Sumo Logic today added a set of artificial intelligence (AI) agents trained to query and summarize cybersecurity data in a way that significantly reduces the amount of manual effort that would otherwise be required.
Bill Peterson, senior director of product marketing for Sumo Logic, said the Sumo Logic Dojo AI series of AI agents will continue to expand as other agents are trained and deployed.
Built using the Nova large language models (LLMS) developed by Amazon Web Services (AWS), the Sumo Logic AI agents will all be accessible via a Mobot conversational interface, currently in beta, that Sumo Logic has also developed. The Sumo Logic Platform ingests more than 4.5 exabytes of data every day, which was used to train the AI agents without using any customer data, said Peterson.
In addition to enabling cybersecurity teams to more easily query data without having to learn a query language, the Query Agent developed by Sumo Logic should also streamline investigations while at the same time improving the accuracy of analytics, he added.
That latter capability is especially critical because it affords cybersecurity teams an opportunity to reduce the overall noise level using a tool that makes it simpler to surface the relationship between various alerts, noted Peterson.
Given the pace at which adversaries are already launching cyberattacks, cybersecurity teams are going to need AI to level the playing field, said Peterson. As cybercriminals also begin to use AI to launch more sophisticated cyberattacks at even higher levels of scale, there is a pressing need to augment the skills and expertise of cybersecurity analysts, he added.
It’s not clear at what rate cybersecurity teams are embracing AI, but according to a Futurum Group survey, more than 25% of surveyed organizations have implemented dedicated AI/ML security controls and processes to evaluate and monitor AI-related vulnerabilities. A similar percentage reports they are already seeing AI-powered cyberattacks.
Like it or not, every cybersecurity team is now locked in an AI arms race. The challenge now is finding the funding required to upgrade cybersecurity defenses before adversaries master using AI technologies to the point where they are able to simply overwhelm existing defenses. The simple fact is that cybersecurity analysts, no matter how well trained, are going to be able to identify patterns in waves of attacks being launched at machine speed without help from AI.
Hopefully, the rise of AI will not only help level the cybersecurity playing field, it should also reduce turnover as more of the current manual toil that SecOps teams manage becomes more automated. In fact, SecOps teams would be well-advised to identify which tasks not only might be better handled by an AI agent today but also in the months ahead as AI advances continue to be rapidly made.
Of course, it’s not likely AI is going to eliminate the need for humans to manage cybersecurity, but the nature of the game is clearly changing. One day soon, however, cybersecurity professionals will routinely manage a small army of AI agents that are autonomously performing tasks in minutes and seconds that previously would have required hours to complete.
