Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

Today, autonomous cybersecurity vendor SentinelOne announced the launch of a new threat hunting platform, which combines neural networks with a natural language interface based on LLMs including GPT-4.

The SentinelOne threat hunting platform ingests, aggregates and correlates data from endpoint, cloud service and network logs and acts as an automated assistant that security analysts can use to ask threat-hunting questions and trigger automated response actions.

“We’re not only allowing you to ask questions, we’re also allowing you, through a complete natural language interface, [to] invoke actions and automate and orchestrate response in a complete, intuitive way,” said Tomer Weingarten, CEO of SentinelOne, in an interview with VentureBeat. 

For instance, a user can ask the system in natural language to find potential successful phishing attempts involving PowerShell, or to find all potential Log4j exploit attempts; receive a written summary of this information; and if necessary, trigger an automated response.


VB Transform 2023 On-Demand

Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.


Register Now

“With this system, we believe that you unlock so much productivity that in essence, every security analyst is now 10 times the security analyst,” Weingarten said.

SentinelOne’s place in the generative AI security race 

SentinelOne’s announcement, made at the RSA Conference 2023 in San Francisco, came just weeks after Microsoft released a GPT-4-powered AI security assistant called Security Copilot, and less than two weeks after threat intelligence provider Recorded Future announced the launch of its own GPT-driven security solution which can create written threat reports on demand. 

While the generative AI security race is just beginning, with the wider market estimated to grow from $11.3 billion in 2023 to $51.8 billion by 2028, Weingarten argues that the SentinelOne solution’s ability to automate remediation actions differentiates it from competitors like Security Copilot, which primarily summarizes breach activity.

“Let’s say you know someone sent a malicious phishing email, and it arrived at the user inbox and was detected as something malicious. Automatically, by virtue of understanding the anomaly in that audit process execution on the endpoint, from there the system can immediately remediate everything,” said Weigngarten.

In this case, the platform could remove files from impaired endpoints and block the sender immediately in real time, with minimal intervention from a human analyst.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.