AI agents are already being put to good use by cybersecurity teams at Amazon, according to AWS CISO Amy Herzog, with the tech giant ramping up in-house adoption of its own agentic solutions.
Speaking during a panel session at the company’s re:Invent conference last week, Herzog told attendees she’s “optimistic about what a boon this will be for defenders”, later telling ITPro that agents are helping to reduce workloads and streamline processes.
Responding to critical vulnerability exploits (CVEs), for example, is a prime area in which agents are helping reduce manual toil, Herzog noted. This has traditionally been a laborious process, especially given the volume of CVEs on an annual basis and Amazon’s need to shore up a myriad of networks, platforms, and solutions.
“Analyzing CVE changes or updates is a thing my team has to do at scale,” she told ITPro. “In particular, we have to combine the kind of massive scale, the number of CVEs in a year, with the scale of the AWS network that we need to evaluate.”
“There's tiers of analysis of these, starting with fully automated and then we get into deeper human interaction. We sort of funnel them right,” Herzog explained. “And [with] the deeper human interaction we can cover so much more.
So far, Herzog noted there has been a “500% increase” in the company’s ability to “piece together information” for security teams on this front.
This marks a step change in efficiency for security practitioners, and with agents, teams are able to lower manual activities and focus on the aforementioned “deeper human interactions”.
It’s the cybersecurity equivalent of the “focusing on more rewarding aspects of your role” talking point frequently touted by providers. In this instance, however, the company has tangible examples of the technology actually delivering on promises.
“Outside of response scenarios, we’re seeing a similar pattern of benefit to our workers, where they've got a task to do, it involves some amount of piecing together information and stitching it together and understanding of richer context that used to be quite manual and somewhat painful in many cases, especially for our responder teams,” she said.
“Now the agents can help prepare the information that they need to take that high judgment human action with a lot less toil. They're making the humans more effective and having to do less of the kind of toil stitching together work that it's the bread and butter of a security job.”
AWS is all-in on agentic AI
Herzog’s comments came off the back of a week filled with agentic AI announcements by AWS, with the company doubling down on this latest iteration of the technology.
The launch of powerful new “frontier AI agents” were among the big talking points of the week, with agents aimed specifically at security operations and software development announced by CEO Matt Garman.
As ITPro reported, the AWS Security Agent looks to bolster security capabilities for developer teams, working in-tandem alongside dedicated DevOps and Kiro coding agents to streamline the software development lifecycle.
From initial production projects to launches, AWS wants customers to embed agents across workflows to drive efficiency.
An agentic AI paradox
Herzog wasn’t alone in highlighting the gains security teams are unlocking with agentic AI. Hart Rossman, VP for Office of the CISO at AWS, also told ITPro the company has had a “security responder agent” in production for some time now.
In the case of a responder receiving a signal, evidence, or a ticket, Hartmann said cyber practitioners could ask the agent “a question or two to develop some context” and speed up response times.
While the agent has proved effective on this front, it did highlight somewhat of a paradox. The responder agent has streamlined processes for security teams, but Hartmann revealed testing showed these gains were offset by the sheer interest in the tool’s capabilities.
Simply put, users found themselves asking more questions than needed, thereby slowing down processes – albeit marginally.
“What we found was that they actually spend time to ask, on average, 11 questions of the bot because it was so compelling. One question led to another question, and then [after] around 10 or 11 questions they would kind of go back to their workflow,” Hartmann told ITPro.
“So on one hand, we were excited that they were seeing the value in the agentic solutions, but on the other hand we said, well now that’s created a little bit of an inefficiency itself,” he added.
Fine-tuning of the tool, and how cybersecurity professionals use it in daily operations, has resulted in significant improvements, Hartmann revealed.
“We really don't want them asking 11 questions of the bot. We now want to take that feedback and say, can we get them the same result in two questions,” he said.
“So we’ve been on that journey and it’s dramatically reduced the time to get from initial signal to plausible courses of action, to remediate, and then correction or root cause analysis.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Agentic AI poses major challenge for security professionals
- Agentic AI carries huge implications for security teams
- Agentic AI could be a blessing and a curse for cybersecurity
-
HPE selects CrowdStrike to safeguard high-performance AI workloadsNews The security vendor joins HPE’s Unleash AI partner program, bringing Falcon security capabilities to HPE Private Cloud AI
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
