Capturing weak signals across endpoints and predicting potential intrusion attempt patterns is a perfect challenge for Large Language Models to take on.
The goal is to mine attack data to find new threat patterns and correlations while fine-tuning LLMs and models.
Leading endpoint detection and response and extended detection and response vendors are taking on the challenge.
Enhancing LLMs with telemetry and human-annotated data defines the future of endpoint security.
Gartner predicts the endpoint protection platform market will grow from $14.45 billion today to $26.95 billion in 2027, achieving a compound annual growth rate of 16.8%. The worldwide information security and risk management market is predicted to grow from $164 billion in 2022 to $287 billion in 2027, achieving an 11% CAGR. VentureBeat recently sat down with Elia Zaitsev, CTO of CrowdStrike to understand why training LLMs with endpoint data will strengthen cybersecurity.
His insights also reflect how quickly LLMs are becoming the new DNA of endpoint security.
It's actually easier and less prone to hallucination to take a small purpose-built large language model or maybe call it a small language model if you will.
You can actually tune them and get higher accuracy and less hallucinations if you're working on a smaller purpose-built one than trying to take these big monolithic ones and make them like a jack of all trades.
We'll let the LLMs do some things, but then we'll also check the output.
We're ultimately basing the responses on our telemetry on our platform API so that there's some trust in the underlying data.
What you need is actually in many cases, a couple of thousand, maybe tens of thousands of examples, but needed to be very high quality and ideally what we call human-annotated data sets.
So as it turns out, because we've in many ways uniquely been investing in our human capacity and building up this high-quality human annotated platform data, we now all of a sudden have this goldmine this treasure trove of exactly the right kind of information you need to create these generative AI large language models, specifically fine-tuned to cybersecurity use cases on our platform.
It uses multiple LLMs, but it also uses non-LLM technology.
Zaitsev: The output that the user sees from Charlotte is almost always based off of some platform data.
We may take that data and then tell Charlotte to summarize it for a layperson.
Again, things that LLMs are good at, and we may train it off of our internal data.
The customer-specific data is not training into Charlotte, it's the general knowledge of vulnerabilities.
The customer-specific data is powered by the platform.
The LLMs get trained on and hold general cybersecurity knowledge, and in any case, make sure you're never exposing that naked LLM to the end user so that we can apply the validation.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact.
This Cyber News was published on venturebeat.com. Publication date: Sat, 30 Dec 2023 00:43:05 +0000