Ep167: Leveraging Amazon Bedrock and Agents for Accelerating Innovation and Engineering with Trellix

Trellix's Director of Strategy Zak Krider reveals how they automated tedious security tasks like event parsing and threat detection using Amazon Bedrock's multi-model approach, achieving 100% accuracy while eliminating bottlenecks in their development lifecycle.

Topics Include:

• Trellix merged FireEye and McAfee Enterprise, combining two decades of cybersecurity AI expertise
• Processing thousands of daily security events revealed traditional ML's weakness: overwhelming false positives
• Two years ago, they integrated generative AI to automate threat investigation workflows
• Amazon Bedrock's multi-model access enabled rapid testing and "fail fast, learn fast" methodology
• Built custom cybersecurity testing framework since public benchmarks don't reflect domain-specific needs
• Agentic AI now autonomously investigates threats across dark web, CVEs, and telemetry data
• AWS NOVA builds investigation plans while Claude executes detailed threat research analysis
• Launched "Sidekick" internal tool with agents mimicking human developer onboarding processes
• Chose prompt engineering over fine-tuning for flexibility, cost-effectiveness, and faster iteration
• Automated security rule generation across multiple languages that typically require unicorn developers
• Achieved 100% accuracy in automated event parsing, eliminating tedious manual SOC work
• Key lesson: don't default to one model; test and mix for optimal results

Participants:

• Zak Krider - Director of Strategy & AI, Trellix

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/