaceneAI
Why Novacene
Bouchard had the option to engage larger vendors or custom AI developers, but both presented significant downsides.
“Often vendors come to the table with solutions that require long implementation lead times and a large commitment of resources on our end. Niche developers, on the other hand, build solutions that later we inherit and need to maintain.“
René Bouchard, VP, Managed Security Services
KPMG
| Big Vendors | Custom Developers | NovaceneAI |
|---|---|---|
| Require long & expensive implementations that lacked flexibility | Build one-off solutions that KPMG would have to maintain indefinitely | Ready-to-use and customizable AI platform with ongoing support |
NovaceneAI enabled KPMG to leverage the company’s existing AI platform to quickly integrate smart data enrichments into their workflows. Jonathan Boucher, Director of Managed Services at KPMG, noted the advantages of working with a company that can provide both a product and expert support services.
“NovaceneAI provides a hybrid solution that marries its platform with a professional services component. This type of blended model helps us bypass the effort needed to develop a full custom solution, while providing a mechanism to adapt the existing platform to work for us.“
René Bouchard, VP, Managed Security Services
KPMG
The Future: Expanding AI-Driven Cybersecurity
A Growing Partnership
KPMG and NovaceneAI continue to work together to this day. Both teams are now working together to extend the automation coverage by handling more use cases and a more sophisticated automation decision-making framework. For example, the latest framework has shown a potential 340% growth in automation.
Lessons Learned
The most valuable lesson was that software alone cannot fix a problem. Often data science teams will focus on improving their algorithms, leaving the methodology to integrate such algorithms to operations teams. This creates a disconnect that results in missed opportunities to materially improve outcomes by focusing on all of the components of a solution as opposed to just algorithms and accuracy. The collaboration between KPMG and NovaceneAI on the development of a sophisticated automation decision-making framework is a clear example of how data science can help not only automate tasks but also turbocharge overarching processes and workflows.
What the Future Holds
What started as an experiment in efficiency became a transformative shift in how KPMG defends against cyber threats. NovaceneAI isn’t just helping analysts keep up—it’s helping them stay ahead. Looking into the future, KPMG and NovaceneAI will focus on long term benefits such as:
- A 25% operating cost reduction
- 60%+ automation coverage
- Position KPMG to support 20% more clients without scaling the team
- Delivering even greater value to KPMG’s clients
- Continued use and expansion of NovaceneAI’s tools
