SuriCon 2024 - Supercharging Security with RAG

Anthony G. Tellez2 min read
RAGLLMAISecurity AnalyticsBNY MellonConference

Presented BNY Mellon's flagship innovation for security analysts at SuriCon 2024 in Madrid, demonstrating how Retrieval-Augmented Generation (RAG) revolutionizes security operations.

Conference Details

Event: SuriCon 2024 Madrid Location: Madrid, Spain Date: November 2024

Overview

This presentation showcases a practical implementation of Large Language Models (LLMs) and RAG technology to supercharge security analyst workflows at a global financial institution.

Key Topics

Retrieval-Augmented Generation (RAG)

How RAG technology transforms security operations:

  • Context-aware assistance - LLMs with institutional knowledge
  • Semantic search - Finding relevant detections across thousands of rules
  • Natural language queries - Analysts ask questions in plain English
  • Knowledge retention - Preserving tribal knowledge and best practices

Rule Development Acceleration

Practical applications for security analysts:

  • Automated rule generation from threat intelligence
  • Converting natural language to detection logic
  • Template suggestions based on similar detections
  • Best practice recommendations

Redundancy Detection

Solving a critical problem at scale:

  • Identifying overlapping detection rules
  • Finding gaps in coverage
  • Optimizing alert fatigue
  • Consolidating duplicate logic

Threat Intelligence Automation

Streamlining intelligence workflows:

  • Automated IOC extraction and correlation
  • Threat actor TTPs to detection rules
  • MITRE ATT&CK framework integration
  • Continuous intelligence feed processing

Business Impact

Quantifiable improvements in security operations:

  • Faster time-to-detection - Rapid rule deployment
  • Reduced analyst burden - Automation of repetitive tasks
  • Improved coverage - Systematic gap analysis
  • Knowledge scaling - Junior analysts with senior-level context

Technical Implementation

Architecture and approach:

  • Vector databases for semantic search
  • LLM orchestration with retrieval context
  • Integration with existing SIEM platforms
  • Governance and auditability for regulated environments

Presentation Materials

Watch Video

Download Slides

Conference Page

Presented at SuriCon 2024 in Madrid, Spain | Co-presented with Leo Meyerovich

← Back to Blog