版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
TechnicalInsights:How
ChatGPTCanImproveSecurityOperations
DennisXu
©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.Thispublicationmaynotbereproducedordistributedinanyform
withoutGartner'spriorwrittenpermission.ItconsistsoftheopinionsofGartner'sresearchorganization,whichshouldnotbeconstruedasstatementsoffact.Whiletheinformationcontainedinthispublicationhasbeenobtainedfromsourcesbelievedtobereliable,Gartnerdisclaimsallwarrantiesastotheaccuracy,completenessoradequacyofsuchinformation.AlthoughGartnerresearchmayaddresslegalandfinancialissues,Gartnerdoesnotprovidelegalorinvestmentadviceanditsresearchshouldnotbeconstruedorusedassuch.YouraccessanduseofthispublicationaregovernedbyGartner’sUsagePolicy.Gartnerpridesitselfonitsreputationforindependenceandobjectivity.Itsresearchisproducedindependentlybyitsresearchorganizationwithoutinputor
influencefromanythirdparty.Forfurtherinformation,see"GuidingPrinciplesonIndependenceandObjectivity."
2023
Incand/oritsaffiliates
reservedGartnerisaregisteredtrademarkofGartner,anditsaffiliates
Agenda
1WhatIsGenerativeAI?
2WhatIsChatGPT?
3ChatGPTRisks
4UnderstandingWhereItFitsinSecOps
5SampleSecOpsUseCases
6PlanningforChatGPTUsageinSecOps
7TheFutureofChatGPTandSecOps
QuickIntroduction
toChatGPT
4©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
GPTmodelsaretransformer-based
deeplearningneural
networkarchitectures.
5©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
WhatIsGenerativeAI?
ChatGPT
AnOpenAIservicethatincorporatesaconversationalchatbotwithLLMtocreatecontent.Itwastrainedonafoundational
modelofbillionsofwordsfrommultiplesourcesandwasthenfine-tunedbyreinforcementlearningfromhumanfeedback.
LargeLanguageModels(LLM)
FoundationModels
GenerativeAI(GAI)
AIthatistrainedonvastamountsoftexttointerpretandgeneratehuman-liketextualoutput.
Largemachinelearningmodels.Theyaretrainedonabroadsetofunlabeleddata,adaptedtoawiderangeofapplicationswithfine-tuning.
AItechniquesthatlearnfromarepresentationofartifacts
fromdataandmodelswhichitusestogeneratenewartifacts.
Source:Gartner
6©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
WhatIsChatGPT?
ChatGPT
GPT-3
Prompt
Whatsecurityoperation
centertaskscanChatGPThelpwith?
7©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
WhatIsChatGPT?(Continued)
Textinput/output
Inputfilteringandprompt
preparation
(andconversation)
Outputacceptabilityfilteringandconversationpreparation
Sessioncontext
ClosedGPT-3model
Reinforcementlearningandhumanfeedbacktraining
RLHF
ClosedversionofGPT-3trainingdataandprocess
8©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
ChatGPTRisks
Note:ExamplesinthispresentationweregeneratedusingOpenAI’sGPT-3.5andareforillustrativepurposes
only.GPT-4isavailableforChatGPTbutisonlyavailablewithaChatGPTPlussubscriptioncurrently.
9©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
WhereChatGPTFits
WithSecOpsand
SampleUseCases
10©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
?
HowDoesChatGPTFitIntoSecOps?
•DetectionEngineering
•IncidentResponse
•VulnerabilityManagement
•AttackSurfaceManagement
凸
•Training
•OperationalizinganSOC
•MeasuringanSOC
SOC=SecurityOperationCenter
11©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
SampleUseCases:
DetectionEngineering
Analyzethislogmessage:
May116:17:43owl
sshd[9024]:Acceptedpublickeyforroot
from
01
port37384ssh2
12©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.andits
SampleUseCases:
DetectionEngineering
Createregular
expressionstoparsethislogmessage.
Validation:Useatoollike
/
toshowthatregexsuggestionswillparsethelog.
13©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
SampleUseCases:
DetectionEngineering
Createasigmarulethatwilldetect
bruteforceloginattempts
onWindows.
Validation:UseUncoder.IOtoValidateSigmaRules
14©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Turnthis
sigma
ruleintoaSplunkquery.
Validation:Thiscanbemoredifficulttovalidate,butitispossiblewith
simulatingloginfailures.
15©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.Gartner
SampleSecOpsUseCases—IncidentResponse
•ScriptUnderstanding
•Examples:
•Analyzethefollowingscript:<code>
•Doesthefollowingcodehaveanyvulnerabilities:<code>
•Validation:PeopleandProcess
•ResponsePlaybookCreation
•Examples:
•Createastep-by-stepplaybookonhowtoinvestigateransomwareonWindows
•Createastep-by-stepplaybook,withtoolsandcommandstorun,onhowtoinvestigateransomwareonWindows
•Validation:PeopleandProcess
16©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
SampleSecOpsUseCases—IncidentResponse
•IncidentInvestigationAdvice
•Examples:
•Givenanincidentwith<incident_title>,andincidentdescriptionof<incident_description>,howwouldyousuggestgoingaboutinvestigatingthissituation?
