The Infoblox Product Security team is responsible for protecting its SaaS products, and improving efficiency while maintaining complete visibility is paramount to their team’s success. With Panther AI, Infoblox has reduced detection tuning time by 70% and halved investigation times.  The AI alert triage features automatically identify patterns across hundreds of alerts, leveraging the visibility across logs centralized in Panther, and providing instant context for faster decision-making.

Sukhmani Sandhu, a Senior Product Security Engineer at Infoblox, works on a team of security engineers responsible for managing security monitoring across their production environments. Like many security teams, her team grapples with alert fatigue and time-consuming investigation processes that require pivoting between multiple tools and interfaces.

The Challenge: Alert Overload and Context Switching

When responding to an alert, security team members frequently need to switch their focus between different log sources and data types, adding mental overhead to each investigation and slowing down the triage process. Because it helps reduce the need to pivot between tools, the team prioritizes onboarding new log sources quickly whenever a new tool is added to the Infoblox tech stack. 

When implementing any new log source, security teams typically face an initial wave of alerts that require calibration to distinguish normal operations from actual threats.  The manual tuning process usually took Sukhmani about an hour per detection, with custom log source detections and alerts requiring even more time to understand and fine-tune. “For custom sources, we create the detections, and then tuning each alert can require hours of research,” she explained. With Panther AI, Sukhmani can complete initial detection tuning 70% faster. 

The Solution: AI-Powered Security Monitoring on AWS

Panther AI, built on AWS and leveraging Anthropic's Claude through Amazon Bedrock, has transformed Infoblox's approach to security monitoring. The solution provides:

• Contextual alert triage that automatically analyzes patterns and relationships

• Transparent reasoning that explains why alerts may be benign or concerning

• Visual diagrams that clarify complex relationships

• Natural language presentation of data that improves readability and comprehension

“Panther AI shows me alert patterns that help me filter out noise so we can focus on maintaining visibility across all our environments, without getting overwhelmed."

Sukhmani Sandhu, Senior Product Security Engineer

This pattern recognition has proven invaluable for Sukhmani's team. In one example, she observed how Panther AI correctly identified repetitive alerts coming from a specific IAM role associated with Kubernetes workloads. The AI recognized that these events occurred at regular intervals—once per hour—suggesting automated, expected activity rather than suspicious behavior. This immediate context enabled her to confidently determine that these alerts were benign with simple validation rather than extensive manual investigation, significantly streamlining the triage process.

The Results: Efficiency Gains and Enhanced Security Posture

Since implementing Panther AI, Infoblox has seen significant improvements:

• 70% reduction in detection tuning time

• 50% faster alert triage & investigation

• Enhanced visibility into activity patterns

Sukhmani utilized Panther AI to efficiently review and triage approximately 300 alerts from a new source. She was able to easily identify and filter out expected behavior, minimizing false positive alerts that don’t require security attention. This enables the team to rapidly expand their detection coverage without the burden of manually reviewing hundreds of false-positive alerts for each new log source they onboard. 

"Panther AI gives investigators a roadmap to investigate alerts, eliminating guesswork and accelerating resolution."

Sukhmani Sandhu, Senior Product Security Engineer

The improvement in readability has also contributed to faster investigation times. Sukhmani was pleasantly surprised the first time she used Panther AI, sharing: “I expected a wall of text, but everything was broken out, and the charts help to visualize the events.” Panther AI’s alert triage transforms complex JSON into easily digestible natural language descriptions, breaking down alerts by rules, namespaces, and environments. It also provides visual diagrams that help analysts quickly understand timelines and visualize complex relationships between entities and events.

Looking Ahead: Expanding AI Capabilities

Infoblox plans to continue leveraging Panther AI for alert triage and incident response, where its ability to analyze and correlate data from multiple sources will be particularly valuable. Sukhmani sees significant potential for Panther AI to provide even more support for her workflows and team. "Having the AI embedded across the product will be useful because it will enable me to simply chat with the AI agent about the type of activity I'm looking for," she explains. 

Panther AI has enhanced Infoblox's security operations with an efficient, insight-driven workflow that can reduce alert triage times by 50%. Through their adoption of Panther AI, Infoblox is another example of how security teams can dramatically increase efficiency by embracing agentic AI security tools.