Introduction: AI against AI has become an ongoing security trend.
In 2023, the wave of new artificial intelligence technology led by AIGC is accelerating its implementation in all walks of life, and the field of enterprise-level security services is no exception.
Recently, the two-day Amazon Cloud Technology re:Inforce 2023 Global Conference was held in California, USA. Security services driven by artificial intelligence (AI) and machine learning (ML) became a highlight of this re:Inforce.
At the re:Inforce 2023 Global Conference, Amazon Cloud Technology brought seven new services, among which many newly released services - Amazon CodeGuru Security and Findings Groups for Amazon Detective, Amazon Inspector Code Scans For Lambda are all related to AI.
Amazon Cloud Technology believes that security automation services driven by AI/ML can help customers better respond to security incidents and promote business continuity. In fact, Amazon is investing heavily in large language models (LLM) and generative AI. Amazon CEO Andy Jassy said in his 2022 letter to shareholders that this is "central to enabling Amazon to innovate in every area of its business for decades to come."
Scale breeds wisdom
At present, Amazon Cloud Technology has firmly established itself as the world's leading cloud service provider. How to help global customers deal with the increasingly large amount of data is the basis for providing leading security services.
Swami Sivasubramanian, vice president of data and machine learning at Amazon Cloud Technology, said, "All customers want amazing innovations and inventions, and I firmly believe that data is the origin of the next big inventions and innovations."
As a cloud infrastructure provider, Amazon Cloud Technology has a unique advantage in security protection: it has collected a large amount of data related to security incidents from customers over the years, which can be used as intelligence for companies to develop better security solutions. Amazon Web Technologies analyzes 3TB of data every minute and also shares its intelligence with hosting providers and domain registrars. As CJ Moses, chief information security officer of Amazon Cloud Technology, said, scale breeds intelligence, which leads to better security.
CJ Moses, Chief Information Security Officer, Amazon Cloud Technologies
CJ Moses emphasized the importance of the previously introduced Amazon Security Lake. The service is designed to automatically centralize user security data from on-premises, Amazon Cloud Technology and other cloud providers, as well as third-party sources, into a purpose-built data lake in their Amazon Cloud Technology account for efficient security operations. Because Security Lake adopts the Open Cybersecurity Schema Framework (OCSF, Open Cybersecurity Schema Framework), an open standard, it can normalize and combine security data from Amazon cloud technology and a wide range of sources, enabling security teams to easily and automatically collect data at the petabyte scale. , Combine, and analyze security data, enabling visibility into all security data.
AI against AI
Amazon Cloud Technologies is investing heavily in generative AI to prepare for the future, and sees the potential of artificial intelligence as "indispensable" for cybersecurity experts. According to the vision of CJ Moses, the field of network security can use generative AI to combat security threats. "Our customers must use AI and ML-based defenses to avoid AI and ML-based attacks."
CJ Moses believes that generative AI and large language models (LLMs) can have a significant impact on security teams by enhancing and complementing existing tools and processes while handling lower-level tasks. "We can train generative AI models to create threat hunting queries, summarize attack event data, write bug fix code, and write penetration test scripts."
At this re:Inforce 2023 conference, the newly released Findings Groups for Amazon Detective uses machine learning technology and graph technology to correlate thousands of discrete security events. Just like a detective, Findings Groups for Amazon Detective can unravel complicated information, find out the correlation between events, and finally locate the problem. Focusing on an incident in isolation can lead security analysis to a dead end, making it difficult to identify the root cause afterwards. This problem is solved through graph analysis techniques, which can be used to infer the relationship between the findings.
Another newly released product, Amazon CodeGuru Security, as a static application security testing (SAST) tool, can use machine learning (ML) to identify code vulnerabilities and defects written by developers and provide remediation guidance capabilities. It claims to find everything from log injections to resource leaks with a low false positive rate. Cooperating with the AI programming assistant Amazon CodeWhisper released in April this year, it can form a programming-oriented AI overall automation and security scanning capabilities, so that Code Whisperer can be used to assist in writing code and scanning vulnerabilities during the development phase, and Amazon Inspector can be used during the operation phase To find problems in the code, use Amazon CodeGuru Security to identify and fix code vulnerabilities at any stage of the application development workflow.
Amazon Inspector Code Scans For Lambda, which was displayed at the same time, expanded the scanning scope of Inspector, not only supporting security scanning of the code of Lambda functions, but also scanning for vulnerabilities in application package dependencies. After detecting a vulnerability, Amazon Inspector will generate some details about the vulnerability, point out the affected code fragment, and give suggestions to resolve the vulnerability. All information is aggregated in the Amazon Inspector console and can also be seamlessly routed to Amazon Security Hub and pushed to Amazon EventBridge for workflow automation.
It is reported that in the next stage, Amazon Cloud Technology will launch more security services using AI technologies such as large language models. CJ Moses said, "As AI takes over low-value security tasks, we can really achieve a safety improvement."
Automation: The future of AI-driven security
For Amazon cloud technology, the goal of strengthening the application of AI is to enable its customers to realize automatic security operations, freeing the security team to focus on more important matters, including the detection, prevention and response of security incidents. Using Amazon data protection service can realize automatic protection and business innovation: use Amazon cloud services and tools to protect data in an efficient, economical and reusable way for three scenarios of data transmission, storage and use.
"Customers want centralized security data from cloud, on-premises and custom sources for better visibility and insight," said CJ Moses.
Amazon Cloud Technology Data Lake enables customers to centrally aggregate, manage, and derive value from security-related log and event data. At present, more than 80 partners have integrated with Amazon Security Lake to store unified security data and provide security analysis. The Amazon Built-In Partner Solutions (Amazon Built-In Partner Solutions) released at the same time can help users find, purchase and deploy security solutions and services verified by Amazon Cloud Technology, and help users improve the security of applications. So as to really focus on the business.
In addition, AI security is also a major challenge in the AI era. In the RSAC2023 Innovation Sandbox Competition, companies that provide AI model security protection were even named innovation sandbox champions. Amazon SageMaker-native features can effectively enhance the security of artificial intelligence and machine learning. Integrating Amazon SageMaker's native security functions and deviation detection functions with Amazon Cloud Technology's native security solutions can provide seamless and unified security protection and governance for artificial intelligence and machine learning.
Embed security into every phase of your business
Facing the increasingly serious security situation and the deepening of digital transformation, security is facing a repositioning: security should be the starting point of business.
In a global survey by Vodafone, 89% of respondents believed stronger security would be a competitive advantage in winning new customers. As a result, friction is reduced and time-to-market is reduced when customers take a security-first approach and embed security earlier in the product development lifecycle. For the world's leading infrastructure provider, how does Amazon Cloud Technology define security?
Amazon Cloud Technologies believes that its security starts with the core infrastructure. To this end, security needs to be embedded in every stage of business development, including different stages of design, R&D, deployment, and operation and maintenance. Amazon Cloud Technology has set up a security guardian team, setting up security personnel positions in the product team according to a certain proportion, responsible for all security of products and services, and also setting up an independent application security review process, which is applicable to all product service updates and updates. release.
At present, we have entered the era of artificial intelligence security, and the technical challenges faced by security protection are getting higher and higher. Defense measures based on artificial intelligence and machine learning must be used to avoid and respond to attacks based on artificial intelligence and machine learning, ensure enterprise cloud security, and build a security foundation for digital transformation.
The picture comes from photo network
END