Security engineers utilizing the new AI agent-based feature of Sysdig’s cloud-native application protection platform have found it to be a valuable tool in enhancing their alert management and policy customization processes while still maintaining human control.
The feature, known as Sysdig Sage, is currently in controlled availability with 15 customers of the CNAPP. It is designed on AI agents, a more advanced architecture compared to traditional large language model-based chatbots. These AI agents are extensions of LLMs and can handle specialized tasks, breaking down complex queries into manageable components. By coordinating data retrieval to answer intricate questions, the AI agents provide users with valuable insights.
One such user, Cat Schwan, a security engineer and team lead at Apree Health, has been utilizing Sysdig Sage in production for the past month. Schwan highlighted the importance of having access to contextual information when dealing with security alerts. The ability to ask Sage questions such as why a specific alert triggered, its significance, and recommended actions, has proven to be beneficial for analysts of varying experience levels, providing them with a starting point for taking necessary actions.
Another user, e-commerce company BigCommerce, also emphasized the significance of human involvement in the AI analytics process. Dan Holden, CISO at BigCommerce, expressed his belief that AI should enhance human response capabilities rather than replace them. BigCommerce has been using Sysdig Sage to evaluate and fine-tune custom security policy rules, focusing on obtaining custom events and adjusting criticality ratings according to their requirements.
Sysdig Sage has proven especially useful for engineers with less experience in application security, allowing them to ask questions and learn how to utilize Sysdig effectively without the need for constant support from internal experts.
While some skepticism surrounds the effectiveness of large language models (LLMs) in AI applications, Sysdig officials assure that the LLM supporting Sage has undergone rigorous training on application security data to ensure accurate results. The company does not use customer data for training, and regular testing is conducted to prevent any issues arising from AI interactions.
Overall, Sysdig Sage has received positive feedback from early users for its effectiveness in processing and analyzing data more efficiently than humans. The application of generative AI in threat detection and response has been beneficial for organizations with cloud-native apps, providing faster response times and enhancing security measures.
In conclusion, Sysdig Sage represents a significant advancement in AI-driven security solutions, helping organizations better manage security alerts, customize policies, and streamline response procedures. As the digital landscape continues to evolve, tools like Sysdig Sage will play a crucial role in strengthening cybersecurity practices and mitigating threats in cloud-native environments.