1. Forum
  2. tqwNet
  3. TQW GENTECH

  • "Threat actors have a goal in mind and they'll use whatever path

    From TechnologyDaily@1337:1/100 to All on Sun Dec 28 10:15:08 2025
    "Threat actors have a goal in mind and they'll use whatever path they see to get that goal" - AWS CISO tells us how your company can stay safe, by being more like Amazon

    Date:
    Sun, 28 Dec 2025 10:00:00 +0000

    Description:
    Being smart about AI in cybersecurity can make all the difference, AWS CISO tells us.

    FULL STORY ======================================================================

    With AI now a common presence in businesses everywhere, a need for smarter
    and more intuitive cybersecurity is also paramount, with defenders and attackers alike harnessing the power of the technology.

    But how should your business prepare? At the recent AWS re:Invent 2025 event, I sat down with Amy Herzog, Chief Information Security Officer, to get her views and advice on staying safe in the AI age. Gen AI for good

    Like many of the top announcements at AWS re:Invent 2025, a new security
    agent hit the headlines for its ability to work alongside human workers to relieve some of the strain in everyday work.

    Herzog notes her team has been experimenting with using generative AI tools
    to help solve security problems at Amazon at scale over the past year, but outlines how using agentic AI to mimic humans wasn't the most successful way to think about agents - instead, they found these agents should focus on
    doing one specific job really well, then be pulled together into a larger framework which can help with human effort.

    "If our product teams aren't grounding themselves in their customer experience, and I'm not grounding myself in the builder experience inside
    AWS, I can't do a good job, she notes, highlighting the need for actual on
    the level information for security teams to ground themselves. (Image credit: Future / Mike Moore)

    Perhaps surprisingly, Herzog also notes that her role recently has included
    an attempt to deflate the hype around AI a little bit for customer, instead, looking at how they can pragmatically use the technology for something
    grander - in effect, not just adding AI to everything, but getting value too.

    You need to know what the agents want to do, she says, explaining the need to de-mystify AI agents for customers, whilst noting while the same basic security needs that have always existed, expanding them in an agentic context is the challenge, as security is so fast-paced, sometimes it's good to reset and realize this isn't too different to what we had yesterday.

    "I would encourage customers to think about going beyond the processes they have in place, towards focusing the risk you're trying to eliminate, measure that as well as you can, then you're going to notice when stuff is changing and you need to adapt to, she adds, sometimes security teams can get caught
    up in, what is my scanner producing, and "what am I resolving" rather than here's how quickly I'm fixing each of the individual things that my scanner
    is finding, which is a more coherent view to adapt from.

    Reflecting on the new AWS security agent, Herzog outlines how, things are going to change - the goal is, do we now have a new tool to catch when they do."She adds that possibly the most exciting thing about the security agent
    is the ability to catch and prevent things before they're ever in front of a customer's eye, noting how, it's important to respond to the moment, but also you have a lot less to respond too if you get it right the first time. Boosting defenses

    With levels of AI hype continuing to rise, there is at least a high level of realism in the security industry, where new threats develop every day - so I ask Herzog, will there ever be such a thing as 100% security?

    "It sets up a bit of a false choice, she says with a smile, I can make you a perfectly secure computer system - but you won't like the way it functions!"

    Its not a binary - but that shouldnt be our goalwe should be thinking about whats the best balance of functionality and control to achieve the thing that we want to achieve - we want to be more pragmatic as security professionals
    in shipping securely in the way that delivers the best value to customers in the long term.

    "Gen AI is not always the point, this is a pretty darn exciting new way to accomplish more of the same kinds of things that we've always wanted to accomplishthe advice I'm trying to give right now is that we know that security in six months, a year, will not look quite the same as today - so what you need to do is be alert and be curious, and be aware of what the changes are so that you can adapt at speed to them.

    In some cases this is going to mean protecting against things that we don't know exist yet, but in others, it might actually be that we've got a new opportunity to improve our defenses that we couldn't do before. We've rounded up the best endpoint protection software around



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/threat-actors-have-a-goal-in-mind-and-t heyll-use-whatever-path-they-see-to-get-that-goal-aws-ciso-tells-us-how-your-c ompany-can-stay-safe-by-being-more-like-amazon


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)