How Wiz is empowering organizations to remediate safety dangers quicker with Amazon Bedrock

Wiz is a cloud safety platform that permits organizations to safe the whole lot they construct and run within the cloud by quickly figuring out and eradicating essential dangers. Over 40% of the Fortune 100 belief Wiz’s purpose-built cloud safety platform to achieve full-stack visibility, correct threat prioritization, and enhanced enterprise agility. Organizations can join Wiz in minutes to scan your entire cloud atmosphere with out brokers and determine the problems representing actual threat. Safety and cloud groups can then proactively take away dangers and harden cloud environments with remediation workflows.

Synthetic intelligence (AI) has revolutionized the way in which organizations operate, paving the way in which for automation and improved effectivity in numerous duties that have been historically guide. Certainly one of these use circumstances is utilizing AI in safety organizations to enhance safety processes and enhance your total safety posture. One of many main challenges in cloud safety is discerning the very best methods to resolve an recognized challenge in the best option to let you reply shortly.

Wiz has harnessed the facility of generative AI to assist organizations take away dangers of their cloud atmosphere quicker. With Wiz’s new integration with Amazon Bedrock, Wiz clients can now generate guided remediation steps backed by basis fashions (FMs) working on Amazon Bedrock to cut back their imply time to remediation (MTTR). Amazon Bedrock is a completely managed service that gives a selection of high-performing basis fashions (FMs) from main AI firms like AI21 labs, Anthropic, Cohere, Meta, Mistral AI, Stability AI and Amazon via a single API, together with a broad set of capabilities to construct generative AI functions with safety, privateness, and accountable AI.

“The Wiz and Amazon Bedrock integration allows organizations to additional improve safety and enhance remediation time by leveraging a selection of highly effective basis fashions to generate GenAI-powered remediation steps.”

– Vivek Singh, Senior Supervisor, Product Administration-Tech, AWS AI

On this submit, we share how Wiz makes use of Amazon Bedrock to generate remediation steering for patrons that enable them to shortly tackle safety dangers of their cloud atmosphere.

Detecting safety dangers within the cloud with the Wiz Safety Graph

Wiz scans cloud environments with out brokers and runs deep threat evaluation throughout community exposures, vulnerabilities, misconfigurations, identities, information, secrets and techniques, and malware. Wiz shops your entire expertise stack in addition to any dangers detected on the Wiz Safety Graph, which is backed by Amazon Neptune. Neptune allows Wiz to shortly traverse the graph and perceive interconnected threat components in seconds and the way they create an assault path. The Safety Graph permits Wiz to floor these essential assault paths within the type of Wiz Points. For instance, a Wiz Challenge can alert of a publicly uncovered Amazon Elastic Compute Cloud (Amazon EC2) occasion that’s weak, has admin permissions, and might entry delicate information. The next graph illustrates this assault path.

Attack path

With its Safety Graph, Wiz gives clients with pinpoint-accurate alerts on safety dangers of their atmosphere, reduces the noise confronted with conventional safety instruments, and allows organizations to give attention to probably the most essential dangers of their atmosphere.

Remediating cloud dangers with guided remediation offered by Amazon Bedrock

To assist clients remediate safety dangers even quicker, Wiz makes use of Amazon Bedrock to research metadata from Wiz Points to generate efficient remediation suggestions for patrons. With Amazon Bedrock, Wiz combines its deep threat context with cutting-edge FMs to supply enhanced remediation steering to clients. Prospects can scale their remediation workflow and decrease their MTTR by producing straightforward-to-use copy-paste remediation steps that may be straight carried out into the instrument of their selection, such because the AWS Command Line Interface (AWS CLI), Terraform, AWS CloudFormation, Pulumi, Go, and Python, or straight utilizing the cloud atmosphere console. The next screenshot showcases an instance of the remediation steps generated by Amazon Bedrock for a Wiz Challenge.

