<\/a><\/p>\n<\/p>\n\nIntroduction<\/strong><\/h2>\nSoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software detection, dynamic policy verification, and corresponding actions. The Foundation-sec-1.1-8B-Instruct model plays a crucial role by categorizing software names into 17 different categories for policy enforcement, effectively enabling end-to-end workflow automation.<\/p>\nIn this blog, we explain how the Foundation-sec-1.1-8B-Instruct model fits into SoftBank\u2019s triaging process and how we achieve high accuracy in software categorization.<\/p>\nThe Automated Triaging Workflow<\/strong><\/noscript><\/strong><\/h2>\nFigure 1: Suspicious file detection workflow in SoftBank.<\/span>\u00a0<\/span><\/p>\nSuspicious software detection is a common use case in security operations. At SoftBank, software categories are defined based on capabilities and security risks. Once a category is\u00a0determined, and\u00a0depending on the network where the software is detected, relevant company policies are applied and\u00a0appropriate actions\u00a0are taken.<\/span>\u00a0<\/span><\/p>\nPreviously, file categorization, policy verification, and response actions were performed manually by analysts, which is\u00a0a time-consuming and labor-intensive process. To allow analysts to focus on higher-priority investigations, SoftBank decided to automate the workflow using automation frameworks and large language models (LLMs).<\/span>\u00a0<\/span><\/p>\nAutomation frameworks streamlined policy checks and response actions. However, automating software categorization was challenging due to the vast number of\u00a0possible\u00a0software, overlapping functionalities, and organization-specific categorization rules. As a result, categorization became the final piece needed for\u00a0this\u00a0automated\u00a0assistance\u00a0to\u00a0human\u00a0analysts.<\/span>\u00a0<\/span><\/p>\nFoundation AI Model for Categorization<\/span><\/b>\u00a0<\/span><\/h2>\nTo solve the categorization challenge, SoftBank chose LLMs for their general knowledge of software and ability to follow instructions. Due to data privacy requirements, cloud-based LLMs were not an option. Foundation-sec-1.1-8B-Instruct stood out as an open-source model that can be deployed on-premises. Its compact size reduces operational costs, and its security-specific pre-training allows it to outperform similar general-purpose open-source models in security tasks.<\/span>\u00a0<\/span><\/p>\nFor categorization, the model receives a software name as input and selects one of 17 output categories. The main challenge lies in overlapping category definitions and software with multiple functionalities. Additionally, to ensure smooth workflow integration, the model\u2019s output must be strictly formatted as the category name only.<\/span><\/p>\nOutput Optimization<\/span><\/b>\u00a0<\/span><\/h2>\nTo address these challenges, the Cisco Foundation AI team collaborated closely with SoftBank on prompt tuning to ensure stable and\u00a0accurate\u00a0model outputs.<\/span>\u00a0<\/span><\/p>\nOptimization 1: Output Formatting<\/span><\/b>\u00a0<\/span><\/h3>\nFirst, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software detection, dynamic policy verification, and corresponding actions. The Foundation-sec-1.1-8B-Instruct model plays a crucial role by categorizing software names into 17 different categories for policy enforcement, effectively enabling end-to-end workflow automation.<\/p>\n
In this blog, we explain how the Foundation-sec-1.1-8B-Instruct model fits into SoftBank\u2019s triaging process and how we achieve high accuracy in software categorization.<\/p>\n
Figure 1: Suspicious file detection workflow in SoftBank.<\/span>\u00a0<\/span><\/p>\nSuspicious software detection is a common use case in security operations. At SoftBank, software categories are defined based on capabilities and security risks. Once a category is\u00a0determined, and\u00a0depending on the network where the software is detected, relevant company policies are applied and\u00a0appropriate actions\u00a0are taken.<\/span>\u00a0<\/span><\/p>\nPreviously, file categorization, policy verification, and response actions were performed manually by analysts, which is\u00a0a time-consuming and labor-intensive process. To allow analysts to focus on higher-priority investigations, SoftBank decided to automate the workflow using automation frameworks and large language models (LLMs).<\/span>\u00a0<\/span><\/p>\nAutomation frameworks streamlined policy checks and response actions. However, automating software categorization was challenging due to the vast number of\u00a0possible\u00a0software, overlapping functionalities, and organization-specific categorization rules. As a result, categorization became the final piece needed for\u00a0this\u00a0automated\u00a0assistance\u00a0to\u00a0human\u00a0analysts.