当前位置:首页 > 报告详情

不那么秘密的特工:部署人工智能以优化安全运营.pdf

上传人: 竿*** 编号:982109 2025-11-29 30页 3.26MB

1、#SECTORCA BlackHatEventsNot-So-Secret Agents:Deploying AI to Optimize Security OperationsJimmy Astle#SECTORCA BlackHatEvents cat/etc/speaker_profileDirector,Machine Learning at Red Canary(a Zscaler company)16 years of extensive experience in incident response,threat intelligence,endpoint security R&

2、D,and cyber security testing.Passion for Blue/Red Teaming and scaling security operations via ML/AINot-So-Secret AgentsNot-So-Secret AgentsDeploying AI to Optimize Security Deploying AI to Optimize Security OperationsOperations#SECTORCA BlackHatEventsAgenda The Foundation:Agentic AI vs.Automated Wor

3、kflows The Recipe:Building the Core of an AI Agent The Orchestration:Connecting Agents with LangGraph Live Demo:The AI Analyst in Action The Payoff:Measuring Speed,Accuracy&Value Conclusion&Q&ANot-So-Secret AgentsNot-So-Secret AgentsDeploying AI to Optimize Security Deploying AI to Optimize Security

4、 OperationsOperations#SECTORCA BlackHatEventsQuick Agents Intro#SECTORCA BlackHatEventsCase SummaryLessons/KBGap FinderDetection GeneratorResponseApproval OrchestrationForensics Collection&AnalysisIOC LookupsEntity/AssetExposure/Vuln AssessmentsDedup/ScoreFirst-LookQueue routingWhat are Agents?Jobs

5、to be done in the SOCCorrelate+TimelineQuery/HuntingRoot Cause“What are Agents?AI systems that can think and act like an analystusing reasoning and tools to autonomously achieve complex security goals.”Intake/TriageEnrich/ContextInvestigateRespond/Orch.Learn/ImproveBlue-Classic Automation Red-AI Aug

6、mentationNot-So-Secret AgentsNot-So-Secret AgentsDeploying AI to Optimize Security Deploying AI to Optimize Security OperationsOperations#SECTORCA BlackHatEventsAgent Operating Models#SECTORCA BlackHatEventsAgent Mode 1:The CopilotAgent Mode 1:The CopilotHuman Control Level:HIGHThe analyst is always

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,本文主要探讨了如何通过部署AI优化安全运营。以下是关键点: 1. **AI代理**:AI代理可以像分析师一样思考和行动,自主实现复杂的安全目标。 2. **代理模式**:包括三种模式:Copilot(高控制)、Interceptor(高控制)和Swarm Coordinator(低控制)。 3. **自动化挑战**:处理OSQuery数据,分析师需要查询和关联至少39个数据表。 4. **构建代理核心**:通过定义目标、准备数据、指导代理和选择引擎四个步骤。 5. **选择LLM**:GPT-4o、GPT-4.1和GPT-5是可选的模型,根据需求选择。 6. **上下文工程**:通过系统提示和用户提示指导代理。 7. **LangGraph**:用于并行处理和状态管理。 8. **评估AI分析师**:考虑速度、准确性、一致性和成本。 9. **构建信任**:通过一致性验证和准确性验证建立信任。
安全运营优化" 效率革命" 自动化新篇章"
客服
商务合作
小程序
服务号
折叠