AWS for Software Companies Podcast

• Ep107: Cloud-Scale Security Monitoring – How Panther and AI are Revolutionizing Cybersecurity

  Chief Architect Russell Leighton discusses how Panther's cloud platform revolutionizes security operations by treating detections as Python code and AI enabled alert vetting turning responses from hours into minutes. Topics Include:Panther is a cloud security monitoring tool (cloud SIEM)Works at massive scale, more cost-effective than legacy systemsKey differentiator: "detections as code" written in PythonBrings software engineering best practices to security operationsEnables unit testing and version control for security detectionsRecently adopted generative AI to improve security workflowsSOC burnout is renowned due to tedious ticket processingAI has intelligence of security engineer, works much fasterExample: Alert shows "Russ Leighton removed branch protection"Old way: Manual log analysis, checking user profiles manuallyTakes hours of squinting at detailed log dataNew AI way: Automatic vetting happens in minutesAI checks user profile in Okta or IDPDetermines engineer status, assesses typical behavior patternsProvides risk assessment based on historical alert dataLow risk for engineers, high risk for unusual usersExample: HR person accessing production code is escalatedCustomer quote: Takes vetting "from hours to seconds"Panther customers get dedicated AWS accounts for securityCompany can't see customer data, only self-reported metricsAI provides summaries, risk assessments, timelines, visualizationsAlso suggests remediations like human security engineer wouldInitial concerns about putting AI in production environmentCustomer feedback exceeded expectations with feature requestsAWS Bedrock integration addresses customer security concernsUses Anthropic Claude as base LLM through BedrockCustomers can enable additional Bedrock guardrails independentlyAI transparency prevents hallucination concerns through explanationsClaude's extended thinking mode shows reasoning processAI visualizes thinking with flowcharts explaining decision processParticipants:Russell Leighton – Chief Architect, PantherFurther Links:Website: Panther.comAWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

  --------  

  23:54
• Ep106: Building Secure and Agile AI Agents at Scale with Anthropic and AWS

  Security leaders from Anthropic and AWS discuss how agentic AI is transforming cybersecurity functions to autonomously handle everything from code reviews to SOC operations.Topics Include:Agentic AI differs from traditional AI through autonomy and agencyTraditional AI handles single workflow nodes, agents collapse multiple stepsHigher model intelligence enables understanding of broader business contextsAgents make intelligent decisions across complex multi-step workflows processesEnterprise security operations are seeing workflow consolidation through GenAIOrganizations embedding GenAI directly into customer-facing production applicationsSoftware-as-a-service transitioning to service-as-software through AI agentsSecuring AI requires guardrails to prevent hallucinations in applicationsNew vulnerabilities appear at interaction points between system componentsAttackers target RAG systems and identity/authorization layers insteadLLMs hallucinate non-existent packages, attackers create malicious honeypotsGovernance frameworks must be machine-readable for autonomous agent reasoningAmazon investing in automated reasoning to prove software correctnessAnthropic uses Claude to write over 50% of codeAutomated code review systems integrated into CI/CD pipelinesSecurity design reviews use MITRE ATT&CK framework automationLow-risk assessments enable developers to self-approve security reviews40% reduction in application security team review workloadAnthropic eliminated SOC, replaced entirely with Claude-based automationIT support roles transitioning to engineering as automation replaces frontlineCompliance questionnaires fully automated using agentic AI workflowsISO 42001 framework manages AI deployment risks alongside securityExecutive risk councils evaluate AI risks using traditional enterprise processesAWS embeds GenAI into testing, detection, and user experienceFinding summarization helps L1 analysts understand complex AWS environmentsAmazon encourages teams to "live in the future" with AIInterview candidates expected to demonstrate Claude usage during interviewsSecurity remains biggest barrier to enterprise AI adoption beyond POCsVirtual employees predicted to arrive within next 12 monthsModel Context Protocol (MCP) creates new supply chain security risksParticipants:Jason Clinton – Chief Information Security Officer, AnthropicGee Rittenhouse – Vice President, Security Services, AWSHart Rossman – Vice President, Global Services Security, AWSBrian Shadpour – GM of Security and B2B Software Sales, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

  --------  

  37:20
• Ep105: Transforming B2B - How Spryker Powers Complex B2B Commerce with AWS

