Editor’s Note: Through itsOrigin Ventures Office of Entrepreneurship, Gies College of Business is supporting entrepreneurial activities of both on-campus and online learners. The Origin Ventures Office fosters knowledge creation and dissemination from top faculty in the field, and it designs and offers the curriculum needed to bring that knowledge to the classroom. The office housesiVenture, an accelerator for top student startups at the University of Illinois, and co-sponsors the Cozad New Venture Challenge, which allows University of Illinois startups to compete for a $550,000 funding pool. This is one in a series of features on Gies teams participating in this year’s Cozad, which culminated in the finals on April 17.
The typical mid-sized company has about 70 tools to detect cybersecurity breaches. For a large company, that could be over 100. Even with all of today’s cybersecurity tools, it takes an average of 204 days to detect an alert and about 73 days to remediate that alert, according to a 2023 IBM Data Breach Report. Those are the eye-popping facts that Atharv Vasisht discovered through independent research after his internships at AbbVie and Deloitte over the past three summers. Vasisht, a senior majoring in finance + data science at Gies Business, is researching solutions to lower the reaction times considerably through his prototype Legion SDI.
“I don’t think most people come into college thinking AI security is the space they want to get into,” Vasisht said. “I would describe myself as a systems thinker and a builder. Through my experiences at Gies and my internships, I realized I really like understanding how enterprise systems work and ways they can be optimized with emerging technology.”
A connection through his business fraternity and a Gies career fair led him to an opportunity as a market research analyst intern at AbbVie, followed by internships in Deloitte’s cybersecurity practice. There, he learned about fundamental cybersecurity concepts and systems that would spark his passion in the space.
“Those internships provided me with a lot of exposure and understanding of how enterprise cybersecurity systems work,” Vasisht said. “You can’t grasp the sheer scale and volume of security operations unless you’re at a place that exposes you to the variety of tools and procedures enterprises deploy.”
Over the past four months, Vasisht has met with dozens of security analysts, leaders, and industry practitioners for his research and discovered, among other things, that there currently aren’t many centralized and effective ways to measure whether existing cybersecurity tools are giving companies the ROI that they want from both a cyber-risk and financial technical-debt standpoint.
The Legion SDI Proof of Concept
Vasisht’s goal in creating Legion SDI was to prototype a concept that could integrate all of a company’s cybersecurity tools into one centralized decision intelligence plane – and coordinate triage across various security professionals, teams, and tools. Based on his research, Vasisht believes that solutions in this space have the potential to reduce alert detection and response time by over 80%.
Additionally, Legion SDI conceptualizes the benefits a centralized decision system of record may have in providing holistic defensibility for CISOs and chief technology officers (CTOs) to defend security-related decisions being made across the tool stack to a board of directors.
“By having a system that correlates all the human and technological capital within your security stack, you gain a stronger understanding of your overall security posture,” Vasisht said. “This theoretically means you can reduce the chances of a hacker infiltrating your system and optimize existing technical debt simultaneously, which could save billions of dollars per year across the broader market.”
An example of how Legion SDI aims to effectively correlate alerts can be seen through its ontological decision graph within the prototype. For instance, if an alert comes from just one tool, it’s more likely than not that the alert is either auto-remediated or trivial, but if it exists in multiple systems and can be correlated together, then it shows that there is a legitimate vulnerability that needs to be addressed immediately. This type of multi-domain correlation enables Legion SDI to effectively show the benefits of mapping alerts across tools to eventually triage them.
“If a CTO can visualize this data from a holistic view of the entire enterprise, they can clearly show security and financial postures from the network at a board meeting,” Vasisht said. “From what I’ve seen across my market research and industry conversations, that’s something a lot of companies can’t do accurately and efficiently right now.”
LLMs, when trained on the right model and context, have the potential to meaningfully alleviate this visibility gap.
“LLMs tend to hallucinate already,” Vasisht said. “When you’re using it on complex data models and systems integrations like this, they hallucinate even more. The problem is real. The solution, in theory, works well. The implementation is where the difficulty lies. That’s why I’m focused on how potential solutions could work.”
LegionSDI: Turning Research into a Conceptual Prototype
Vasisht notes that while the market has seen rapid growth in triage automation and overall agentic security operations, there still appears to be an opportunity to translate these decisions and activities into board-level visibility and ROI-driven defensibility for enterprise executives.
As part of his research, Vasisht has developed a prototype to explore how these integration concepts could work in practice. He is using his involvement in this year’s Cozad New Venture Challenge to conceptualize next steps, gain a deeper understanding of technical implementations, and understand effective go-to-market strategies. Whether he chooses to do so remains to be seen, but Vasisht sees Cozad as a way to advance his research and gain a deeper understanding of this space.
“Through Cozad, I am surrounded by people who are also trying to solve and understand problems, both from a technical standpoint and from a business perspective,” Vasisht said. “I’ve met a lot of people who are passionate about building, whether it’s a business-to-business or a business-to-consumer solution. Having the community allows me to bounce ideas off like-minded entrepreneurs, researchers, and industry professionals to fine-tune potential solutions. It has been helpful as a launching pad for my research.”
After graduation, Vasisht, a Seattle native, is returning to his hometown to take a position in the cybersecurity space at Deloitte. Vasisht plans to keep Legion SDI alive as a research initiative, using the prototype to deepen his understanding of the AI security problem space.
“Gies has done a great job of providing me with technical skills as well as the business acumen to understand these types of systems and their pain points,” Vasisht said. “The data science aspect is crucial for understanding technically how you implement API integrations, develop RAG system architecture, and train models accurately while using LLMs.