<\/span>\u00a0<\/span><\/p>\nFoundation AI Model for Categorization<\/span><\/b>\u00a0<\/span><\/h2>\nTo solve the categorization challenge, SoftBank chose LLMs for their general knowledge of software and ability to follow instructions. Due to data privacy requirements, cloud-based LLMs were not an option. Foundation-sec-1.1-8B-Instruct stood out as an open-source model that can be deployed on-premises. Its compact size reduces operational costs, and its security-specific pre-training allows it to outperform similar general-purpose open-source models in security tasks.<\/span>\u00a0<\/span><\/p>\nFor categorization, the model receives a software name as input and selects one of 17 output categories. The main challenge lies in overlapping category definitions and software with multiple functionalities. Additionally, to ensure smooth workflow integration, the model\u2019s output must be strictly formatted as the category name only.<\/span><\/p>\nOutput Optimization<\/span><\/b>\u00a0<\/span><\/h2>\nTo address these challenges, the Cisco Foundation AI team collaborated closely with SoftBank on prompt tuning to ensure stable and\u00a0accurate\u00a0model outputs.<\/span>\u00a0<\/span><\/p>\nOptimization 1: Output Formatting<\/span><\/b>\u00a0<\/span><\/h3>\nFirst, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Suspicious software detection is a common use case in security operations. At SoftBank, software categories are defined based on capabilities and security risks. Once a category is\u00a0determined, and\u00a0depending on the network where the software is detected, relevant company policies are applied and\u00a0appropriate actions\u00a0are taken.<\/span>\u00a0<\/span><\/p>\nPreviously, file categorization, policy verification, and response actions were performed manually by analysts, which is\u00a0a time-consuming and labor-intensive process. To allow analysts to focus on higher-priority investigations, SoftBank decided to automate the workflow using automation frameworks and large language models (LLMs).<\/span>\u00a0<\/span><\/p>\nAutomation frameworks streamlined policy checks and response actions. However, automating software categorization was challenging due to the vast number of\u00a0possible\u00a0software, overlapping functionalities, and organization-specific categorization rules. As a result, categorization became the final piece needed for\u00a0this\u00a0automated\u00a0assistance\u00a0to\u00a0human\u00a0analysts.<\/span>\u00a0<\/span><\/p>\nFoundation AI Model for Categorization<\/span><\/b>\u00a0<\/span><\/h2>\nTo solve the categorization challenge, SoftBank chose LLMs for their general knowledge of software and ability to follow instructions. Due to data privacy requirements, cloud-based LLMs were not an option. Foundation-sec-1.1-8B-Instruct stood out as an open-source model that can be deployed on-premises. Its compact size reduces operational costs, and its security-specific pre-training allows it to outperform similar general-purpose open-source models in security tasks.<\/span>\u00a0<\/span><\/p>\nFor categorization, the model receives a software name as input and selects one of 17 output categories. The main challenge lies in overlapping category definitions and software with multiple functionalities. Additionally, to ensure smooth workflow integration, the model\u2019s output must be strictly formatted as the category name only.<\/span><\/p>\nOutput Optimization<\/span><\/b>\u00a0<\/span><\/h2>\nTo address these challenges, the Cisco Foundation AI team collaborated closely with SoftBank on prompt tuning to ensure stable and\u00a0accurate\u00a0model outputs.<\/span>\u00a0<\/span><\/p>\nOptimization 1: Output Formatting<\/span><\/b>\u00a0<\/span><\/h3>\nFirst, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Previously, file categorization, policy verification, and response actions were performed manually by analysts, which is\u00a0a time-consuming and labor-intensive process. To allow analysts to focus on higher-priority investigations, SoftBank decided to automate the workflow using automation frameworks and large language models (LLMs).<\/span>\u00a0<\/span><\/p>\nAutomation frameworks streamlined policy checks and response actions. However, automating software categorization was challenging due to the vast number of\u00a0possible\u00a0software, overlapping functionalities, and organization-specific categorization rules. As a result, categorization became the final piece needed for\u00a0this\u00a0automated\u00a0assistance\u00a0to\u00a0human\u00a0analysts.