NSFGPT is a large security model tailored for the security industry, based on the Security Large Language Model (SecLLM) as the core technology, and combining NSFOCUS’s 20 years of expertise in network security and 10 years of experience in AI security research and practice. It leverages a massive amount of professional security knowledge to train, and builds a network security decision support system that covers various scenarios such as security operations, detection and response, attack and defense exercises, knowledge Q&A, etc.
In a report titled How Generative AI Impacts China’s CIOs and Security Teams1, released by Gartner, a global IT research and consulting firm, in October 2023, NSFGPT was cited as evidence for this report.
The report analyzes the scenarios, value and challenges of applying large models to security, as well as the current and future trends of generative AI (large models) security applications.
The report mentions that generative AI technology can be used for vulnerability discovery, by highlighting the issues in the code snippets entered in the prompts, or scanning the source code; generative AI technology can also assist in security analysis and threat intelligence applications, by marking compliance checkpoints in the organization’s security control system, and preparing the required evidence for each checkpoint, as well as integrating multi-source threat intelligence, and customizing the fused intelligence according to the organization’s priorities; Handling recommendations mainly involve changing the security control recommendations, as well as creating new or improved detection rules; content summary mainly uses natural language and dialogue interaction to generate security reports, answer security questions, and display attack paths and timelines. In the future, generative AI security applications will also extend to detecting zero-day vulnerabilities, automating response orchestration and other security fields.
We believe that the generative AI security application scenarios described in the Gartner report are highly aligned with the positioning and application scenarios of the NSFGPT large model, and these security capabilities are also the original intention of NSFOCUS to develop NSFGPT.
NSFGTP Core Capabilities
Enhancing Security Operations
In dealing with large amounts of security alarm data, the traditional method involves creating a general noise reduction rule table, and performing business false alarm configuration, policy optimization and scenario classification for different customer application scenarios. This process is time-consuming and requires operators to have a certain level of security operation experience, and to configure the classification rules according to different customer scenarios.
To improve the efficiency of security operations, NSFGPT large model launches automatic noise reduction and triage functions, which can be flexibly adjusted according to the intent, thereby improving the efficiency of operators (L2) in the “policy optimization” stage. In addition, noise reduction and triage combined with priority recommendation and result prediction, help to significantly improve the event handling efficiency of monitoring personnel (L1). This comprehensive and intelligent automated solution effectively avoids the problems of expert experience dependence, high time cost and high configuration complexity in the traditional method.
Speeding Up Threat Investigation
In the investigation stage of traditional security operations, operators need to use professional tools to extract the event payload, and then combine threat intelligence, sample restoration and other means to judge whether the attack is a false alarm, whether the attack is successful or not, and the type and method of the attack. The investigation process relies heavily on the operator’s experience, and usually takes several days to more than a month to complete a comprehensive investigation of complex events.
To comprehensively improve the efficiency of the investigation stage, NSFGPT realizes automated event investigation based on event correlation information (including payload, attack source, log, etc.), and provides corresponding evidence. At the same time, the AI analysis results can assist the investigation personnel (L2) to summarize and report in the form of form pre-filling, dialogue records, etc., thereby significantly improving efficiency. In this way, users can more quickly and accurately judge the nature of the event, reduce the excessive dependence on expert experience, and achieve rapid response and handling of complex events.
Automating Penetration and Evaluation
Carrying out penetration testing work requires Security service personnel to take a day or even several days. NSFGPT can assist service personnel in penetration testing, automate the generation of test reports, and improve the efficiency of security services.
Generating Detection Rules Automatically
When a vulnerability is disclosed, the traditional way is that security vendors produce vulnerability detection and protection rule packages, and the customer downloads the packages and patches the vulnerability, which is time-consuming. NSFGPT automatically generates and issues detection rules, and responses in minutes, greatly reducing the risk.
NSFGTP Core Values: Reducing the Need for Manual Intervention
Based on the new research paradigm of “Pre-training and Fine-Tuning”, NSFOCUS focuses on building a large model dedicated to the security industry, and intelligently solves complex security problems faced in the attack and defense scenarios. Through the following four aspects to carry out technical upgrades, NSFGPT provides customers with intelligent threat response and defense capabilities.
Easy: Simple LUI, no expertise required
Different from the fixed layout and design of traditional GUI, through security corpus learning, NSFGPT provides users with a natural language interface LUI that “understands security”. Even if users do not have security knowledge, NSFGPT can also analyze customer problem intentions through semantic understanding and provide professional, rich and accurate answers.
Fast: Quick Access to Professional knowledge, dynamic security services provided in time
Large language model training data is usually subject to time constraints. To improve the efficiency of security data and services, NSFGPT supports accessing different external data sources or security knowledge bases, obtaining reliable real-time data and professional domain knowledge, and achieving efficient and real-time query of threat intelligence and security knowledge.
Accurate: Tool Collaboration and Function Expansion to Solve Complex Security Problems
Relying on the powerful plug-in and tool calling ability, NSFGPT can intelligently schedule the required security controls, plug-ins and security small models to assist users in analysis and decision-making, better complete specific or complex tasks, and improve productivity.
Safe: Trusted and Secure Model for a worry-free digital world
Large language model as an artificial intelligence algorithm application, the security risks it faces cannot be ignored. Therefore, to ensure the model’s inherent and derived security, NSFGPT builds a complete algorithm governance framework, model operation risk prevention and control, and life cycle quality management system.
Integration of NSFGPT Capabilities
At present, NSFOCUS has integrated the NSFGPT capabilities in multiple products and solutions, such as NSFOCUS Intelligent Security Operations Platform and Security Services.
NSFGPT has taken a milestone step in improving the efficiency and accuracy of security operations, reducing the threshold of security operations, and personalizing customization. Through the implementation of automation and intelligence functions, NSFGPT has brought new breakthroughs to network security protection, and will provide more comprehensive, efficient and personalized security services for organizations of any size in the future.
Reference:
[1] Gartner, How Generative AI Impacts China’s CIOs and Security Teams, 23 October 2023
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
