AWS re:Invent 2024 - Generative AI for security in the real world (SEC403) | AWS Events

Brad, a principal security specialist at AWS, and Matt Saner, who leads security specialists for AWS Industries, present a technical session on using generative AI for security, emphasizing practical applications over theoretical discussions. They aim to demonstrate how AI can automate mundane tasks, maximize limited resources, and enhance proactive and reactive security measures. They discuss challenges like hallucinations, data privacy, quality control, and excessive agency, and present demos using services like SageMaker, Bedrock, and Amazon Q, highlighting different approaches and tools. Brad focuses on incident response and compliance, while Matt shows how virtual assistants can aid in threat hunting and incident response, and they also explore the controversial use of AI in deception platforms, warning of potential dangers and the need for careful implementation.

Outlines

Part 1: Introduction and Value of Generative AI in Security

Part 2: AI for Incident Response and Compliance Automation

Part 3: AI as Virtual Assistant and for Remediation

Part 4: Generative AI as a Deception Platform

Part 5: Conclusion and Key Takeaways

Sign in to continue reading, translating and more.

Open full episode in Podwise

AWS re:Invent 2024 - Generative AI for security in the real world (SEC403)

AWS Events

Part 1: Introduction and Value of Generative AI in Security

Introduction to Practical Security Applications of Generative AI

The Value and Challenges of Generative AI in Security

Part 2: AI for Incident Response and Compliance Automation

Generative AI for Incident Response and AWS AI Stack Overview

Ensuring Consistency and Defining Prompts in AI Models

Demonstrating AI-Powered Incident Response with SageMaker and Security Hub

Automating Compliance with Software Bill of Materials (SBOM) Generation

AI-Powered Compliance Question Answering with FedRAMP Data

Part 3: AI as Virtual Assistant and for Remediation

AI as a Virtual Assistant for Threat Hunting and Incident Response

Automating Remediation with Human-in-the-Loop Approval

Iterative Prompt Engineering for Vulnerability Assessment

Enhancing Threat Hunting and Incident Response with AI-Generated Vulnerability Data

Building a Self-Service Compliance Portal with Amazon Q Business

Part 4: Generative AI as a Deception Platform

Generative AI as a Deception Platform: An Emerging and Dangerous Space

Active Deception with AI: Tailoring Responses to Adversary Attributes

Feed the Bear: Synthesizing Traffic and Generating Fake Student Records

Server on Demand: Just-in-Time Building with Dockerized Environments

Extending Deception: Publishing Containers to ECR and Responding to Probes

Advanced Threat Analysis: Interpreting Complex Payloads and Acting Like the Adversary

Part 5: Conclusion and Key Takeaways

Key Takeaways and Closing Remarks

AWS re:Invent 2024 - Generative AI for security in the real world (SEC403)

AWS Events

Part 1: Introduction and Value of Generative AI in Security

00:02Introduction to Practical Security Applications of Generative AI

Introduction to Practical Security Applications of Generative AI

02:50The Value and Challenges of Generative AI in Security

The Value and Challenges of Generative AI in Security

Part 2: AI for Incident Response and Compliance Automation

05:06Generative AI for Incident Response and AWS AI Stack Overview

Generative AI for Incident Response and AWS AI Stack Overview

07:20Ensuring Consistency and Defining Prompts in AI Models

Ensuring Consistency and Defining Prompts in AI Models

09:03Demonstrating AI-Powered Incident Response with SageMaker and Security Hub

Demonstrating AI-Powered Incident Response with SageMaker and Security Hub

12:19Automating Compliance with Software Bill of Materials (SBOM) Generation

Automating Compliance with Software Bill of Materials (SBOM) Generation

15:21AI-Powered Compliance Question Answering with FedRAMP Data

AI-Powered Compliance Question Answering with FedRAMP Data

Part 3: AI as Virtual Assistant and for Remediation

18:06AI as a Virtual Assistant for Threat Hunting and Incident Response

AI as a Virtual Assistant for Threat Hunting and Incident Response

21:33Automating Remediation with Human-in-the-Loop Approval

Automating Remediation with Human-in-the-Loop Approval

24:48Iterative Prompt Engineering for Vulnerability Assessment

Iterative Prompt Engineering for Vulnerability Assessment

27:23Enhancing Threat Hunting and Incident Response with AI-Generated Vulnerability Data

Enhancing Threat Hunting and Incident Response with AI-Generated Vulnerability Data

30:14Building a Self-Service Compliance Portal with Amazon Q Business

Building a Self-Service Compliance Portal with Amazon Q Business

Part 4: Generative AI as a Deception Platform

34:33Generative AI as a Deception Platform: An Emerging and Dangerous Space

Generative AI as a Deception Platform: An Emerging and Dangerous Space

37:56Active Deception with AI: Tailoring Responses to Adversary Attributes

Active Deception with AI: Tailoring Responses to Adversary Attributes

40:08Feed the Bear: Synthesizing Traffic and Generating Fake Student Records

Feed the Bear: Synthesizing Traffic and Generating Fake Student Records

43:32Server on Demand: Just-in-Time Building with Dockerized Environments

Server on Demand: Just-in-Time Building with Dockerized Environments

47:41Extending Deception: Publishing Containers to ECR and Responding to Probes

Extending Deception: Publishing Containers to ECR and Responding to Probes

50:22Advanced Threat Analysis: Interpreting Complex Payloads and Acting Like the Adversary

Advanced Threat Analysis: Interpreting Complex Payloads and Acting Like the Adversary

Part 5: Conclusion and Key Takeaways

53:35Key Takeaways and Closing Remarks

Key Takeaways and Closing Remarks