Beyond the Basics: The Role of LLM in Modern Threat Intelligence

Описание: Threat intelligence is replete with challenges, necessitating a large experience, knowledge, and techniques to really understand the threat landscape, the TTPs, and to accurately track threat actors. Given this context, it is crucial to innovate and introduce the tools and techniques to both the current and next generation of analysts who stand to benefit from shared experience. A promising avenue of innovation is the advent of large language models (LLMs). The widespread accessibility of these tools undoubtedly heralds a new era of innovation. However, practical questions arise: How do we effectively harness this technology? How might it address existing challenges? And, most crucially, how can it assist in tracking threat actors and empowering threat analysts? In this presentation, we will share some of our experiments in relation to LLMs. we will discuss the fundamental concepts and their application in Threat Intelligence. As organizations wrestle with the daunting task of finding the appropriate talent, analysts and security professionals face mounting pressure due to the vast volume of data, and increasingly sophisticated threats. LLMs emerges as a powerful solution, providing opportunities to streamline, enhance, and analyze information more effectively to better understand and analyze the threat landscape. We will kick of our presentation by providing a high-level overview of the fundamentals of large language models then we will discuss about the current techniques commonly used in prompt engineering (use to optimize the efficacy of large language models). We will delve in details about few-shot learning, role prompting, RAG and we will also discuss about implementing LLM agents to automate threat intelligence processes. Attendees will gain practical insights into how LLM can be utilized to maximize the efficacy of Threat Intelligence processes while also being aware of potential challenges and limitations. The presentation will not simply sing the praises of LLM; instead, it will offer a constructive and practical approach to using these new tools for empowering security analysts around the world. At the end of the presentation, you will have a clear understanding of how to use these tools not only to enhance your daily work but also to expand your application of LLMs across various domains.

Key takeaway:
-Understanding of LLMs: Attendees will gain a comprehensive understanding of how large language models function within Threat Intelligence.
-Harnessing LLMs: Attendees will learn the optimal strategies and techniques, from prompt engineering to the specifics of few-shot learning, role prompting, and RAG.
-TI Automation with LLM Agents: Attendees will explore how to leverage LLMs for automating threat intelligence processes.
-Enhancing TI Processes: Attendee will discover how to optimize and refine Threat Intelligence processes using AI tools.
-Understanding the Challenges: They will also understand potential pitfalls, limitations, and challenges inherent to using LLMs in the security domain.

View upcoming Summits: http://www.sans.org/u/DuS

SANS Cyber Threat Intelligence Summit 2024
Beyond the Basics: The Role of LLM in Modern Threat Intelligence
Thomas Roccia, Senior Security Researcher, Microsoft
Roberto Rodriguez, Principal Security Researcher, Microsoft