Kanaiya Vasani, Chief Product Officer, explains how ExtraHop leverages AWS services and generative AI to help enterprise customers address the growing security challenges of uncontrolled AI adoption.

Topics Include:

• ExtraHop reinventing network detection and response category
• Platform addresses security, performance, compliance, forensic use cases
• Behavioral analysis identifies potential security threats in infrastructure
• Network observability and attack surface discovery capabilities included
• Application and network performance assurance built-in features
• Traditional IDS capability with rules and IOCs detection
• Packet forensics for investigating threats and wire evidence
• Cloud-native implementations and compromised credential investigation support
• ExtraHop partnership with AWS spans 35-40 different services
• AWS handles infrastructure while ExtraHop focuses core competencies
• ExtraHop early adopter of generative AI in NDR
• Natural language interface enables rapid data access queries
• English questions replace complex query languages for users
• Agentic AI experiments focus on SOC automation workflows
• L1 and L2 analyst workflow automation improves productivity
• Shadow AI creates major risk concern for customers
• Uncontrolled chatbot usage risks accidental data leakage
• Governance structures needed around enterprise gen AI usage
• Visibility required into LLM usage across infrastructure endpoints
• AI innovation pace challenges security industry keeping up
• Models evolved from billion to trillion parameters rapidly
• Traditional security tools focus policies, miss real-time activity
• "Wire doesn't lie" - network traffic reveals actual behavior
• ExtraHop maps baseline behavior patterns across infrastructure endpoints
• Anomalous behavioral patterns flagged through network traffic analysis
• MCP servers enable LLM access through standardized protocols
• Stolen tokens allow adversaries unauthorized MCP server access
• Machine learning identifies anomalous traffic patterns L2-L7 protocols
• Gen AI automates incident triage, investigation, response workflows
• Best practices include clear policies, governance, monitoring, education

Participants:

• Kanaiya Vasani – Chief Product Officer, ExtraHop Networks

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Notes:

Cribl’s Field CISO Ed Bailey discusses how customers can manage the quality and quantity of data by providing intelligent controls between data sources and destinations.

Topics Include:

• Cribl company name origin
• Company helps organizations screen data to find valuable insights
• Ed Bailey was Cribl's first customer back in 2018
• Data growth of 25% yearly created seven-figure cost increases
• CEOs and CIOs complained about explosive data storage costs
• Users demanded more data while budgets remained constrained
• Bailey discovered Cribl through a random Facebook advertisement
• Cribl Stream sits between data sources and destinations
• No new agents required, uses existing infrastructure connections
• Reduced data growth from 28% to 8% within year
• Development cycles shortened from six weeks to two weeks
• Bailey managed global security and telemetry data systems
• Operated large Splunk instance across forty different countries
• Team spent time collecting data instead of extracting value
• Cribl provided consistent data control plane for operations
• Smart engineers could focus on machine learning solutions
• Migrated from terrible SIEM to better security platform
• Data strategy should focus on business requirements first
• Not all data has the same business value
• Tier one: Critical data goes to expensive platforms
• Tier two: Important data stored in cheaper lakes
• Tier three: Compliance data in low-cost object storage
• SIEM costs around one dollar per gigabyte stored
• Data lakes cost twelve to eighteen cents per gigabyte
• Object storage costs fractions of pennies per gigabyte
• AWS partnership provides scalable infrastructure for rapid growth
• EC2, EKS, and S3 are heavily utilized services
• Cribl Search finds data directly in object storage
• Avoids costly data movement for search and analysis

Participants:

• Edward Bailey – Field CISO, Cribl

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Saviynt Co-Founder Amit Saha discusses how their AWS partnership has enabled the identity security company to deliver comprehensive identity protection while minimizing organizational friction.

Topics Include:

• Saviynt is leading identity security provider in market
• Secures human, non-human, workforce, and privileged access identities
• Eliminates friction while automating organizational access management processes
• Biggest challenge: reducing friction in new access processes
• Second challenge: visibility into accumulated technical debt problems
• Lost business context makes access permissions difficult to unwind
• Saviynt provides quick visibility to prioritize identity risks
• Shadow IT creates ungoverned workloads and cloud applications
• Need integration with asset management and cloud providers
• Must derive intelligence from multiple disconnected information sources
• AWS partnership provides access to prolific customer base
• AWS security owners are same buyers for Saviynt
• Eleven-year AWS relationship with early security competency
• ISV Accelerate program connects with sellers and architects
• Rising Star program helps stand out in crowded marketplace
• Find mutual customers for successful AWS partnership stories
• GenAI in bad actors' hands compromises customer security
• Product engineering uses GenAI tools for better quality
• Agentic AI creates new paradigm between human/non-human identities
• Agentic AI requires dynamic, fluid access management approaches
• AI agents can generate their own bots needing access
• Zero trust principles needed at broader scale for AI
• Next twelve months: getting ahead of GenAI curve
• New AWS services launch daily in GenAI space
• Contributing to new standards like MCP and A2A protocols
• AWS Marketplace simplifies procurement and buyer discovery processes
• EDP program and migration incentives benefit ISV transactions
• AWS developer-friendly startup programs accelerate time to market
• Cloud-native approach enables predictable scaling and AWS integration
• AWS-Saviynt partnership aims for once-in-generation security impact

Participants:

• Amit Saha – Co-Founder and Chief Growth Officer, Saviynt

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Chief Architect Russell Leighton discusses how Panther's cloud platform revolutionizes security operations by treating detections as Python code and AI enabled alert vetting turning responses from hours into minutes.

