Enhancing CTI Awareness of Small and Medium Enterprises with LLMs and Knowledge Graphs

Effective Cyber Threat Intelligence (CTI) is crucial for proactive defense; however, the high costs and technical complexity of commercial solutions make them inaccessible to the majority of Small and Medium Enterprises (SMEs). Furthermore, public CTI is predominantly available as unstructured text, making manual processing unbearable for resource-constrained organizations. To address this gap, we present a unified, low-cost pipeline that ingests, processes, and presents actionable CTI to Small and Medium Enterprises (SMEs) through a Retrieval-Augmented Generation (RAG) conversational interface. The system automatically crawls public CTI sources and integrates them with up-to-date Common Vulnerability Exposure (CVE) repositories to ensure coverage of structured and unstructured threat data. To enhance scalability compared to existing solutions, we transform raw reports into a knowledge graph that facilitates efficient querying and contextual retrieval. The system finally combines graph-derived intelligence with organization-specific software configurations to generate tailored, accessible threat guidance from a Large Language Model (LLM). We evaluate the pipeline through large-scale ingestion of 49,747 public threat documents and the latest CVE records, alongside a survey of security experts and an unsupervised assessment. Results show a substantial improvement in response completeness and relevance compared to a baseline language model, achieving a median answer relevance score of 93.7\%, while remaining interpretable and actionable for non-specialists. This work demonstrates that structured CTI extraction combined with lightweight generative interfaces can enable cost-effective cybersecurity awareness for SMEs.