•Validation:PeopleandProcess
17©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
SampleSecOpsUseCases—Training
•TabletopScenarioGeneration
•Examples:
•Createatabletopcybersecurityexercisethatincludesanationstatetryingtohackintoafinancialinstitution
•Validation:People
•NewSecurityAnalysisGuidance
•Examples:
•Helpmeunderstandhowtoanalyzelogdataforsignsofintrusion
•Validation:PeopleandProcess
18©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Planningfor
ChatGPTUsage
19©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
PlanningforChatGPTUsageinSecOps—
ResetExpectations
•CanMakeUpThings,“Hallucinations”
•NoSilverBullet
•ItCan’tConnecttotheInternet
•Security,PrivacyandGovernanceAreImportant
•DeterminingAccuracyIsNotEasy
–RequiresExperiencedAnalysisofResults
•GeneratesaStartingPoint
20©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
PlanningforChatGPTUsagein
SecOps—Governance
•EstablishProperUsageRules
–GiveUsersTraining
–OnlySeniorStaffCanUseIt
–JuniorStaffCanUseItUnderSupervision
21©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
PlanningforChatGPTUsageinSecOps—
Governance(Cont’d)
•DefineDataSanitizationStandards–PII
–PHI
–IPAddresses
–Usernames
–Geolocations
PII=PersonallyIdentifiableInformationPHI=ProtectedHealthInformation
22©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
PlanningforChatGPTUsage
—PickUseCases(UCs)
•IdentifyyourcommonSecOpsUCs—donotpicktime-sensitiveones
•IdentifyUCsnotdependentonsensitiveorcorporatedata
–UseOpenAI’sChatGPTforexperimentation
•RefineUCs,possiblyusingpromptengineering
AllrightsreservedGartnerisa
trademarkofGartner,Incanditsaffiliates
PlanningforChatGPTUsageinSecOps—
EstablishOversight/Monitoring
•MentorandMonitorJuniorStaff
–ReviewWorkLogs,Reports,etc.
•TrackAccuracy
–CreateKnowledgeBaseof
ChatGPTPromptsandResponsesWithAccuracyAssessment
–RefineUseCasesasNeeded,PromptEngineering
24©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
PlanningforChatGPTUsagein
SecOps—ValidateResults
•EstablishaValidationMindset
•IdentifyToolstoAidinValidation
–People
–Process
–Technology
•ContinuallyValidateResults,EarlyandOften
25©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
PlanningforChatGPTUsageinSecOps—Putting
ItAllTogether
IdentifyYourSecOpsUCs
Noncorporate-SpecificUCs
RefineUCs
EstablishProperUsageRules
EstablishDataSanitizationStandards
Establish
ValidationMindset
IdentifyToolstoAidinValidation
Continually
ValidateResults
MentorJuniorStaff
MonitorJuniorStaff
TrackAccuracy,RefineUCs
EstablishOversight/Monitoring
EstablishSomeGovernance
Reset
Expectations
PickUseCases(UC)
ValidateResults
NoSilverBullet
ItCan’tConnecttotheInternet
CanMakeUp
Things,
“Hallucinations”
Determining
AccuracyIsNot
Easy
GeneratesaStartingPoint
26©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
FutureofChatGPT
andSecOps,andCommonPitfalls
27©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
TheFutureofChatGPTandSecOps
•ItWillGetBetterOverTime
•WatchforGenerativeAIFromExistingProviders
•MoveAwayFromChatGPTInterfaceandTowardNativeVendorIntegration,e.g.,
MicrosoftSecurityCopilot,andSoOn
•DemocratizationofSecOps
•HelpReduceMTTR,PossiblyMTTD
•GenerateThreat-HuntingHypotheses
MTTR=MeanTimetoRecoverMTTD=MeanTimetoDetect
Pitfalls
•ExposingPrivate/SensitiveDatainChatGPTInterface
•JumpinginRatherThanExecutingaPhasedApproach
•NotValidatingResults
•UsingTime-SensitiveorReal-TimeUseCases
29©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Recommendations
oEstablishagovernanceandoversightprocessforthe
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2025年急诊科护理理论考试含答案
- 2025届安徽省滁州市来安中学高三二诊模拟考试化学试卷含解析
- 工程类成本知识
- 护理责任组长如何管理病人
- 贵州省贵阳市云岩区第十七中学2024-2025学年九年级下学期3月阶段物理试卷(含答案)
- 了解网络安全
- 云南省彝良县民族中学2025届高三第二次调研化学试卷含解析
- 2025年学校防震应急演练工作实施方案
- 黑龙江省绥化市安达七中2025届高三适应性调研考试化学试题含解析
- 广东珠海二中、斗门一中2025届高三第一次调研测试化学试卷含解析
- 厂房电费收租合同范例
- 利用DeepSeek提升教育质量和学习效率
- 2025健身房租赁合同范本模板
- 邢台2025年河北邢台学院高层次人才引进100人笔试历年参考题库附带答案详解
- 2025年长春职业技术学院单招职业技能考试题库汇编
- 中考政治复习方案第二单元法律与秩序考点16违法犯罪教材梳理
- “三新”背景下高中文言文教学难点突破策略
- MOOC 计算机组成与CPU设计实验-江苏大学 中国大学慕课答案
- 第一次月考测试卷(试题)-2023-2024学年人教版六年级数学下册
- IEC60826线路设计中文版
- 学生资助政策宣传主题班会PPT课件
评论
0/150
提交评论