Integration of generative AI in investigation workflow greatly improves analyst efficiency and reduces mean time to resolution (MTTR) to cyberthreats
ADDISON, Texas – August 1, 2023 – Securonix, Inc., a leader in Unified Defense SIEM, today announced an integration with ChatGPT that brings generative artificial intelligence (AI) capabilities to improve efficiency, reduce investigation time, and speed problem resolution by allowing Security Analysts, Threat Hunters and Content Administrators to leverage the power of Large Language Models through ChatGPT to rapidly investigate and respond to threats.
The generative AI capabilities in Securonix Investigate enable security professionals to seamlessly ask AI models questions using natural language and view it side-by-side with all the context gathered by Securonix Investigate. As the investigation progresses, new and updated context is gathered to ensure analysts have the most up-to-date details possible. The knowledge and insights can then be instantly shared across the team or trusted groups, allowing security analysts to gain a deeper understanding of observations, which speeds investigations and reduces mean time to respond to threats.
“The widespread adoption of Large Language Models in generative AI, like ChatGPT, bolsters the capabilities of cybersecurity professionals everywhere,” said Nayaki Nayyar, CEO, Securonix. “The introduction of generative AI functionality into Securonix Investigate is the first step in a series of initiatives we are undertaking to improve cybersecurity operations. We remain steadfast in harnessing the power of innovation and deploying cutting-edge solutions that make our clients, partners and end users safer.”
Because using ChatGPT without the proper security controls in place can cause data leaks, the Securonix Investigate integration with ChatGPT includes customizable security controls to prevent leakage of sensitive information, such as internal IP addresses and domain names. Security teams can control access by allowing only those with expressed permission to use the function. Securonix also scrubs sensitive information within the responses received from ChatGPT. It uses audit logs to configure detections that alert organizations of any compliance issues or sensitive data leaks. Fixing initial prompts ensures a common frame of reference for Large Language Model searches within Securonix Investigate, and enforcing limits on responses decreases the likelihood of hallucinations. Most importantly, Securonix Investigate puts humans in the loop, providing a means for teams to cross-reference responses from Large Language Models against authoritative sources.
How Companies Can Use ChatGPT in Securonix Investigate
The generative AI integration in Securonix Investigate enables content administrators, security analysts and hunters to ask ChatGPT questions during an investigation via the Securonix Investigate window. For example, Threat Hunters can ask ChatGPT through Securonix Investigate for instructions on how to search for specific Indicators of Compromise (IOCs). Once the Threat Hunter has located the IOC, it can be copied into Securonix search and investigated in the Threat Hunter’s search environment. SOC Analysts can ask ChatGPT about unfamiliar technologies and quickly get a deeper understanding of the technology or turn to ChatGPT for assistance if they encounter an encoded PowerShell command to quickly integrate and understand the command’s purpose directly from the Securonix Investigate window without having to switch contexts. Content Administrators get a window search query by asking ChatGPT, and the resulting query string can be copied and run into the Securonix search function.
“Generative AI and Large Language Models are revolutionizing the cybersecurity landscape,” said Paul Battista, CEO, Polarity.io. “Integrating these tools into Securonix Investigate with Polarity enables our shared vision to uplevel security teams and dramatically improve time to resolution. The experience when using generative AI needs to be seamless for users and drive practical value while ensuring that the necessary security and privacy controls have been considered.”
Securonix will be showcasing the generative AI capabilities for Securonix Investigate at Black Hat, August 8-10, 2023, in booth number #2550. For more information or to meet with Securonix at the conference, please visit: https://www.securonix.com/event/black-hat-usa-booth-2550/.
Securonix is leading the evolution of SIEM for today’s hybrid cloud, data-driven enterprises. Securonix Unified Defense SIEM provides organizations with the first and only content-driven threat detection, investigation, and response (TDIR) solution built with a highly scalable data cloud and a unified experience from the analyst to the CISO. The innovative cloud-native solution enables organizations to scale up their security operations and keep up with evolving threats. For more information, visit www.securonix.com or follow us on LinkedIn, Facebook, and Twitter.
fama PR for Securonix