TalksAWS re:Invent 2025 - Reimagining Cloud Detection & Response with Agentic AI (AIM291)

AWS re:Invent 2025 - Reimagining Cloud Detection & Response with Agentic AI (AIM291)

Reimagining Cloud Detection & Response with Agentic AI

Latest Threats in Cloud Security

  • Scattered Spider and other mature adversaries are increasingly targeting cloud environments
  • Adversaries are building entire threat ecosystems within cloud infrastructure, using cloud building blocks against defenders
  • Example of Genesis Panda:
    • Exfiltrated cloud credentials, breached customer accounts
    • Laterally moved, built their own infrastructure within customer environments
    • Established persistent SSH access without touching endpoints

Impact of AI on Attackers

  • Adversaries leveraging AI/ML for enhanced reconnaissance, vulnerability exploitation, malware development
  • Significantly reduces time between vulnerability exposure and successful attack
  • Lowers barrier to entry for cloud breaches

Challenges for Defenders

  • Median breach time reduced to 48 minutes, with some as fast as 51 seconds
  • Lack of inline cloud sensors, complex/siloed cloud data, difficulty responding to cloud APIs
  • Traditional security tools and processes cannot keep up with speed of modern cloud attacks

Reimagining Cloud Detection & Response

  1. Real-Time Visibility & Detection:

    • Streaming cloud telemetry data for immediate analysis and detection
    • Applying detections in-stream to reduce latency from minutes to seconds

  2. Correlation & Contextualization:

    • Unifying data from cloud trail, flow logs, identity, and other sources
    • Applying machine learning and agentic AI to provide context and triage detections

  3. Accelerated Response:

    • Integrating with Falcon Fusion to automate response actions
    • Allowing human-in-the-loop validation of automated responses

Agentic AI Capabilities

  • Increases productivity of security teams by automating triage and response
  • Reduces mean time to respond by providing expert-level analysis and recommendations
  • Helps address security skills shortage by providing pre-trained agents for cloud-specific contexts
  • Agents trained using data and expertise from CrowdStrike's Overwatch and Incident Response teams

Holistic Agentic AI Security Platform

  • Single unified sensor for Linux, Windows, Kubernetes, and containers
  • Detections across endpoints, cloud, SaaS, and identity
  • Agentic AI agents providing context, triage, and remediation recommendations
  • Enabling a comprehensive, cross-domain view of threats and breaches

Key Takeaways

  • Cloud environments face increasingly sophisticated and fast-moving threats, requiring new approaches
  • CrowdStrike has reimagined cloud detection and response with real-time visibility, contextualization, and accelerated automated response
  • Agentic AI agents enhance security teams' productivity, responsiveness, and ability to address skills gaps
  • Holistic platform integrates detections across domains to provide comprehensive threat visibility and remediation

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.