Topics Include:

• Panther is a cloud security monitoring tool (cloud SIEM)
• Works at massive scale, more cost-effective than legacy systems
• Key differentiator: "detections as code" written in Python
• Brings software engineering best practices to security operations
• Enables unit testing and version control for security detections
• Recently adopted generative AI to improve security workflows
• SOC burnout is renowned due to tedious ticket processing
• AI has intelligence of security engineer, works much faster
• Example: Alert shows "Russ Leighton removed branch protection"
• Old way: Manual log analysis, checking user profiles manually
• Takes hours of squinting at detailed log data
• New AI way: Automatic vetting happens in minutes
• AI checks user profile in Okta or IDP
• Determines engineer status, assesses typical behavior patterns
• Provides risk assessment based on historical alert data
• Low risk for engineers, high risk for unusual users
• Example: HR person accessing production code is escalated
• Customer quote: Takes vetting "from hours to seconds"
• Panther customers get dedicated AWS accounts for security
• Company can't see customer data, only self-reported metrics
• AI provides summaries, risk assessments, timelines, visualizations
• Also suggests remediations like human security engineer would
• Initial concerns about putting AI in production environment
• Customer feedback exceeded expectations with feature requests
• AWS Bedrock integration addresses customer security concerns
• Uses Anthropic Claude as base LLM through Bedrock
• Customers can enable additional Bedrock guardrails independently
• AI transparency prevents hallucination concerns through explanations
• Claude's extended thinking mode shows reasoning process
• AI visualizes thinking with flowcharts explaining decision process

Participants:

• Russell Leighton – Chief Architect, Panther

Further Links:

• Website: Panther.com
• AWS Marketplace

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Security leaders from Anthropic and AWS discuss how agentic AI is transforming cybersecurity functions to autonomously handle everything from code reviews to SOC operations.

Topics Include:

• Agentic AI differs from traditional AI through autonomy and agency
• Traditional AI handles single workflow nodes, agents collapse multiple steps
• Higher model intelligence enables understanding of broader business contexts
• Agents make intelligent decisions across complex multi-step workflows processes
• Enterprise security operations are seeing workflow consolidation through GenAI
• Organizations embedding GenAI directly into customer-facing production applications
• Software-as-a-service transitioning to service-as-software through AI agents
• Securing AI requires guardrails to prevent hallucinations in applications
• New vulnerabilities appear at interaction points between system components
• Attackers target RAG systems and identity/authorization layers instead
• LLMs hallucinate non-existent packages, attackers create malicious honeypots
• Governance frameworks must be machine-readable for autonomous agent reasoning
• Amazon investing in automated reasoning to prove software correctness
• Anthropic uses Claude to write over 50% of code
• Automated code review systems integrated into CI/CD pipelines
• Security design reviews use MITRE ATT&CK framework automation
• Low-risk assessments enable developers to self-approve security reviews
• 40% reduction in application security team review workload
• Anthropic eliminated SOC, replaced entirely with Claude-based automation
• IT support roles transitioning to engineering as automation replaces frontline
• Compliance questionnaires fully automated using agentic AI workflows
• ISO 42001 framework manages AI deployment risks alongside security
• Executive risk councils evaluate AI risks using traditional enterprise processes
• AWS embeds GenAI into testing, detection, and user experience
• Finding summarization helps L1 analysts understand complex AWS environments
• Amazon encourages teams to "live in the future" with AI
• Interview candidates expected to demonstrate Claude usage during interviews
• Security remains biggest barrier to enterprise AI adoption beyond POCs
• Virtual employees predicted to arrive within next 12 months
• Model Context Protocol (MCP) creates new supply chain security risks

Participants:

• Jason Clinton – Chief Information Security Officer, Anthropic
• Gee Rittenhouse – Vice President, Security Services, AWS
• Hart Rossman – Vice President, Global Services Security, AWS
• Brian Shadpour – GM of Security and B2B Software Sales, AWS

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Spryker’s Chief Product Officer, Elena Leonova, discusses the Spryker Business Intelligence platform and how working with AWS as a strategic advisor unlocked deeper opportunities for transformative growth.

