AWS re:Inforce 2024
How to Protect Generative Ai Models Using Genai Secure Dap322 S

Title: AWS re:Inforce 2024 - How to protect generative AI models using GenAI Secure (DAP322-S)

Insights:

  • Introduction and Background: Rich Vorwaller, Chief Product Officer at Cloud Storage Security (CSS), introduces the session focused on their new release, GenAI Secure, aimed at protecting workloads in AWS.
  • Company Overview: CSS is a startup in cloud security, founded by individuals from established cybersecurity vendors. They identified gaps in existing solutions, particularly in protecting cloud storage and databases.
  • Analogy of the Ship of Theseus: Vorwaller uses the Ship of Theseus thought experiment to illustrate the need for a new approach in cloud security, rather than just adapting old technologies.
  • Problems with Existing Solutions:
    • Traditional endpoint security solutions adapted for AWS often focus on compute resources and involve operational challenges with deploying agents.
    • SaaS-based security solutions require API access and data transfer over the public internet, which CSS founders found unacceptable.
  • CSS's Approach:
    • CSS developed an in-tenant solution that does not require external connections or moving data to external infrastructure.
    • The solution leverages AWS native services and is built on a serverless stack, making it lightweight and easy to deploy.
  • Deployment and Support:
    • CSS's solution supports various AWS storage services (S3, EBS, EFS, FSX) and provides both inbound and outbound data protection.
    • The deployment process is streamlined, typically taking 5-6 minutes using a CloudFormation template and an ECR image.
  • GenAI Secure:
    • The new GenAI Secure feature integrates with Amazon Bedrock to extend protection to generative AI workflows.
    • It ensures data cleanliness in AI models and secures the output of generative AI applications.
  • Use Cases and Customer Feedback:
    • Customers use GenAI Secure to scan data in foundational models and ensure the output is free of sensitive data.
    • The integration with Bedrock also helps in malware analysis and creating custom data classification policies using regular expressions.
  • Customer Interaction and Growth:
    • Since its launch in 2020, CSS has expanded its offerings from malware protection on S3 to include data classification and data loss prevention.
    • The company has received positive feedback and has been able to adapt its solutions to meet the growing demand for GenAI security.

Quotes:

  • "If you don't like it, to be candid, marketing made most of this, and I'm just up here kinda reading it, so bear with me."
  • "Our founders in CSS, they came from very well known, established cybersecurity vendors, probably solutions that you're using today in your environment."
  • "We felt that the solution that we needed to provide shouldn't be based on old technology. It shouldn't require the customer to move their data over to our infrastructure."
  • "We literally give you kind of I would say two pieces of code. We give you a CloudFormation template, we give you an ECR image, and with those pieces you're literally kind of going to build up this protection stack in your environment."
  • "It's been great to have kind of this huge wave of Gen AI adoption and for us because we've taken this kind of distributed approach to adapt our solution to work in these environments."
  • "The other great thing that we were able to do with Bedrock was we really looked at, you know, how do we take advantage of just Gen AI in our product ourself?"
  • "It's been great. We've had some really, really great success with these and had some phenomenal feedback sessions from our customers."
  • "Please come on by we also have a marketplace trial free 30 days you can spin that up and I think that's it for a session so thank you very much I appreciate the time."
How to Fail at Building a Security Champions Program Aps326I Dont Always Do Appsec Testing but When I Do Its in Production Aps324 S