0:38 > Here's an example. Say you put an LLM on your EDR. Thousands of security events go by every day, and over time, the LLM begins to learn what is normal background network traffic, isolating the few events that are anomalous. Those are the ones that the analyst should really focus on. This is a simple signal-to-noise example because it saves time, and it relieves the tedium that junior-level analysts have chasing down false positives. Language models are able to learn patterns, but they don't learn good from bad on their own. So, you would still have to classify what good network traffic versus bad network traffic likes, and it's unclear whether it could determine new bad network patterns on its own. And you would have to intentionally program a training cycle every now and then, let's say once a day, for them to learn anything. They don't learn by just observing data.
0:38
> Here's an example. Say you put an LLM on your EDR. Thousands of security events go by every day, and over time, the LLM begins to learn what is normal background network traffic, isolating the few events that are anomalous. Those are the ones that the analyst should really focus on. This is a simple signal-to-noise example because it saves time, and it relieves the tedium that junior-level analysts have chasing down false positives.
Language models are able to learn patterns, but they don't learn good from bad on their own. So, you would still have to classify what good network traffic versus bad network traffic likes, and it's unclear whether it could determine new bad network patterns on its own. And you would have to intentionally program a training cycle every now and then, let's say once a day, for them to learn anything. They don't learn by just observing data.