ChatGPT is already helping security data lake adoption. That makes sense because it’s a cheat code against the SQL language barrier. While security data lakes are known to be up to 90% more cost effective than legacy SIEMs as a data platform, they require data skills that are still rare in security orgs. From normalization to detection and investigation, the data platform needs to understand what the SOC is trying to do and the SOC needs to understand what the data platform is telling it. That's been a holding back some teams from doing more with the security data lake model. Enter the LLM hype train. Choo choo! Everyone is talking about this new technology and for good reason- there's a meaningful shift in what computers can do for us now. I've been particularly impressed with how Anvilogic created a detection engineering assistant that takes a question in plain English ("where do we have powershell events that connect with a remote IP?") and converts it to SQL for use in threat detection. This is the kind of product innovation that takes the raw potential of Snowflake for cybersecurity and democratizes it in a way that any size team can benefit. If you believe that ChatGPT is the real deal, believe that security data lake adoption is going to become easier and more mainstream over time. #securitydatalake #cybersecurity
?? agreed! This is something we have been experimenting with at Monad as well. Getting analysts 90% of the way to generate SQL statements, with the last 10% being validation, really helps them make sense of the data. It's exciting to see how technology like these LLM aligns with our vision for the future. Let's keep pushing the boundaries of what's possible and continue to democratize data for security teams! ??Here's a snippet from our product as well showcasing our innovative approach in action
Question - is SQL not that common? Granted before working at Snowflake 100% of my SQL experience was from DBA work and mostly with MySQL, and a bit of Postgres. I know first hand the SQL you learn as a DBA is nothing like the SQL you use in data engineering/analytics/science. However that’s also why we can use Python UDFs
we're overdue to chat about https://www.louie.ai , we're getting picked up especially for security data lakes (splunk + graph db + cloud lake) -- the wave of text2sql addons is kind of the weekend hackathon version, which is different from what's happening in "generative ai"-first rethinkings here
This is where AI bots can help level up analysts. Many SIEMs offer bring your own data science with notebooks but it can take a long time for an analyst to feel comfortable with creating their own. So I see this helping them getting to faster decisions which is great. For example having it explain to a new analyst how ipconfig, whoami, and net use can be used in recon is certainly helpful. Now helping them understand that this user is a sysadmin and was troubleshooting will take longer but that is what the other ML is for. The faster to the proper decision the better!
Well said, Omer Singer, and thanks for highlighting us. I totally agree that making the lives of security analysts easier to build/deploy detections happens at multiple levels - in this example, LLMs make it possible to use simple language to get security navigation and code but not just general information rather specifically trained on our schemas and labels so that the returning answer is ready-to-deploy code that is guaranteed to produce actionable results. This is only going to get better!
Awesome Omer Singer! People can also see our Chatbot in action in this video: https://youtu.be/2x9mf4Fxeg0 OR catch the webinar this Thursday for a more in-depth walk-through: https://www.anvilogic.com/learn/wb-detect
So true and this modern approach is the future ??
I was anticipating one such post, thanks for sharing Omer !
More on this at: https://www.anvilogic.com/learn/unified-detect