I would describe the effectiveness of Sweet Security's Layer-7 network traffic inspection in understanding application requests and responses as very important. Sweet Security monitors real-time API and service-to-service traffic in production while building context around normal versus abnormal application behavior. What Layer 7 detects in Sweet Security is essential because many modern attacks do not break infrastructure; they abuse applications. Traditional CNAPP tools often just look at misconfigurations and CVEs, whereas Sweet Security adds depth by focusing on runtime behavior. Sweet Security's Layer 7 capability means real-time visibility into API and application behavior to detect attacks that bypass infrastructure-level defenses. I would assess the integration of LLMs in Sweet Security's vulnerability management as beneficial because they can summarize complex runtime security events in plain English. This gives faster alert triage and investigation and reduces alert noise. CNAPP tools can normally generate many alerts, but LLMs filter duplicates, group related issues, and prioritize real threats. This is why we are experiencing better time efficiency because we are prioritizing real threats and taking away alert fatigue. LLMs help interpret API and application layer behavior, which is useful for understanding normal API flows and authentication abuse, providing strong Layer 7 contextual analysis. Additionally, LLMs enable executive-ready reporting by converting technical incidents into summaries, impact analysis, and business risk explanations, making it much easier to communicate with leadership. The LLM integration with Sweet Security improves detection, reduces noise, and turns complex runtime cloud security data into clear, actionable intelligence. My advice to others looking into Sweet Security is to examine whatever cloud-native platform they have, run a free trial, and attempt a proof of value or proof of concept. Learn about it, use it, and compare it to what you currently have. Although it may not be as well-known as Wiz, Palo Alto, or Tenable CNAPP, Sweet Security definitely stands the test of time and is a great product. Everything I have mentioned is truly excellent. Sweet Security represents the next generation of CNAPP that differentiates through a runtime-first approach and focuses on detecting and responding to real attacks in environments. For me, that provides correlating signals across cloud, app, and identity. What stands out against traditional tools is that we are shifting right in our approach. If you want to be proactive rather than reactive, Sweet Security is a strong CNAPP enterprise vendor that any organization should consider. As a shifting-right technology in the production environment responding to real-time threats with Layer 7 integration and LLMs to help contextualize risk and show where breaches will occur rather than providing a long list of vulnerabilities, Sweet Security offers competitive pricing and great customer service. I would highly recommend that people research Sweet Security, trial it, and definitely compare it to their current CNAPP platform. I would rate this review an eight out of ten overall.
I am using the eBPF sensor in Sweet Security. The usage of the eBPF-based sensor has been pretty low. I was concerned about this initially because these sensors typically are pretty resource-intensive. However, this specific one is below one gigabyte of RAM and has very low CPU usage. The RAM consumption is around three hundred megabytes and the CPU usage is around three percent of one core. It's super low. I haven't tried the LLM-based reply scanning feature in Sweet Security yet. I recently received a message that they are also doing LLM reply scanning now, but I haven't tested this one yet. It hasn't really saved me time, I would say. It actually creates more work because it makes me aware of things that I was not aware of before. I would probably receive a different answer from a company that had another tool before and now has Sweet Security, but for me, I didn't have any tool before, so Sweet Security creates more work now. However, it's good to have. Babylon is a pretty small company, so the number I'll give for Sweet Security usage is up to ten users. That's a small number. I am a global company with Sweet Security and operate remotely. I have integrated Sweet Security with AWS and have integrated it with my own on-premises infrastructure as well. I have tried a few more integrations. I requested an integration with PagerDuty and an integration with GitHub audit logs, which they both don't have. They haven't implemented this and it's been almost half a year now. So they have some things, but they could have more. I would definitely recommend Sweet Security to companies like mine, to small companies, small to medium-sized companies, or startups that need somewhere to start, need to get a lot of things from a single tool, don't want to pay a lot of money, and want to build the initial security. My overall review rating for Sweet Security is seven out of ten.
