10 Cool New Cybersecurity Tools Announced At RSAC 2023

SentinelOne Threat Hunting Tool

In what it’s calling a major advancement for security using generative AI, SentinelOne announced a new threat hunting tool for its Singularity platform that utilizes a large language model (LLM) in an effort to dramatically improve productivity for security analysts. SentinelOne is referring to the new generative AI-powered threat hunting tool as “Purple AI,” the company told CRN.

Analysts will be able to use the new generative AI interface in the Singularity Skylight platform to ask questions about threats in a customer’s environment — for instance, “is a certain threat actor present in this environment?” or “are there threat actors affiliated with China in my environment?” The ability to use natural language to query a system will offer massive time-savings to analysts and will allow security teams to respond to more alerts and catch more attacks, said Ric Smith, chief product and technology officer at SentinelOne.

The generative AI technology will also excel at providing analysts with summarizations of results, which “also alleviates some of the tedium around doing the actual analysis,” he said. As an example, analysts will be able to have the system tell them, “‘This is lateral movement. This is something that you should be aware of,’” Smith said.

Ultimately, a main goal of implementing generative AI technology in this way is around “making threat hunting more accessible,” he told CRN. With existing threat hunting platforms, “it’s pretty daunting [to use them]. You have to have a high level of skill to interact with these things,” Smith said. With the addition of this generative AI technology, however, SentinelOne believes the technology can now enable security operations center teams to scale up their threat-hunting activities, he said. “We think this will be a better method of general threat hunting.”

The large language model that’s helping to power the new threat hunting tool leverages both open-source and proprietary offerings in the space that are not being disclosed, Smith said. SentinelOne is also training the model on its own data and is doing “quite a bit of fine tuning” on the LLM to customize it for the security domain, he said.

The new SentinelOne threat hunting tool will initially be offered as an add-on to the Singularity Skylight platform, and is now in limited preview. Details about wider availability are not being released yet.