LLMs for Threat Management

Leveraging Large Language Models for the Next-Generation Threat Management Platform


The aim of this project is to develop a highly reliable generative AI-based Personal Security Assistant (hereafter Personal Assistant). The Assistant is designed to enhance the Security Operations Center's (SoC) and make it dramatically more automated and efficient, thereby enhancing the SoC's ability to detect, investigate, and prevent evolving security threats effectively. By leveraging LLM, the Personal Assistant will enable threat hunters, managed detection and response operators, and incident response experts to ask questions and receive intuitive answers from the platform. The key capabilities of the Personal Assistant include enhancing users' understanding of threats and risks faced by their organization, automating repetitive and laborious tasks such as data collection and extraction, as well as basic threat search and detection. Moreover, the Personal Assistant will facilitate more advanced security actions and enable users to make quicker and more informed decisions, ultimately reducing response time during critical incidents. By leveraging the capabilities of the Personal Assistant, security practitioners will have the opportunity to enhance their productivity while minimizing the complexities associated with security operations.