Director of Security Operations at a tech vendor with 501-1,000 employees
Real User
Top 10
Sep 30, 2025
I assess the effectiveness of the machine learning algorithms in reducing threat response time as pretty good. At first, when we started with Sweet Security, the first month or so was pretty noisy with lots of different alerts being raised, but that's understandable. However, as time passed, we don't see any false positives, which is amazing. The machine learning works extremely well. We use the customizable dashboards and they are excellent in allowing us to create one dashboard for the CISO view. The CISO view is mainly for the CISO and the directors who are operating on the cloud, infrastructure and application security. They want to see things from a high-level, cross-company-wide perspective. We have that dashboard, but we also created a dedicated dashboard per specific analyst team. We still don't really use the reporting tools much, unfortunately. This is our next step. The next step for us would be to connect the reporting mechanism with our internally developed system that knows how to take off those reports and then do whatever we need with them. The threat detection capabilities influence our decision-making processes. Whenever we need to make a decision about what should be fixed first or what we should focus on, the team will first go to the threat detection page and learn about the system or the environment that we need to take a decision for. On a day-to-day basis, around 10 users are logging into the platform. Overall, there might be around 30 or 40 people. The solution requires maintenance, but it is minimal. Once in a while, when Sweet Security releases a new agent, we need to conduct the installation ourselves, as we chose not to allow them to reinstall it remotely. Overall rating: 10/10.
Cloud and compute team leader at a manufacturing company with 1,001-5,000 employees
Real User
Top 10
Sep 4, 2025
I haven't used the customizable dashboards feature yet. I cannot assess the effectiveness of the machine learning algorithms in reducing threat response time; I don't remember using a feature like that in Sweet Security. Regarding how Sweet Security has helped me prioritize risks and threats more effectively, I don't know how to say if it helped or not, but it is definitely needed, as the tool is our eyes and ears with everything cloud-related. We purchased Sweet Security through a direct purchase. We are not a small company; we have 7,500 users, but our IT team is indeed very small with just two users of this product. I would recommend Sweet Security to other users for the price and functionality. I rate Sweet Security eight out of ten.
Sweet Security offers advanced cybersecurity measures designed to protect enterprise-level networks from complex threats, providing efficient monitoring and robust protection capabilities.Focused on sophisticated threat detection and network security, Sweet Security provides an enterprise-grade solution for cybersecurity challenges. It integrates seamlessly with existing systems, offering real-time analytics and threat intelligence. Its comprehensive approach ensures high-level data...
I would describe the effectiveness of Sweet Security's Layer-7 network traffic inspection in understanding application requests and responses as very important. Sweet Security monitors real-time API and service-to-service traffic in production while building context around normal versus abnormal application behavior. What Layer 7 detects in Sweet Security is essential because many modern attacks do not break infrastructure; they abuse applications. Traditional CNAPP tools often just look at misconfigurations and CVEs, whereas Sweet Security adds depth by focusing on runtime behavior. Sweet Security's Layer 7 capability means real-time visibility into API and application behavior to detect attacks that bypass infrastructure-level defenses. I would assess the integration of LLMs in Sweet Security's vulnerability management as beneficial because they can summarize complex runtime security events in plain English. This gives faster alert triage and investigation and reduces alert noise. CNAPP tools can normally generate many alerts, but LLMs filter duplicates, group related issues, and prioritize real threats. This is why we are experiencing better time efficiency because we are prioritizing real threats and taking away alert fatigue. LLMs help interpret API and application layer behavior, which is useful for understanding normal API flows and authentication abuse, providing strong Layer 7 contextual analysis. Additionally, LLMs enable executive-ready reporting by converting technical incidents into summaries, impact analysis, and business risk explanations, making it much easier to communicate with leadership. The LLM integration with Sweet Security improves detection, reduces noise, and turns complex runtime cloud security data into clear, actionable intelligence. My advice to others looking into Sweet Security is to examine whatever cloud-native platform they have, run a free trial, and attempt a proof of value or proof of concept. Learn about it, use it, and compare it to what you currently have. Although it may not be as well-known as Wiz, Palo Alto, or Tenable CNAPP, Sweet Security definitely stands the test of time and is a great product. Everything I have mentioned is truly excellent. Sweet Security represents the next generation of CNAPP that differentiates through a runtime-first approach and focuses on detecting and responding to real attacks in environments. For me, that provides correlating signals across cloud, app, and identity. What stands out against traditional tools is that we are shifting right in our approach. If you want to be proactive rather than reactive, Sweet Security is a strong CNAPP enterprise vendor that any organization should consider. As a shifting-right technology in the production environment responding to real-time threats with Layer 7 integration and LLMs to help contextualize risk and show where breaches will occur rather than providing a long list of vulnerabilities, Sweet Security offers competitive pricing and great customer service. I would highly recommend that people research Sweet Security, trial it, and definitely compare it to their current CNAPP platform. I would rate this review an eight out of ten overall.
