AWS re:Inforce: All About Generative AI for Cybersecurity

As AWS re:Inforce kicks off, remember Orsi’s point about security offense, defense, implementation and governance. 

“Those are the predominant areas where a CISO needs to allocate resources and justify investments, and that's where different channel partners can come in to satisfy those specific needs,” Orsi said.

And, he added, these resources apply across organizations of all sizes, including small and medium businesses. That’s marked a significant shift within AWS over the last couple of years, and aligns with the markets many Channel Futures readers serve. Across the board, organizations are looking to partners to handle the offensive side of security – think red teaming, penetration testing, end-user training and so on.

“They're basically preparing that company to expect the unexpected,” Orsi said. “And this is where our resilience competency that we created at re:Invent in 2023 … is coming to life right now this year – teaching partners how to teach customers to put in an extra layer of resilience controls into their cloud and non-cloud resources as well.”

The offensive position in security is critical. 

As generative AI grows in capability and popularity, cyber attacks are morphing, too. That means social engineering is taking over from common breaches such as ransomware and phishing (although those are not abating). Social engineering, Orsi said, “has taken on a completely different life: Deep fake videos, voices, emails – they're all coming to life very very quickly.”

Generative AI aids and abets those attacks. But security experts can use gen AI to fight back. 

“Generative AI to me is like humanity discovering a new element – you know, wind, fire, water… And it can be used for great use cases and not-so-great use cases,” Orsi said.

Bad actors are, of course, taking the latter tack. And AWS partners are stepping up to combat those rising threats. In fact, look for a veritable slew of vendor and channel announcements this week related to AWS re:Inforce, around generative AI and security. In general, Orsi said, “expect a focus on resiliency.”

Continuing with that security offense conversation, Orsi pointed out the increasing complexity confronting organizations – and why channel partners are so crucial to efforts around mitigating or, ideally, preventing breaches.

“It seems like, over time, that the number of offensive attacks, the number of logs generated, is always increasing, almost with Moore's Law,” Orsi said.

In line with that, though, is the reality that partners on the defensive side of security – software developers, managed services firms – are meeting the challenge.

“We're really seeing them step up in a big way,” Orsi said.

These partners, he explained, are “addressing quickly evolving catchphrases and terminologies to describe things like prompt injection attacks, data well-poisoning attacks, and, of course, that data leakage sensitivity that many folks have out there about where their data is going and the line of reasoning as it moves through the model backup to an output.”

All in all, as AWS re:Inforce rolls on this week, the company’s leaders are bullish on its third-party experts.

“These really, really great partner companies … are a part of our strategy,” Orsi said. They, he added, “have received the [security] message from us and they've also helped us inform our strategy. It's definitely a two-way relationship. And we're focused on helping people adopt this new element, if you will, leveraging this really, really strong and deep bench of partners that we have.”

Go to the next slide for the first new-release announcement from AWS re:Inforce.

AWS is adding generative AI-powered query assistance to CloudTrail Lake, a data lake that accepts any kind of telemetry. 

In other words, security experts soon may derive deeper insights, from application monitoring observability to understanding third-party devices operating at the edge. The capability is available in preview. 

Similarly, the AWS Audit Manager framework now includes SageMaker. This is more of a governance-oriented addition. Partners helping security teams can offer more assistance in the policy management arena here.

Next comes an update to Amazon GuardDuty, which offers threat detection.

Now, look for malware protection to natively extend to S3 buckets. VARs and systems integrators are prime targets for adoption and subsequent consulting around this capability.

“You'll probably see them adopting this and advising companies on toolset, consolidation cost savings [and] … maybe increasing and modernizing what they're doing in their S3 storage accounts,” Orsi said.

After GuardDuty comes more controls for Cloud WAN. Customers now may insert the AWS network firewall, or a third-party firewall, into Cloud WAN. 

“This really helps simplify network inspection, in particular,” Orsi said. 

That’s because there’s just one place from which to control policy now, rather than having to access different portals.

Security professionals overseeing implementation will find deploying network security policies much simpler now, per AWS.

Next up, for companies with employees using mobile devices, comes an update to AWS’ Private Certificate Authority service.

There’s now a preview version of a passwordless experience for phones, laptops or tablets. The certificate deploys much faster than before, a boon for partners offering lifecycle management services, Orsi said.

“They're definitely going to want to pay attention to this one,” he noted. “It's going to basically make that partner more efficient, really reduce their operation burden on managed certificates, and that password list experience that they're providing for our mutual customers.”

The last two announcements out of re:Inforce this week concern identity and access management.

The first part of that means AWS’ IAM platform now supports passkey for second-factor authorization.

“This is our roadmap drumbeat of continually improving the multifactor authentication story and tools,” Orsi said. 

In essence, users may create their passkeys with a fingerprint, facial biometrics or a personally identifiable number. For partners, including managed service providers, this will allow them to “pull out operational burden and offer some more differentiation and value back to the customers,” Orsi said.

Finally, the AWS IAM tool’s Access Analyzer component gets a boost with unused access recommendations around least privilege. This helps security experts automatically search for overly permissive settings and reduce them as it makes sense.

Artificial intelligence underpins these capabilities and, Orsi said, “it is absolutely table stakes that every MSSP out there is leveraging generative AI for intelligent reasoning at the analyst level.”

The tech world seems hyper-focused on generative AI right now. MSSPs may be feeling some fatigue or skepticism around that. But, Orsi exhorted, don’t.

“Although there’s a new element in the world called generative AI, the security principles around it … still tie back to what [MSSPs] know and what they're comfortable with,” he said. “There's still a need to apply controls to secure the environment. There's a need to apply logging and tracing to be able to detect if threats are coming from that environment.”

And, Orsi added, using generative AI, especially quickly in response to a threat, provides “better security outcomes for our mutual customers.”

The tech world seems hyper-focused on generative AI right now. MSSPs may be feeling some fatigue or skepticism around that. But, Orsi exhorted, don’t.

“Although there’s a new element in the world called generative AI, the security principles around it … still tie back to what [MSSPs] know and what they're comfortable with,” he said. “There's still a need to apply controls to secure the environment. There's a need to apply logging and tracing to be able to detect if threats are coming from that environment.”

And, Orsi added, using generative AI, especially quickly in response to a threat, provides “better security outcomes for our mutual customers.”