AWS re:Invent 2025 - Automated cloud security remediation with agentic workflows (SEC217)

Automated Cloud Security Remediation with Agentic Workflows

Partnership between Datadog and AWS

• Datadog is an Advanced Technology Partner with AWS, with over 100 AWS service integrations
• Key differentiators include AI-powered automation and advanced observability

AWS Security Hub Overview

• Unified cloud security solution that ingests and correlates security data from various sources
• Provides prioritized security insights, actionable workflows, and integrations with tools like Jira and Slack
• Enables responding to security issues at scale

Current Cloud Security Challenges

• Alert overload and difficulty prioritizing critical issues
• Manual remediation processes leading to bottlenecks and errors
• Fragmented workflows slowing down response times

Datadog-AWS Security Hub Integration

• Ingests Security Hub events into Datadog using OCSF format
• Runs workflows to prioritize and understand the impact of security issues on production applications
• Automatically creates Jira tickets to consolidate high-priority issues
• Uses Datadog's Metric Correlation Pipeline (MCP) and Kube CLI to apply fixes automatically

Demonstration of Automated Remediation

1. Identified critical EC2 port security issue in AWS Security Hub
2. Datadog integration contextualized the issue, understanding its impact on production applications
3. Automatically created a Jira ticket with the high-priority issue
4. Agent used natural language to verify the issue and apply the fix, closing it in both Security Hub and Datadog
5. Verified the issue was resolved in both AWS Security Hub and Datadog

Key Takeaways

• Automated, AI-driven workflows can drastically improve cloud security remediation speed and efficiency
• Integrating security data with observability platforms like Datadog enables better prioritization and impact analysis
• Agentic automation, where AI-powered agents handle the remediation process, can reduce human errors and accelerate security posture management
• This approach provides speed, efficiency, and scalability as cloud environments and AI systems become more complex

Business Impact

• Faster time-to-value for resolving critical security issues
• Reduced configuration errors and improved security posture
• Ability to keep up with the pace of change in complex, cloud-based environments
• Freeing up security teams to focus on strategic initiatives rather than manual remediation tasks

Real-World Examples

• A large enterprise customer was able to reduce their mean time to resolve security issues from days to minutes using the Datadog-AWS Security Hub integration and agentic workflows.
• Another customer was able to automate the remediation of over 80% of their security vulnerabilities, significantly improving their overall security posture.