<\/span>\u00a0<\/span><\/p>\nFoundation AI Model for Categorization<\/span><\/b>\u00a0<\/span><\/h2>\nTo solve the categorization challenge, SoftBank chose LLMs for their general knowledge of software and ability to follow instructions. Due to data privacy requirements, cloud-based LLMs were not an option. Foundation-sec-1.1-8B-Instruct stood out as an open-source model that can be deployed on-premises. Its compact size reduces operational costs, and its security-specific pre-training allows it to outperform similar general-purpose open-source models in security tasks.<\/span>\u00a0<\/span><\/p>\nFor categorization, the model receives a software name as input and selects one of 17 output categories. The main challenge lies in overlapping category definitions and software with multiple functionalities. Additionally, to ensure smooth workflow integration, the model\u2019s output must be strictly formatted as the category name only.<\/span><\/p>\nOutput Optimization<\/span><\/b>\u00a0<\/span><\/h2>\nTo address these challenges, the Cisco Foundation AI team collaborated closely with SoftBank on prompt tuning to ensure stable and\u00a0accurate\u00a0model outputs.<\/span>\u00a0<\/span><\/p>\nOptimization 1: Output Formatting<\/span><\/b>\u00a0<\/span><\/h3>\nFirst, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Automation frameworks streamlined policy checks and response actions. However, automating software categorization was challenging due to the vast number of\u00a0possible\u00a0software, overlapping functionalities, and organization-specific categorization rules. As a result, categorization became the final piece needed for\u00a0this\u00a0automated\u00a0assistance\u00a0to\u00a0human\u00a0analysts.<\/span>\u00a0<\/span><\/p>\nFoundation AI Model for Categorization<\/span><\/b>\u00a0<\/span><\/h2>\nTo solve the categorization challenge, SoftBank chose LLMs for their general knowledge of software and ability to follow instructions. Due to data privacy requirements, cloud-based LLMs were not an option. Foundation-sec-1.1-8B-Instruct stood out as an open-source model that can be deployed on-premises. Its compact size reduces operational costs, and its security-specific pre-training allows it to outperform similar general-purpose open-source models in security tasks.<\/span>\u00a0<\/span><\/p>\nFor categorization, the model receives a software name as input and selects one of 17 output categories. The main challenge lies in overlapping category definitions and software with multiple functionalities. Additionally, to ensure smooth workflow integration, the model\u2019s output must be strictly formatted as the category name only.<\/span><\/p>\nOutput Optimization<\/span><\/b>\u00a0<\/span><\/h2>\nTo address these challenges, the Cisco Foundation AI team collaborated closely with SoftBank on prompt tuning to ensure stable and\u00a0accurate\u00a0model outputs.<\/span>\u00a0<\/span><\/p>\nOptimization 1: Output Formatting<\/span><\/b>\u00a0<\/span><\/h3>\nFirst, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
To solve the categorization challenge, SoftBank chose LLMs for their general knowledge of software and ability to follow instructions. Due to data privacy requirements, cloud-based LLMs were not an option. Foundation-sec-1.1-8B-Instruct stood out as an open-source model that can be deployed on-premises. Its compact size reduces operational costs, and its security-specific pre-training allows it to outperform similar general-purpose open-source models in security tasks.<\/span>\u00a0<\/span><\/p>\nFor categorization, the model receives a software name as input and selects one of 17 output categories. The main challenge lies in overlapping category definitions and software with multiple functionalities. Additionally, to ensure smooth workflow integration, the model\u2019s output must be strictly formatted as the category name only.<\/span><\/p>\nOutput Optimization<\/span><\/b>\u00a0<\/span><\/h2>\nTo address these challenges, the Cisco Foundation AI team collaborated closely with SoftBank on prompt tuning to ensure stable and\u00a0accurate\u00a0model outputs.<\/span>\u00a0<\/span><\/p>\nOptimization 1: Output Formatting<\/span><\/b>\u00a0<\/span><\/h3>\nFirst, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
