Enabling Effective Vulnerability Prioritization: Leveraging Ensemble LLMs in the Wake of NIST NVD Challenges

 ENGLISH SESSION

In March 2024, the cybersecurity community faced significant challenges with the National Vulnerability Database (NVD) maintained by NIST. The NVD's inability to enrich vulnerabilities left many teams struggling to prioritize their remediation efforts effectively. However, with gaps in vulnerability data, organizations were left exposed to potential threats. Recognizing the necessity for a robust vulnerability enrichment system, we embarked on a journey to leverage artificial intelligence (AI) to address this challenge. Initially, we used a single large language model (LLM), but it proved cost-prohibitive. However, through iterative refinement, we developed an ensemble of LLMs that work together to enrich vulnerabilities. Our ensemble approach harnesses the collective power of LLMs to analyze vast amounts of IT and security data, including tens of thousands of vendor and product web pages, to extract and enrich vulnerabilities. Furthermore, we incorporate insights from threat intelligence and internal security tools to understand the impact of a particular vulnerability. In this presentation, we explain the methodologies and techniques used to construct and deploy our ensemble of LLMs. We share insights from our experiences and offer practical guidance for organizations seeking to enhance their vulnerability management program in the face of evolving threats and unreliable data sources.