Sumo Logic this week at the RSA Conference previewed a copilot that leverages generative artificial intelligence (AI) to make it simpler for IT and cybersecurity professionals of varying levels of experience to derive benefits from its observability platform via a user interface (UI) the company is in the process of revamping.
In addition, Sumo Logic revealed the ability to streamline alerts using machine learning algorithms based on the AutoML framework is now generally available.
Sumo Logic is also adding a Cloud Infrastructure Overview dashboard to make it simpler to identify misconfigurations and vulnerabilities faster that can be remediated using playbooks infused with AI.
Finally, the company has added a MITRE ATT&CK Threat Coverage Explorer to its security information event management (SIEM) platform to make it simpler to apply rules based on the widely employed cybersecurity framework along with integrated threat detection feeds.
Chas Clawson, Field CTO for security at Sumo Logic, said the company is working toward providing an observability platform that normalizes DevOps and cybersecurity data in a way that makes it simpler to embrace best DevSecOps practices. Various types of AI models will then surface actionable insights via summarizations and recommended remediations that can be automatically applied in a way that significantly reduces the current level of toil that DevSecOps teams regularly encounter, he noted.
Over time, DevSecOps teams will have at their disposal multiple AI assistants that are optimized to asynchronously manage multiple tasks. As the underlying AI models that enable those capabilities improve, so too will the ability to use reasoning engines to enable AI assistants to automate more complex tasks.
It’s not clear to what degree AI will make application environments more secure, but the one thing that is certain is cybercriminals will be investing in AI to launch more sophisticated cyberattacks at scale because emerging technologies are always going to weaponized, noted Clawson. In fact, in the short term there is likely to be “an ugly brawl” between cybercriminals and defenders as both sides race to apply AI for ill and good, respectively, he added.
In short term, cybercriminals might enjoy an added AI advantage, but there is an opportunity now to leverage data lakes and the observability platforms infused with AI to make it possible to securely build and deploy applications across IT environments that only become more complex with each passing day, said Clawson. In fact, IT teams have reason to be cautiously optimistic about the future of cybersecurity in the age of AI, he noted.
Observability platforms will, of course, play a major role in helping to achieve that goal. As the data collected is increasingly normalized it should become much simpler to correlate events to proactively troubleshoot applications in ways that also make it possible to respond faster to newly discovered vulnerabilities and breaches. The challenge, of course, is finding the funding needed to enable DevSecOps teams to move beyond monitoring tools that today only track a set of pre-defined metrics that don’t provide nearly enough insight into the root cause of any given issue.