  Spryker’s Chief Product Officer, Elena Leonova, discusses the Spryker Business Intelligence platform and how working with AWS as a strategic advisor unlocked deeper opportunities for transformative growth.Topics Include:Elena Leonova introduces Spryker as digital commerce platformSpryker focuses on sophisticated B2B commerce transactionsTraditional industries: manufacturing, industrial goods, med techCustomers sell complex equipment like MRI machines, tractorsProducts are custom-built to order through procurement processesExtensive negotiation and aftermarket servicing are requiredCompetitors focus on fashion, food - not complex equipmentSpryker exclusively hosted on AWS cloud infrastructureAWS partnership enables new capabilities and customer innovationBusiness intelligence tools and AI capabilities now availableRicoh example: global manufacturer of industrial-grade printersRicoh sells through dealers and distributors worldwideS-Diverse: new automotive software marketplace partnership platformConnects automotive manufacturers with embedded software producersSpryker Business Intelligence powered by Amazon QuickSight launchedCommerce becoming more intelligent than traditional repeat purchasesComplex equipment buyers don't purchase MRI machines weeklyPlatform provides insights into customer portal navigation patternsCombines commerce data with search, CRM, competitive intelligenceHelps merchants identify revenue optimization signals from noiseBusiness intelligence integrated directly within Spryker platformCustomers should evaluate platform's future scalability and flexibilityRevenue optimization requires understanding what metrics to improveEasy-to-use data analysis prevents information overload problemsQuickSight's GenAI capabilities enable faster executive decision-makingAWS partnership provided cost optimization and innovation confidenceElena initially viewed AWS as just hosting providerBuilding shared vision with AWS unlocked deeper collaborationAWS became trusted advisor for strategy and partnershipsGenerative AI enables multi-persona communication across customer typesParticipants:Elena Leonova – Chief Product Officer, SprykerSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

  --------  

  21:32
• Ep104: Partnership in Innovation - How ActiveFence and AWS are De-risking AI

  ActiveFence CEO Noam Schwartz discusses how his company evolved from protecting platforms against user-generated harmful content to helping companies deploy public-facing AI safely at scale.Topics Include:Noam Schwartz introduces himself as ActiveFence CEOFormer intelligence officer specializing in open source intelligenceMission: protect online experiences for everyone everywhereOnline platforms constantly hammered by various attacksAttacks include cybersecurity, abuse, hate speech, spamCompanies playing endless whack-a-mole game with violationsNeed scalable solution that works across languages/formatsDeveloped enterprise-grade technology for sophisticated companiesAmazon became customer and great partner early onGenerative AI introduction changed the game completelyLLMs non-deterministic unlike traditional programmed chatbotsSame input produces different outputs each timeAI deployed in customer support, healthcare, airlinesNew risks when models speak on company's behalfOne bad output creates legal and reputational damageCompanies need to deploy public-facing AI safelyTransition affects healthcare, finance, gaming, government sectorsBuilding on years of user-generated content expertiseNo specific ChatGPT moment triggered their AI pivotActiveFence was AI company since day oneModel companies like Amazon, Nvidia asked for helpRealized their expertise perfectly suited for AI safetyStaying on top of AI developments is impossibleFocus on customer adoption, not every new releaseMain enterprise challenge is trusting AI technologyUnrealistic expectations for 100% accuracy from AIMost companies will license existing models, not buildSecurity solutions remain independent like traditional cybersecurityParticipants:Noam Schwartz – CEO and Co-Founder, ActiveFenceOfer Oringher – Software and Technology Account Manager, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

  --------  

  26:59
• Ep103: Supercharging Security with GenAI – Best Practice Sharing with Sonrai Security

  Jeff Moncrief discusses Sonrai Security's Cloud Permissions Firewall, and the best practices for using AI-powered summaries and orchestration to ensure security at all points.Topics Include:Jeff Moncrief introduces Sonrai Security and Cloud Permissions FirewallFocus on achieving least privilege access in AWS quicklyLightweight orchestration layer secures IAM from inside outEliminates need to write hundreds of individual policiesCustomers struggle with identity risk in CNAP/CSPM toolsGenerative AI adoption driving top security use casesBedrock and AI agents mentioned daily by customersProduct managers should consider underlying platform security risksAI models have control over infrastructure they run onIdentity is fundamental infrastructure enabling AWS AI modelsSonrai uses Bedrock capability inside Cloud Permissions FirewallJust-in-time access provides temporary, time-boxed AWS accessBedrock generates session summaries from audit logs automaticallyPlain English insights show what happened during sessionsSession summaries improve audit compliance and incident responseCustomer with 1000 accounts manually deployed service controlsFriday afternoon deployment caused very bad weekend disasterPolicy inheritance issues broke child accounts and OUsPlanning and orchestration essential for scaling AI securitySonrai platform built 100% cloud-native on AWSCoordinates service control policies and resource control policiesJust-in-time access relies on IAM Identity CenterParticipates in ISV Accelerate and AWS MarketplaceSecurity best practices start with identity as foundation"Hackers don't hack, they just log in" philosophyEliminate standing privileges with just-in-time access patternsRestrict AI services by user, location, and accountReview over-permissioned or inactive third-party vendor accessActionable insights through useful logging and AI summarizationFuture focus on protecting new services and permissionsParticipants:Jeff Moncrief – Field CTO & Director of Sales Engineering, Sonrai SecurityLinks:Website – Sonraisecurity.comAWS Marketplace – Sonrai SecuritySee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

  --------  

  17:04

More Technology podcasts

Trending Technology podcasts

About AWS for Software Companies Podcast

AWS for Software Companies Podcast: Podcasts in Family