CASE STUDY are protected against the latest threats . We also are prototyping an anomaly detection framework which has broad applicability to a variety of behavioural use cases from authentication to privilege escalation while still providing a level of explainability that our customers have come to expect from Corelight .
Large Language Models
In our experiments with LLMs , we became convinced early on that the power for summarisation and synthesis of existing information was the best application for the current maturity of LLMs . We found their ability to create detections by discerning between legitimate and malicious network traffic weak in our initial tests but validated that these language models can deliver powerful context , insights and next steps to help accelerate investigation and educate analysts . We also benefit from our platform and resulting data being based on open-source tools like Zeek and Suricata , which many commercial LLMs are already trained on . Since Corelight produces a gold standard , open data format for NDR , we quickly delivered a powerful alert summarisation and IR acceleration feature in our Investigator platform , driven by GPT .
How does Corelight differentiate itself in the market to provide tailored solutions for addressing the dynamic challenges of AI ?
Corelight has been a leader in the development and implementation of AI-powered platforms that give defenders the tools for defence-in-depth without compromising company data . Our Open NDR platform leverages powerful Machine Learning and open source technologies that can detect a wide range of sophisticated attacks and provide analysts with context to interpret security alerts , including LLMs . Our approach delivers significant contextual insights while maintaining customer privacy : No proprietary data is sent to LLMs without any customer ’ s understanding and authorisation . Our use of Zeek and Suricata , as well as partnerships with Crowdstrike , Microsoft Security , Google Mandiant and other security consortiums delivers the double benefit of maximised visibility and high-quality contextual evidence that has helped us expand our offerings of supervised and deep learning models for threat detection .
At Corelight , we ’ re committed to transparency and responsible stewardship of data , privacy and AI model development . We help analysts automate workflows , improve detections and expand investigations via new , powerful context and insights . We encourage you to keep current with how our solutions are optimising SOC efficiency , accelerating response , upleveling analysts and helping to mitigate staffing shortages and skill gaps .
AI ’ s power and rapid development comes with caveats . Although necessary , these tools can elevate organisational risk related to misuse ( by malicious actors or employees ), poor investment choices and unrealistic expectations . It is important to focus on the immediate implications of AI on the organisation ’ s overall security while staying alert to emerging trends .
How will AI-powered cybersecurity tools improve over time ?
Artificial Intelligence is an iterative process that can scale rapidly when multiple complex datasets train models and tune them over time . Cybersecurity , like all industries , faces the challenge of streamlining disparate and unconnected datasets and making it available for real-time and forensic analysis . AI cybersecurity tools will be essential to connecting data repositories that can then be integrated and synthesised . In cybersecurity , this can lead to a more comprehensive understanding of an organisation ’ s threat landscape , its normal traffic patterns and adversarial behaviour during or after a cyber event .
The development of AI cybersecurity tools is also a function of a larger ecosystem . Purveyors of network security , cloud security , attack frameworks and other security functions can drive integrations and partnerships that provide analysts on the ground with better integrations , dashboards and event context , which can improve over time in a mutually reinforcing matrix .
Looking ahead , how do you envision Corelight ’ s use of AI shaping the future of cybersecurity ?
While we began our LLM explorations with OpenAI ' s GPT , we continue to track the incredible growth in the market of new models and platforms built around LLMs coming from every corner of the tech industry . In addition to our work with GPT , we have built collaborative relationships with other LLM developers , providing an opportunity to influence and shape elements of their product development , such as the Microsoft Security Copilot private preview program .
ML detections and ML-assisted workflows are just a few of the ways that we are using AI in our products , but there is plenty more going on behind the scenes . Be on the lookout for many more exciting developments over the coming months focused around Corelight ’ s use of AI to make investigation workflows more efficient , generate more effective detections and to help uplevel analysts ' understanding of network data . p
www . intelligentcio . com INTELLIGENTCIO MIDDLE EAST 61