Cybersecurity firm SentinelOne Inc. said today it’s integrating generative artificial intelligence with its extended detection and response tools to help companies identify malicious attacks on their information technology systems.

The company announced at RSA Conference 2023 a new threat-hunting platform available now in limited preview that leverages generative AI to help improve the productivity of security teams.

SentinelOne is the creator of a popular XDR platform that’s used by enterprises to spot malware lingering within their computer systems. It’s powered by machine learning algorithms which can identify security breaches as they occur, across cloud environments, employee endpoints and connected devices. Security teams can use it to revert compromised systems to an earlier, more secure state and prevent intrusions from causing any major damage.

The new threat-hunting platform fuses its existing machine learning algorithms with a large language model that has humanlike conversational capabilities similar to OpenAI LP’s ChatGPT. It allows security professionals to ask complex questions and run operational commands in natural language, so they can get the insights they need to spot attacks faster.

For instance, SentinelOne said teams can ask the tool to identify any users who are logged into more than 20 endpoints, or any machines running a program called nordvpn, which could indicate an attack in progress. Alternatively, they could ask to see a list of company devices communicating with China. Depending on the organization, that could be a red flag that would warrant further investigation.

The platform works by aggregating and correlating information from device and log telemetry across endpoints, clouds, network and user data to answer such questions. Not only will it respond immediately, but it will also provide recommended response actions, allowing users either to investigate something suspicious more deeply or to mitigate the threat if such action is deemed to be warranted.

“By allowing users to automate response and take action without the need for coding skills and process and analyze petabytes of data in near-real time, it promises to radically simplify security operations and empower defenders in unprecedented and unforeseen ways,” said SentinelOne Chief Product and Technology Officer Ric Smith.

SentinelOne Chief Executive Tomer Weingarten said generative AI could bring about a paradigm shift in how cybersecurity operations are handled. He pointed out that the company’s new tool effectively gives attackers a taste of their own medicine, as malicious actors are increasingly using their own AI tools to infiltrate networks at more rapid speeds.

“With our unmatched experience and capabilities, organizations can quickly scale their cybersecurity operations to stay ahead of these evolving threats and create a strong structural foundation for cybersecurity defenses for years to come,” Weingarten said. “AI is among the most disruptive technologies of our time, and with our new capabilities, we can unleash its power to help companies control all aspects of enterprise security — from visibility to response — with unmatched speed and efficiency.”

Image: Freepik