For categorization, the model receives a software name as input and selects one of 17 output categories. The main challenge lies in overlapping category definitions and software with multiple functionalities. Additionally, to ensure smooth workflow integration, the model\u2019s output must be strictly formatted as the category name only.<\/span><\/p>\nOutput Optimization<\/span><\/b>\u00a0<\/span><\/h2>\nTo address these challenges, the Cisco Foundation AI team collaborated closely with SoftBank on prompt tuning to ensure stable and\u00a0accurate\u00a0model outputs.<\/span>\u00a0<\/span><\/p>\nOptimization 1: Output Formatting<\/span><\/b>\u00a0<\/span><\/h3>\nFirst, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
To address these challenges, the Cisco Foundation AI team collaborated closely with SoftBank on prompt tuning to ensure stable and\u00a0accurate\u00a0model outputs.<\/span>\u00a0<\/span><\/p>\nOptimization 1: Output Formatting<\/span><\/b>\u00a0<\/span><\/h3>\nFirst, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
First, few-shot examples were appended at the end of the prompt to guide the model on correct output formatting.\u00a0The last part of the prompt was formatted as following:<\/span><\/p>\n# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
# Examples\u00a0<\/span>Input: SOFTWARE_1\u00a0<\/span>Output: CAT_001\u00a0<\/span>\u00a0<\/span>Input: SOFTWARE_2\u00a0<\/span>Output: CAT_005\u00a0<\/span><\/p>\nInput: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Input: SOFTWARE_3\u00a0<\/span>Output: CAT_011\u00a0<\/span># Now it is your turn:\u00a0<\/span>Input: <INPUT NAME>\u00a0<\/span>Output:\u00a0\u00a0<\/span><\/p>\nThese few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
These few-shot examples, combined with system prompts that define output rules and include validation, ensure the model consistently outputs a valid category for each input. We also integrated output validation into the workflow; if the model\u00a0fails to\u00a0return a valid category name, the inference process re-runs until a correct output is obtained. This combination of prompt engineering and output validation allows us to achieve stable, well-formatted categorization results.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a02:\u00a0Category Description<\/span><\/b>\u00a0<\/span><\/h3>\nNext, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Next, we incorporated categorization rules\u2014based on analyst logic and historical data\u2014into the prompt to clarify the scope of each category. However, some overlap naturally occurs between categories.<\/span>\u00a0<\/span><\/p>\nFor example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
For example, \u201cFile Transfer,\u201d \u201cFile Sharing,\u201d and \u201cForbidden Internet Service\u201d are governed by different rules. While cloud storage software like OneDrive should be categorized as \u201cForbidden Internet Service,\u201d the model often misclassifies it as \u201cFile Sharing\u201d due to its sharing functionality. Similar ambiguities exist between pairs like \u201cPacket Capture & Vulnerability Scanning\u201d and \u201cServer Service & File Transfer.\u201d To improve model performance, we\u00a0identified\u00a0these common misclassifications and added descriptive guidance to help the model distinguish between them.<\/span>\u00a0<\/span><\/p>\nFor instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
For instance, we added the following reasoning logic for the \u201cPacket Capture\u201d and \u201cVulnerability Scanning\u201d categories:<\/span>Confirmation for Ambiguous Cases (Evaluate in order):\u00a0<\/span><\/p>\n1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
1. Does it output vulnerability reports or CVE information? \u2192 Yes: Vulnerability Scanning \/ No: Proceed to next.\u00a0<\/span><\/p>\n2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
2. Is the primary purpose packet interception, recording, or visualization? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
3. Is the primary purpose network monitoring or bandwidth monitoring? \u2192 Yes: Packet Capture \/ No: Proceed to next.\u00a0<\/span><\/p>\n4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
4. Is the primary purpose discovering or diagnosing vulnerabilities in the target? \u2192 Yes: Vulnerability Scanning \/ No: CAT_001.\u00a0<\/span><\/p>\nThroughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Throughout this process, we kept the prompt concise to avoid confusion and ensure reliable categorization.<\/span>\u00a0<\/span><\/p>\nOptimization\u00a03:\u00a0Preprocessing and Postprocessing<\/span><\/b>\u00a0<\/span><\/h3>\nThe 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