An example of the remediation steps generated by Amazon Bedrock for a Wiz Issue

Wiz sends a immediate with all of the related context round a safety threat to Amazon Bedrock with directions on current the outcomes primarily based on the goal platform. Amazon Bedrock native APIs enable Wiz to pick the very best mannequin for the use case to reply the request, so when it’s acquired, it’s parsed and offered in an easy method within the Wiz portal.

To completely operationalize this performance in manufacturing, the Wiz backend has a service working on Amazon Elastic Kubernetes Service (Amazon EKS) that receives the client request to generate remediation steps, collects the context of the alert the client needs to remediate, and runs personally identifiable info (PII) redaction on the info to take away any delicate information. Then, one other service working on Amazon EKS pulls the ensuing information and sends it to Amazon Bedrock. Such a movement can run in every wanted AWS Area supported by Amazon Bedrock to deal with any compliance wants of their clients. As well as, to safe the utilization of Amazon Bedrock with least privilege, Wiz makes use of AWS permission units and follows AWS best practices. The Wiz service sending the immediate to Amazon Bedrock has a devoted AWS Identity and Access Management (IAM) function that permits it to speak solely with the particular Amazon Bedrock service and to solely generate these requests. Amazon Bedrock additionally has restrictions to dam any information coming from a non-authorized service. Utilizing these AWS providers and the Wiz Safety Graph, Wiz helps its clients undertake probably the most superior LLMs to hurry up the method of addressing advanced safety points in an easy and safe method. The next diagram illustrates this structure.

System architecture

Wiz clients are already experiencing the benefits of our new AI-driven remediation:

“The quicker we will remediate safety dangers, the extra we will give attention to driving broader strategic initiatives. With Wiz’s AI-powered remediation, we will shortly generate remediation steps that our safety staff and builders can merely copy-paste to remediate the difficulty.”

– Rohit Kohli, Deputy CISO, Genpact

Through the use of Amazon Bedrock for producing AI-powered remediation steps, we learnt that safety groups are capable of decrease the time spent investigating advanced dangers by 40%, permitting them to give attention to mitigating extra dangers. Moreover, they can empower builders to remediate dangers by eradicating the necessity for safety experience and offering them with actual steps to take. Not solely does Wiz use AI to boost safety processes for patrons, however it additionally makes it easy for patrons to securely undertake AI of their group with its AI Security Posture Management capabilities, empowering them to guard their AI fashions whereas growing innovation.

Conclusion

Utilizing generative AI for producing enhanced remediation steps marks a big development within the realm of problem-solving and automation. By harnessing the facility of AI fashions powered by Amazon Bedrock, Wiz customers can shortly remediate dangers with easy remediation steering, lowering guide efforts and enhancing MTTR. Learn more about Wiz and take a look at a live demo.

In regards to the Authors

Shaked Rotlevi is a Technical Product Advertising Supervisor at Wiz specializing in AI safety. Previous to Wiz she was a Options Architect at AWS working with public sector clients in addition to a Technical Program Supervisor for a safety service staff. In her spare time she enjoys enjoying seashore volleyball and mountain climbing.

Itay Arbel is a Lead Product Supervisor at Wiz. Earlier than becoming a member of Wiz, Itay was a product supervisor at Microsoft and did an MBA in Oxford College, majoring in excessive tech and rising applied sciences. Itay is Wiz’s product lead for the trouble of serving to organizations securing their AI pipeline and utilization of this new rising expertise.

Eitan Sela is a Generative AI and Machine Studying Specialist Options Architect at AWS. He works with AWS clients to offer steering and technical help, serving to them construct and function Generative AI and Machine Studying options on AWS. In his spare time, Eitan enjoys jogging and studying the most recent machine studying articles.

Adi Avni is a Senior Options Architect at AWS primarily based in Israel. Adi works with AWS ISV clients, serving to them to construct progressive, scalable and cost-effective options on AWS. In his spare time, he enjoys sports activities and touring with household and buddies.