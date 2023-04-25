



Launched today at the RSA Conference in San Francisco, the new Security AI Workbench leverages recent advances in Large Language Models (LLM) to tackle the three biggest challenges in cybersecurity: threat overload, cumbersome Address tool, and talent shortages. Threat intelligence is a field plagued by all three problems, and LLM has the ability to transform how you operate to protect your business.

Google Cloud’s threat intelligence services are based on three core principles:

Reliability: Our customers can rely on Mandiant Threat Intelligence to deliver the information they care about with industry-leading breadth, depth and timeliness.

Relevance: Personalize the threat landscape so that it is relevant to each customer, enabling you to prioritize threats that may affect you.

Actionable: Our threat intelligence is more actionable because it automates the end-to-end pipeline from raw data to security controls.

Provides the most trusted threat intelligence

AI is as valuable as the data it operates on. Using LLM to summarize irrelevant open source intelligence does not provide customers any value beyond manually reviewing that data. Doing so can add even more noise to an already overwhelming flood of information.

That’s why a team of dedicated researchers and Mandiants’ frontline intelligence gleaned from over 1,000 breaches each year combined with Google’s unparalleled visibility into threats across the internet provides a strong foundation for our AI solutions. It offers. Over the years, we have applied many natural language processing (NLP) and machine learning (ML) approaches to transform raw threat data into actionable information. Recent developments in LLM can significantly improve Intel’s already market-leading operations. Areas we are working on include:

Expand your reach by more effectively tracking digital threats across languages ​​and modalities. Global threat actors use a variety of methods to cover their tracks in forums, messaging services, and the deep/dark web. LLM-based approaches are particularly good at handling multiple modalities and languages ​​across discussion forums, messaging services, and websites that are hidden from traditional search engines, allowing analysts to apply this obfuscation at scale. to help find out.

Combined visibility across data sources provides deeper threat intelligence. By identifying relevant information from multiple sources, LLM can eliminate data silos that previously hindered extensive analysis. This combines threat information encountered during Mandiant’s incident response operations, Google’s visibility into threats across the internet, public information, and Mandiant’s research to create a more complete and contextual picture of threat intelligence. can.

Transform raw threat data into finished threat intelligence in machine-readable and human-readable formats. With LLM, you can take this automation to the next level, automating every step of the transformation from raw threat data to final information to new detection rules under expert human supervision. You will be able to In many cases, this allows customers to see the latest developments in near-finished form instead of days or weeks, and to immediately operationalize those insights.

Personalize your threat landscape to focus on the most relevant threats

Much of the threat landscape is irrelevant to most organizations. Focusing on the relevant threat landscape is therefore essential for all customers. Personalization of the threat landscape is made possible by her two methods:

Automated creation of personalized threat profiles

Simplify the expansion of analysts’ threat profiles by providing AI-based natural language search

Imagine automatically deriving a detailed, personalized threat landscape for your organization that evolves as new internal and external information becomes available. With the power of LLM, this is becoming a reality.

A personalized threat profile is automatically created for your organization and can be quickly queried using a simple conversational interface to ask questions such as “Why is this threat important?” . What impact has this actor had on its industry counterparts? Is this actor’s activity recent? What tactics, techniques, and procedures do they use? Only in my environment Why is I at risk? What actions should I take to mitigate the risks posed by this campaign, tool, or actor?

Share daily recommendations for security actions to take today, based on changes in the last 24 hours. For example, if an attacker is seen targeting your industry and using a new technology that you are exposed to, you will be notified and can quickly take mitigation measures.

If there is a significant change in the threat landscape or environment, it automatically provides actionable next steps.

Previously, this kind of personalization was available only to the largest and most sophisticated organizations. With LLM, Mandiant will be able to make this level of personalization available to all customers at scale.

Using LLM can make searching much more efficient. There is a huge amount of information available about threats, but much work needs to be done to categorize them and turn those insights into actionable ones. With LLM’s summarization capabilities, fully understanding threat topics becomes a thing of the past. Figure 1 shows his LLM-based summary of various threat intelligence artifacts associated with the query. Note that the flexibility of LLM allows you to provide a complete intelligence report summary with structured intelligence, customizing the scope and technical depth of the summary for different audiences.

