The Rise of NexusFlow: Revolutionizing SOC Automation

Nexusflow: Enhancing Cybersecurity Automation with Natural Language Queries

Introduction

The widespread use of large language model (LLM) applications, such as ChatGPT, has sparked debates about their potential benefits and risks. While some view them as the epitome of technological advancement, others fear their negative impact on the economy. However, two professors from the University of California, Berkeley, Jiantao Jiao and Kurt Keutzer, along with AI developer Jian Zhang, are demonstrating practical applications of LLM technology through their venture called Nexusflow. Nexusflow aims to enhance cybersecurity automation by incorporating natural language queries and improving automated responses. By leveraging databases and natural language processing, Nexusflow empowers security analysts to identify solutions to network and security operations challenges more effectively.

Nexusflow: A Leap in Decision-Making

Traditionally, AI applications have been limited to responding to new data based on existing knowledge. However, Nexusflow takes a different approach. According to Jiantao Jiao, the decision-making function of Nexusflow can now handle situations where it lacks prior experience. The software can either query external databases to find answers or seek guidance from human experts. In other words, Nexusflow goes beyond using known data and makes decisions more intuitively based on examples and postulation. This leap in decision-making capability enables Nexusflow to address complex cybersecurity challenges more efficiently.

Training the AI Application

To enhance its learning process, Nexusflow enables the software to acquire knowledge about various APIs and applications. Jiantao Jiao explains that the software can “synthesize fragmented information from different sources” by effectively reading manuals and integrating the information. Additionally, analysts can demonstrate how to solve a problem, and the application learns from these examples. Nexusflow learns from multiple samples of solutions to different problems and applies that knowledge to solve new problems as they arise. This training approach equips Nexusflow with the ability to carry out extensive analytic work across multiple networks, making it a valuable asset for security analysts.

NexusRaven-13B: The Powerful Open Source LLM

Nexusflow relies on its in-house open source LLM called NexusRaven-13B. With a remarkable 95% success rate on CVE/CPE search tools and VirusTotal, this LLM outperforms even GPT-4, which achieves only a 64% success rate. NexusRaven-13B’s capabilities make it a formidable tool for cybersecurity professionals. Its ability to comprehend natural language requests from security analysts allows for sophisticated functions, such as reviewing cloud configurations and identifying potential vulnerabilities.

Augmenting SOAR with Decision-Making Capabilities

Security orchestration and automation (SOAR) tools have greatly improved decision response in security operations centers (SOC). However, these tools often face limitations when dealing with unknown situations, leaving SOC analysts to handle mundane tasks. This presents an opportunity for Nexusflow to augment existing SOAR platforms by providing advanced decision-making capabilities. Ken Westin, field CISO at Panther Labs, acknowledges the limitations of current SOAR applications, emphasizing the importance of empowering analysts to make rapid decisions. Nexusflow aims to automate these responses further, while still allowing human experts to provide clarification or train the application when needed.

Ensuring Data Security

From a cybersecurity perspective, Nexusflow offers a unique advantage over LLM products that rely on public clouds. Nexusflow is self-contained, allowing corporations to maintain data confidentiality and prevent exposure to potential competitors or the public. Organizations that require highly confidential data to remain in on-premises data centers can benefit from Nexusflow‘s ability to run in local data centers or private clouds. For smaller organizations or remote facilities, it is possible to deploy a self-contained modular data center to run the Nexusflow application locally, ensuring advanced AI functionality without compromising data security.

Funding and Future Development

Nexusflow recently emerged from stealth mode and secured $10.6 million in seed funding led by Point72 Ventures. Fusion Fund and several AI industry executives from Silicon Valley also participated in the funding round. The company plans to utilize these funds for software development, acquisition of test equipment, software testing infrastructure, and financing its overall growth. With continued development and investment, Nexusflow has the potential to revolutionize cybersecurity automation and solidify its position within the security operations landscape.

Conclusion

Nexusflow, founded by UC Berkeley professors Jiantao Jiao and Kurt Keutzer, along with AI developer Jian Zhang, is pushing the boundaries of cybersecurity automation through the use of natural language queries and improved automated responses. By incorporating natural language processing and databases, Nexusflow empowers security analysts to identify solutions more effectively and automate decision-making processes. Its open-source LLM, NexusRaven-13B, achieves an impressive 95% success rate in critical areas. Additionally, Nexusflow enhances existing SOAR platforms by providing decision-making capabilities and allows for the secure execution of its software in on-premises data centers or private clouds. With recent seed funding and a clear vision, Nexusflow is poised to disrupt the cybersecurity industry and enable security operations centers to operate more efficiently.