I am using the eBPF sensor in Sweet Security. The usage of the eBPF-based sensor has been pretty low. I was concerned about this initially because these sensors typically are pretty resource-intensive. However, this specific one is below one gigabyte of RAM and has very low CPU usage. The RAM consumption is around three hundred megabytes and the CPU usage is around three percent of one core. It's super low. I haven't tried the LLM-based reply scanning feature in Sweet Security yet. I recently received a message that they are also doing LLM reply scanning now, but I haven't tested this one yet. It hasn't really saved me time, I would say. It actually creates more work because it makes me aware of things that I was not aware of before. I would probably receive a different answer from a company that had another tool before and now has Sweet Security, but for me, I didn't have any tool before, so Sweet Security creates more work now. However, it's good to have. Babylon is a pretty small company, so the number I'll give for Sweet Security usage is up to ten users. That's a small number. I am a global company with Sweet Security and operate remotely. I have integrated Sweet Security with AWS and have integrated it with my own on-premises infrastructure as well. I have tried a few more integrations. I requested an integration with PagerDuty and an integration with GitHub audit logs, which they both don't have. They haven't implemented this and it's been almost half a year now. So they have some things, but they could have more. I would definitely recommend Sweet Security to companies like mine, to small companies, small to medium-sized companies, or startups that need somewhere to start, need to get a lot of things from a single tool, don't want to pay a lot of money, and want to build the initial security. My overall review rating for Sweet Security is seven out of ten.
I assess the effectiveness of the machine learning algorithms in reducing threat response time as pretty good. At first, when we started with Sweet Security, the first month or so was pretty noisy with lots of different alerts being raised, but that's understandable. However, as time passed, we don't see any false positives, which is amazing. The machine learning works extremely well. We use the customizable dashboards and they are excellent in allowing us to create one dashboard for the CISO view. The CISO view is mainly for the CISO and the directors who are operating on the cloud, infrastructure and application security. They want to see things from a high-level, cross-company-wide perspective. We have that dashboard, but we also created a dedicated dashboard per specific analyst team. We still don't really use the reporting tools much, unfortunately. This is our next step. The next step for us would be to connect the reporting mechanism with our internally developed system that knows how to take off those reports and then do whatever we need with them. The threat detection capabilities influence our decision-making processes. Whenever we need to make a decision about what should be fixed first or what we should focus on, the team will first go to the threat detection page and learn about the system or the environment that we need to take a decision for. On a day-to-day basis, around 10 users are logging into the platform. Overall, there might be around 30 or 40 people. The solution requires maintenance, but it is minimal. Once in a while, when Sweet Security releases a new agent, we need to conduct the installation ourselves, as we chose not to allow them to reinstall it remotely. Overall rating: 10/10.
I haven't used the customizable dashboards feature yet. I cannot assess the effectiveness of the machine learning algorithms in reducing threat response time; I don't remember using a feature like that in Sweet Security. Regarding how Sweet Security has helped me prioritize risks and threats more effectively, I don't know how to say if it helped or not, but it is definitely needed, as the tool is our eyes and ears with everything cloud-related. We purchased Sweet Security through a direct purchase. We are not a small company; we have 7,500 users, but our IT team is indeed very small with just two users of this product. I would recommend Sweet Security to other users for the price and functionality. I rate Sweet Security eight out of ten.