Excerpt List with Citations
Morgan (2024)
By 2025, the global data storage is expected to reach a staggering 200 zettabytes (Morgan,
2024).
With the proliferation of internet usage, it is projected that by 2030, about 8.5 billion
people, or 90% of the world’s population, will be connected online, increasingly transferring
sensitive information such as personally identifiable information (PII), a valuable
commodity targeted by malicious actors for trade, sale, or storage (Morgan, 2024).
This surge in data and digital activity emphasizes the critical need for securing vast
quantities of information and personal data (Morgan, 2024).
According to Morgan (2024), the growth in data will necessitate the securing of
approximately 338 billion lines of software code by 2025.
This is a monumental task, as the software landscape, particularly in the Internet of Things
(IoT), contributed to an estimated $339.1 billion market share in 2022 (Morgan, 2024).
This market is projected to continue growing steadily with a compound annual growth rate
(CAGR) of 12.7% (Watters, 2023), encompassing personal devices that are integral to
modern life and performance (Juanillo, 2024) (Morgan, 2024).
Sumo Logic (2022)
Security Operations Center (SOC) analysts face substantial challenges in protecting
organizational digital assets (Sumo Logic, 2022).
According to the Cisco 2019 CISO Benchmark Study, a staggering 49% of security alerts
remain uninvestigated (Sumo Logic, 2022).
Even when alerts are investigated, only 24% are considered legitimate (Sumo Logic, 2022).
Of these legitimate alerts, only 43% are remediated (Sumo Logic, 2022).
This inefficiency is largely attributed to several complex factors, which will be further
explored in subsequent sections (Sumo Logic, 2022).
ORCA
ORCA reports that a significant portion of SOC analysts are inundated with an
overwhelming number of public cloud security alerts daily (ORCA).
With 59% receiving more than 500 alerts and 38% receiving over 1,000 (ORCA).
Furthermore, many of these alerts are false positives, with 81% of respondents indicating
that more than 20% of the alerts they receive fall into this category (ORCA).
Gennari et al. (2024)
Practical, applied evaluations of Large Language Models (LLMs) in cybersecurity contexts,
especially for tasks like analyzing network traffic and cyber events, are crucial for
understanding their true potential (Gennari et al., 2024).
These models, with their exceptional ability to process and interpret large datasets, are
well-suited to respond to cyber events in real-time (Shaker et al., 2020) (Gennari et al.,
2024).
Current research highlights that LLMs can significantly enhance the efficiency of
cybersecurity operations (Gennari et al., 2024).
These models reduce the cognitive load on human analysts, improving both the speed and
accuracy of threat detection and response (Gennari et al., 2024).
Such technological support is essential in managing the rising volume of cyber incidents
that organizations face (Shing-hon Lau et al., 2024) (Gennari et al., 2024).
Stanham (2023)
One of the main advantages of LLMs for tier-one cybersecurity specialists is their
continuous learning capability (Stanham, 2023).
By adapting to new and emerging threats, these models provide up-to-date information and
recommendations, thus enhancing decision-making processes within cybersecurity
operations (Stanham, 2023).
This ability to evolve ensures that security teams stay ahead of potential threats (Stanham,
2023).
Brown et al. (2020)
Leveraging the data processing power of LLMs enables security operations to achieve
greater efficiency and accuracy, which ultimately strengthens overall defense mechanisms
(Brown et al., 2020).
This proactive approach to identifying and mitigating cyber threats is crucial for reducing
the potential damage caused by attacks (Brown et al., 2020).
IBM (2024)
Leveraging the data processing power of LLMs enables security operations to achieve
greater efficiency and accuracy, which ultimately strengthens overall defense mechanisms
(IBM, 2024).
This proactive approach to identifying and mitigating cyber threats is crucial for reducing
the potential damage caused by attacks (IBM, 2024).
Gupta et al. (2023)
LLMs excel at identifying patterns within network traffic, generating detailed reports, and
even predicting potential threats based on historical data (Gupta et al., 2023).
These capabilities are vital for cybersecurity teams, enabling them to act quickly and
mitigate risks before they escalate (Gupta et al., 2023).
ChatGPT-powered use cases in cybersecurity can greatly relieve the workload of
understaffed SOC teams by automating routine tasks and reducing the exposure to cyber
risks (Gupta et al., 2023).
The technology is also invaluable for educating and training entry-level security analysts,
offering them a steeper learning curve than traditionally possible (Gupta et al., 2023).
The natural language processing capabilities of these models allow them to interpret and
respond effectively to security incidents, facilitating faster and more informed responses
(Yigit et al., 2023) (Gupta et al., 2023).
Yigit et al. (2023)
This includes the use of LLMs to analyze network traffic and identify potential security
breaches (Yigit et al., 2023, p.19).
Shing-hon Lau et al. (2024)
Machine learning models can adapt to new threats and provide real-time insights (Shinghon Lau et al., 2024, p. 12).
This is particularly useful in network traffic analysis and intrusion detection (Shing-hon Lau
et al., 2024, p. 15).
Brahim (2022)
Each algorithm offers unique benefits, such as learning from labeled data or identifying
hidden patterns without prior knowledge (Brahim, 2022, p. 2).
Supervised learning algorithms are commonly used in cybersecurity for tasks such as spam
detection and malware classification, where they learn from labeled datasets to make
predictions about new, unseen data (Brahim, 2022).
Dhoni et al. (2024)
Modern IDS leverage LLMs to analyze network traffic in real time, detect intrusions, and
provide actionable insights to cybersecurity professionals (Dhoni et al., 2024, p. 9).
Dhoni et al. (2023)
Generative AI can create normal behavior models for various systems or networks. The AI
can quickly detect potential security breaches or intrusions when any deviation from this
normal behavior occurs. This approach is particularly useful for identifying insider threats
and other stealthy attacks that might go unnoticed by traditional rule-based systems (Dhoni
et al., 2023, p. 7).
Michael et al. (2024)
This approach ensures a comprehensive assessment of the models' capabilities in realworld scenarios (Michael et al., 2024, p. 6).
Nsoh (2021)
These evaluations should test the models' ability to understand context, adapt to dynamic
situations, and provide accurate and reliable responses (Nsoh, 2021, p. 22).
Dhoni et al. (2024)
A comprehensive evaluation of LLMs in cybersecurity should include not only theoretical
assessments but also practical exercises that require the models to perform specific tasks,
such as identifying vulnerabilities or responding to simulated cyber-attacks (Dhoni et al.,
2024).
Killian (2024)
A crucial element was the Open-Interpreter library, which enables users to connect large
language models (LLMs) to their operating systems (Killian, 2024).
Kissel (2021)
However, these systems are expensive and not simple to operate. LLMs offer a more
efficient and flexible alternative by providing advanced analytics and real-time insights
without the need for extensive manual tuning (Kissel, 2021, p. 3).
0
