AWS re:Invent 2025 - Reimagining Cloud Detection & Response with Agentic AI (AIM291)

Reimagining Cloud Detection & Response with Agentic AI

Latest Threats in Cloud Security

• Scattered Spider and other mature adversaries are increasingly targeting cloud environments
• Adversaries are building entire threat ecosystems within cloud infrastructure, using cloud building blocks against defenders
• Example of Genesis Panda:
  • Exfiltrated cloud credentials, breached customer accounts
  • Laterally moved, built their own infrastructure within customer environments
  • Established persistent SSH access without touching endpoints

Impact of AI on Attackers

• Adversaries leveraging AI/ML for enhanced reconnaissance, vulnerability exploitation, malware development
• Significantly reduces time between vulnerability exposure and successful attack
• Lowers barrier to entry for cloud breaches

Challenges for Defenders

• Median breach time reduced to 48 minutes, with some as fast as 51 seconds
• Lack of inline cloud sensors, complex/siloed cloud data, difficulty responding to cloud APIs
• Traditional security tools and processes cannot keep up with speed of modern cloud attacks

Reimagining Cloud Detection & Response

1. Real-Time Visibility & Detection:

   • Streaming cloud telemetry data for immediate analysis and detection
   • Applying detections in-stream to reduce latency from minutes to seconds

2. Correlation & Contextualization:

   • Unifying data from cloud trail, flow logs, identity, and other sources
   • Applying machine learning and agentic AI to provide context and triage detections

3. Accelerated Response:

   • Integrating with Falcon Fusion to automate response actions
   • Allowing human-in-the-loop validation of automated responses

Agentic AI Capabilities

• Increases productivity of security teams by automating triage and response
• Reduces mean time to respond by providing expert-level analysis and recommendations
• Helps address security skills shortage by providing pre-trained agents for cloud-specific contexts
• Agents trained using data and expertise from CrowdStrike's Overwatch and Incident Response teams

Holistic Agentic AI Security Platform

• Single unified sensor for Linux, Windows, Kubernetes, and containers
• Detections across endpoints, cloud, SaaS, and identity
• Agentic AI agents providing context, triage, and remediation recommendations
• Enabling a comprehensive, cross-domain view of threats and breaches

Key Takeaways

• Cloud environments face increasingly sophisticated and fast-moving threats, requiring new approaches
• CrowdStrike has reimagined cloud detection and response with real-time visibility, contextualization, and accelerated automated response
• Agentic AI agents enhance security teams' productivity, responsiveness, and ability to address skills gaps
• Holistic platform integrates detections across domains to provide comprehensive threat visibility and remediation