Full Report
Wiz introduces AI-remediation steps powered by Amazon Bedrock to empower customers to remediate risks quickly.
Analysis Summary
# Best Practices: Leveraging Generative AI for Cloud Security Remediation
## Overview
These practices focus on adopting and implementing Generative AI (GenAI) integrations, specifically utilizing platforms like Amazon Bedrock, to rapidly analyze security findings (Wiz Issues) and generate actionable, copy-paste-ready remediation steps, thereby drastically reducing Mean Time to Remediate (MTTR).
## Key Recommendations
### Immediate Actions
1. **Activate AI-Powered Remediation:** Immediately enable the GenAI integration within your existing security platform (e.g., Wiz) that leverages foundational models (FMs) running on Amazon Bedrock for issue analysis.
2. **Validate Generated Steps:** For the first set of AI-generated remediation steps, have a security engineer cross-reference the output against known best practices before implementation to build trust in the tool.
3. **Prioritize High-MTTR Issues:** Identify the top 10 recurring security findings currently consuming the most investigation time and run them through the new AI remediation feature to confirm time savings.
### Short-term Improvements (1-3 months)
1. **Establish Copy-Paste Workflow:** Define and document standard operating procedures (SOPs) for developers and security engineers on when and how to directly copy and paste AI-generated remediation into their respective toolchains (CLI, IaC).
2. **Benchmark MTTR Reduction:** Measure the time taken to remediate a set of common issues (e.g., S3 misconfigurations, unpatched vulnerabilities) *before* and *after* adopting the AI guidance to quantify the impact.
3. **Pilot Model Customization:** If the platform allows, begin experimenting with customizing the underlying foundation models using your organization's proprietary security policies or successful past remediation data to improve future accuracy.
### Long-term Strategy (3+ months)
1. **Integrate Remediation into CI/CD:** Strategically integrate the AI-generated remediation steps directly into pre-commit hooks or automated pipelines where feasible, turning remediation into an automated gate rather than a manual step.
2. **Expand Scope Beyond Configuration:** Challenge the remediation tool to start analyzing complex risks identified in the Wiz Security Graph (e.g., network exposure combined with a critical vulnerability) and generate cross-domain remediation plans.
3. **Governance for GenAI Output:** Develop governance policies detailing the verification and approval requirements for AI-generated infrastructure-as-code (IaC) changes to ensure responsible AI usage and maintain configuration drift control.
## Implementation Guidance
### For Small Organizations
- **Focus on Developer Empowerment:** Utilize the copy-paste steps primarily to empower developers who own the code to fix issues directly, requiring minimal additional security overhead for verification.
- **Use CLI/Console Fixes:** Start by implementing AI recommendations directly in the cloud console or via simple CLI commands, as these are faster to execute than rewriting IaC templates.
### For Medium Organizations
- **Adopt IaC Integration:** Focus efforts on training teams to adapt AI suggestions into organizational IaC templates (Terraform, CloudFormation) to ensure remediation is both fast and repeatable across environments.
- **Centralized Approval Queue:** Implement a lightweight ticketing system where AI-suggested remediation steps are routed to a security analyst for a quick "approval" before being passed to the owning development team for deployment.
### For Large Enterprises
- **Model Evaluation Framework:** Establish a formal framework to evaluate and compare the output quality of different Foundation Models available through services like Amazon Bedrock to select the most contextually accurate and secure options.
- **Audit Trail Requirements:** Ensure comprehensive logging is in place to track which AI model generated which remediation, enabling detailed security auditing and retrospective validation of the remediation process chain.
- **Build Custom Agents:** Investigate building custom agents on Bedrock that can not only suggest the fix but also execute simple, low-risk remediation actions autonomously after specific authorization thresholds are met.
## Configuration Examples
While specific configuration parameters are not provided in the text, the guidance points toward utilizing native providers for specific tools:
- **CLI:** Direct execution via the command line interface (e.g., AWS CLI, Azure CLI).
- **Infrastructure as Code (IaC):** Applying suggestions to:
- Terraform configuration files.
- CloudFormation JSON/YAML templates.
- **Code Remediation:** Updating code written in:
- Pulumi (Go or Python).
## Compliance Alignment
The primary goal of improving MTTR directly supports organizational compliance objectives related to vulnerability management and patch cycles:
- **NIST SP 800-53 (RA family):** Accelerated identification and remediation directly supports risk assessment and continuous monitoring activities.
- **ISO/IEC 27001 (A.12 Control):** Improvement in operational security processes and implementation of documented procedures for system changes.
- **CIS Controls (Control 16: Incident Response Management):** Significant reduction in the time taken to handle identified security issues aligns with efficient incident response capabilities.
## Common Pitfalls to Avoid
- **Blind Trust:** Assuming AI-generated steps are 100% correct or secure without any human validation, especially for high-privilege changes.
- **Ignoring Context:** Deploying remediation steps generated for one environment (e.g., Staging) directly into production without checking environmental drift or application-specific dependencies.
- **Over-reliance on Read-Only Risk Visibility:** Simply using the GenAI to understand the risk better without enforcing the implementation of the generated remedial actions.
- **Underestimating IaC Adaptation:** Failing to convert CLI/console steps into formal IaC templates, leading to remediation being undone by subsequent infrastructure deployments.
## Resources
- **Wiz Documentation:** Consult specific platform documentation (e.g., "Wiz Docs" mentioned) for login-required details on enabling and configuring Bedrock-powered remediation steps.
- **Amazon Bedrock Documentation:** Refer to the official AWS documentation for details on selecting, experimenting with, and customizing Foundation Models (FMs) for enterprise use.
- **MTTR Metrics:** Review internal or external guidance on calculating and optimizing Mean Time to Remediate (MTTR) for cybersecurity issues.