The 17th category, \u201cUndetermined,\u201d is designed to capture software that does not fit into the other 16 categories. During testing, we\u00a0observed\u00a0that the model often force-assigned a category to software that should have been marked as \u201cUndetermined.\u201d In production, these misclassifications result in false positives, as the \u201cUndetermined\u201d category does not trigger any specific rules.<\/span>\u00a0<\/span><\/p>\nWhile prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
While prompt tuning reduced many of these instances, some organization-specific cases remained where potentially sensitive files were incorrectly flagged as benign. To mitigate this, we implemented whitelisting as a preprocessing step and added postprocessing to further filter out false positives.<\/span>\u00a0<\/span><\/p>\nCategorization Results<\/span><\/b>\u00a0<\/span><\/h3>\nTesting was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Testing was conducted on a curated dataset of historical detections and human-annotated categories. To prevent overfitting, we expanded the dataset with common software names and manually verified ground-truth labels.<\/span>\u00a0<\/span><\/p>\nUsing these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Using these 17 categories, the Foundation-sec-1.1-8B-Instruct model achieved 80.75% accuracy, which is comparable to the performance of cloud-based LLMs on the same task. When combined with our rule-based system and the new pre\/post-processing steps, the overall workflow accuracy reached 90%, making it highly effective for daily operations.<\/span>\u00a0<\/span><\/p>\nConclusions<\/span><\/b>\u00a0<\/span><\/h2>\nSoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
SoftBank\u2019s adoption of the Cisco Foundation AI model\u00a0demonstrates\u00a0that, while LLMs are often used for summarization and analysis, they can also effectively handle categorization tasks without resource-intensive retraining or fine-tuning. This approach shows that by carefully\u00a0identifying\u00a0which workflow tasks truly require generative AI, organizations can reduce computational demands and improve reliability while achieving automation goals\u2014compared to relying entirely on LLM-based workflows.<\/span>\u00a0<\/span><\/p>\nLooking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Looking ahead, SoftBank plans to extend this approach beyond suspicious file detection to automate intrusion detection system (IDS) responses as well. Given that IDS automation will involve handling sensitive network and security-related information, the Foundation AI model\u2019s data privacy and security features make it particularly well-suited for these future security operations workflows.<\/span>\u00a0<\/span><\/p>\nCustomer Testimonials<\/span><\/b>\u00a0<\/span><\/h2>\n\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\u201cThrough our joint PoV with Cisco, we confirmed that the Cisco Foundation AI model can help streamline\u00a0an important step\u00a0in our SOC triaging workflow: software categorization. Its on-premises deployment model meets our data privacy requirements, and the PoV demonstrated practical accuracy, including over 85% accuracy at the workflow-action level, with further improvement expected through preprocessing and policy-based controls.\u00a0\u00a0This approach can help our analysts reduce manual triage effort and\u00a0allocate\u00a0more attention to higher-priority security investigations.\u201d<\/span>\u00a0<\/span><\/p>\n\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\u2014<\/span>Hajime Uematsu, Director, Security Verification Department, SoftBank Corp.<\/p>\n<\/p><\/div>\n<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/a><\/p><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Introduction SoftBank Corp. (\u201cSoftBank\u201d) has integrated Cisco Foundation AI\u2019s Foundation-sec-1.1-8B-Instruct model into their Security Operations Center (SOC) triaging workflow, enabling full automation of suspicious software […]<\/p>\n","protected":false},"author":1,"featured_media":17146,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-17145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/comments?post=17145"}],"version-history":[{"count":0,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/posts\/17145\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media\/17146"}],"wp:attachment":[{"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/media?parent=17145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/categories?post=17145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmsretail.com\/RetailNews\/wp-json\/wp\/v2\/tags?post=17145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/blogs.cisco.com\/gcs\/ciscoblogs\/1\/2026\/06\/Screenshot-2026-06-18-at-9.08.32\u202fAM.png\")
![\"Retail](\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\")
<\/a><\/p>