Cloud Security Podcast by Google

EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

Mar 3, 2025

Yigael Berger, Head of AI at Sweet Security, shares insights into the application of large language models (LLMs) for cloud security. He discusses the gap between LLMs' potential and their real-world effectiveness, especially in anomaly detection. Berger explains how LLMs analyze event sequences to enhance accuracy while managing noise. He also addresses the challenges SOC teams face with false positives and negatives, emphasizing the psychological barriers to embracing AI in security. Ultimately, he posits that LLMs may tip the balance in favor of defenders in the cybersecurity battle.

28:01

Creator website

Episode guests

Yigael Berger

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The podcast discusses how large language models (LLMs) can significantly enhance anomaly detection by providing nuanced insights into security incidents.

It emphasizes the necessity of balancing detection capabilities with actionable intelligence to improve incident management and mitigate threats effectively.

Deep dives

Innovative Use of LLMs in Security

The podcast highlights a creative application of large language models (LLMs) for anomaly detection within security frameworks. Instead of merely summarizing text or generating simple features, LLMs can be integrated deeply into security processes to enhance incident assessment. By utilizing LLMs to analyze input logs, they can identify the most significant evidence of potential threats, thus providing a more nuanced understanding of security incidents. This approach goes beyond traditional methods, enabling a storytelling element in security metrics that significantly increases the efficacy of threat detection.

Intro

2min

Enhancing Cloud Security with LLMs

5min

Enhancing Cloud Security with LLMs

9min

Navigating Acceptance of Automated Systems in Security

3min

Bridging the Gap: LLMs in Cybersecurity

9min

Guest:

Yigael Berger, Head of AI, Sweet Security

Topic:

Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains?
I know you use LLMs for anomaly detection. Explain how that “trick” works? What is it good for? How effective do you think it will be?
Can you compare this to other anomaly detection methods? Also, won’t this be costly - how do you manage to keep inference costs under control at scale?
SOC teams often grapple with the tradeoff between “seeing everything” so that they never miss any attack, and handling too much noise. What are you seeing emerge in cloud D&R to address this challenge?
We hear from folks who developed an automated approach to handle a reviews queue previously handled by people. Inevitably even if precision and recall can be shown to be superior, executive or customer backlash comes hard with a false negative (or a flood of false positives). Have you seen this phenomenon, and if so, what have you learned about handling it?
What are other barriers that need to be overcome so that LLMs can push the envelope further for improving security?
So from your perspective, LLMs are going to tip the scale in whose favor - cybercriminals or defenders?

Resource:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Get the app

Cloud Security Podcast by Google

EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Innovative Use of LLMs in Security

Shifting the Conversation on Detection and Response

Balancing LLMs' Impact on Attackers and Defenders

Remember Everything You Learn from Podcasts