Topics Include:

• Elena Leonova introduces Spryker as digital commerce platform
• Spryker focuses on sophisticated B2B commerce transactions
• Traditional industries: manufacturing, industrial goods, med tech
• Customers sell complex equipment like MRI machines, tractors
• Products are custom-built to order through procurement processes
• Extensive negotiation and aftermarket servicing are required
• Competitors focus on fashion, food - not complex equipment
• Spryker exclusively hosted on AWS cloud infrastructure
• AWS partnership enables new capabilities and customer innovation
• Business intelligence tools and AI capabilities now available
• Ricoh example: global manufacturer of industrial-grade printers
• Ricoh sells through dealers and distributors worldwide
• S-Diverse: new automotive software marketplace partnership platform
• Connects automotive manufacturers with embedded software producers
• Spryker Business Intelligence powered by Amazon QuickSight launched
• Commerce becoming more intelligent than traditional repeat purchases
• Complex equipment buyers don't purchase MRI machines weekly
• Platform provides insights into customer portal navigation patterns
• Combines commerce data with search, CRM, competitive intelligence
• Helps merchants identify revenue optimization signals from noise
• Business intelligence integrated directly within Spryker platform
• Customers should evaluate platform's future scalability and flexibility
• Revenue optimization requires understanding what metrics to improve
• Easy-to-use data analysis prevents information overload problems
• QuickSight's GenAI capabilities enable faster executive decision-making
• AWS partnership provided cost optimization and innovation confidence
• Elena initially viewed AWS as just hosting provider
• Building shared vision with AWS unlocked deeper collaboration
• AWS became trusted advisor for strategy and partnerships
• Generative AI enables multi-persona communication across customer types

Participants:

• Elena Leonova – Chief Product Officer, Spryker

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

ActiveFence CEO Noam Schwartz discusses how his company evolved from protecting platforms against user-generated harmful content to helping companies deploy public-facing AI safely at scale.

Topics Include:

• Noam Schwartz introduces himself as ActiveFence CEO
• Former intelligence officer specializing in open source intelligence
• Mission: protect online experiences for everyone everywhere
• Online platforms constantly hammered by various attacks
• Attacks include cybersecurity, abuse, hate speech, spam
• Companies playing endless whack-a-mole game with violations
• Need scalable solution that works across languages/formats
• Developed enterprise-grade technology for sophisticated companies
• Amazon became customer and great partner early on
• Generative AI introduction changed the game completely
• LLMs non-deterministic unlike traditional programmed chatbots
• Same input produces different outputs each time
• AI deployed in customer support, healthcare, airlines
• New risks when models speak on company's behalf
• One bad output creates legal and reputational damage
• Companies need to deploy public-facing AI safely
• Transition affects healthcare, finance, gaming, government sectors
• Building on years of user-generated content expertise
• No specific ChatGPT moment triggered their AI pivot
• ActiveFence was AI company since day one
• Model companies like Amazon, Nvidia asked for help
• Realized their expertise perfectly suited for AI safety
• Staying on top of AI developments is impossible
• Focus on customer adoption, not every new release
• Main enterprise challenge is trusting AI technology
• Unrealistic expectations for 100% accuracy from AI
• Most companies will license existing models, not build
• Security solutions remain independent like traditional cybersecurity

Participants:

• Noam Schwartz – CEO and Co-Founder, ActiveFence
• Ofer Oringher – Software and Technology Account Manager, AWS

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Jeff Moncrief discusses Sonrai Security's Cloud Permissions Firewall, and the best practices for using AI-powered summaries and orchestration to ensure security at all points.

Topics Include:

• Jeff Moncrief introduces Sonrai Security and Cloud Permissions Firewall
• Focus on achieving least privilege access in AWS quickly
• Lightweight orchestration layer secures IAM from inside out
• Eliminates need to write hundreds of individual policies
• Customers struggle with identity risk in CNAP/CSPM tools
• Generative AI adoption driving top security use cases
• Bedrock and AI agents mentioned daily by customers
• Product managers should consider underlying platform security risks
• AI models have control over infrastructure they run on
• Identity is fundamental infrastructure enabling AWS AI models
• Sonrai uses Bedrock capability inside Cloud Permissions Firewall
• Just-in-time access provides temporary, time-boxed AWS access
• Bedrock generates session summaries from audit logs automatically
• Plain English insights show what happened during sessions
• Session summaries improve audit compliance and incident response
• Customer with 1000 accounts manually deployed service controls
• Friday afternoon deployment caused very bad weekend disaster
• Policy inheritance issues broke child accounts and OUs
• Planning and orchestration essential for scaling AI security
• Sonrai platform built 100% cloud-native on AWS
• Coordinates service control policies and resource control policies
• Just-in-time access relies on IAM Identity Center
• Participates in ISV Accelerate and AWS Marketplace
• Security best practices start with identity as foundation
• "Hackers don't hack, they just log in" philosophy
• Eliminate standing privileges with just-in-time access patterns
• Restrict AI services by user, location, and account
• Review over-permissioned or inactive third-party vendor access
• Actionable insights through useful logging and AI summarization
• Future focus on protecting new services and permissions

Participants:

• Jeff Moncrief – Field CTO & Director of Sales Engineering, Sonrai Security

Links:

• Website – Sonraisecurity.com
• AWS Marketplace – Sonrai Security

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/