Defend Your Time: Applying Agentic AI to SecOps (Part 2 of 3)

Welcome back to “Defend Your Time,” the podcast dedicated to helping you get stronger security, more value, and fewer headaches out of your Microsoft security investments. Listen and subscribe through Spotify, Apple Podcasts, or wherever you get your podcasts. 

In this second episode of our 3-part series, Iris Safaka, lead data scientist at Ontinue, helps us demystify Agentic AI and explain its application in security operations (SecOps). 

What is Agentic AI?

Agentic AI refers to systems capable of making independent decisions to achieve specific goals. Unlike traditional AI systems that rely on predefined rules, Agentic AI leverages advanced algorithms and large language models (LLMs) to autonomously solve complex, multi-step problems. These systems can analyze sensory inputs, adapt to dynamic scenarios, and execute actions in real-time without human intervention.

Key Properties of AI Agents

1. Objective-Driven AI agents are given high-level objectives rather than specific code logic. They use reasoning, planning, and tools to achieve their goals.
2. Sensory Input AI agents can process various types of data, including text, images, and videos, to understand their environment.
3. Dynamic Adaptation AI agents can adapt their behavior based on changing conditions and learn from feedback to optimize their performance.
4. Real-Time Execution AI agents can execute actions in real-time, often without requiring human approval.

Building an Autonomous AI Agent

Creating an autonomous AI agent involves several design principles:

1. Reflection AI agents can self-critique and improve their outputs by automating self-evaluation processes. This helps reduce errors and enhance performance.
2. Tool Usage AI agents can be equipped with various tools, such as web search or email scheduling, to perform specific tasks. They can dynamically select and use the most relevant tools for their objectives.
3. Planning AI agents can create and execute multi-step plans to achieve complex goals. They can decompose tasks into simpler steps and adjust their plans based on intermediate results.
4. Multi-Agent Collaboration AI agents can work together, each focusing on specific roles and collaborating to solve complex problems more effectively.

Applying Agentic AI to SecOps

In the realm of security operations, Agentic AI can revolutionize incident investigation. Traditional methods require extensive rule-based programming, which is laborious and inflexible. Agentic AI introduces the necessary flexibility and planning to conduct end-to-end security incident investigations automatically.

At Ontinue, an AI system has been developed to investigate incidents that require human intervention. This system generates investigation plans, executes steps autonomously, and provides detailed reports to security experts. This approach significantly reduces the time to respond and close incidents, enhancing overall security efficiency.

The Secret Sauce

Ontinue’s success with Agentic AI in SecOps is attributed to three key factors:

1. Tool Arsenal A wide range of in-house developed tools allows for fine-grained security checks and deep insights during investigations.
2. Leveraging Past Knowledge Historical incident data is used to inform and improve the AI’s investigation strategies, mimicking human analysts’ approaches.
3. Expert Feedback Continuous feedback from security experts helps the AI system learn and adapt, ensuring high-quality performance.