How Reco uses Amazon Bedrock to transform security alerts

Machine Learning
Michael Lewis


This post was co-authored by Reco’s Tal Shapira and Tamir Friedman.

Reco helps organizations strengthen the security of their software-as-a-service (SaaS) applications and accelerate their business without compromise. Reco uses Amazon Bedrock’s Anthropic Claude to tackle the challenge of machine-readable security alerts that SOC teams struggle to quickly interpret. This implementation transforms raw alerts into intuitive, human-readable insights, optimizing security operations with AI-powered analytics, enhancing threat detection, streamlining alert processing, and providing the contextual intelligence needed to reduce response times and improve risk mitigation.

In this blog post, we introduce how Reco implemented Amazon Bedrock to transform security alerts and achieve significant improvements in incident response times.

Reco chose Amazon Bedrock for this solution because of its comprehensive benefits in deploying generative AI capabilities. Amazon Bedrock provides access to multiple underlying models from leading AI providers, giving you the flexibility to choose the best model for your specific use case. The service provides built-in security features such as data encryption, virtual private cloud (VPC) integration, and compliance alignment to industry standards to help ensure sensitive data is protected throughout your AI workflows. The pay-as-you-go pricing model eliminates upfront infrastructure costs and automatically scales with demand, making it cost-effective for fluctuating workloads. Additionally, Amazon Bedrock’s API-based architecture allows developers to integrate AI capabilities into their applications, allowing them to build advanced AI-powered solutions while maintaining control over application architecture and data flow.

The challenge: Make security alerts actionable

Modern security alerts are often highly technical, requiring security engineers to manually analyze raw event data, cross-reference metrics across multiple security alerts, determine potential impact and appropriate responses, derive actionable insights, and communicate results to non-technical stakeholders. This process is time-consuming and increases the risk of missing critical threats. This poses two challenges:

  1. Understanding alerts – How to turn structured alert data into meaningful insights that your security team can understand right away.
  2. investigation and repair – How to automate the process of suggesting investigative queries and remediation actions based on the context of an alert

Solution: Reco Alert Story Generator

Reco’s Alert Story Generator is a core component of the Reco solution and addresses these challenges through four key capabilities:

  • alert conversion – Transform complex JSON alert data into clear, actionable narratives that security teams can quickly understand.
  • Risk correlation – Analyze multiple data points to identify key security risks, assess potential impact, and prioritize response actions.
  • Communication between teams – Generate at-a-glance alert summaries for seamless sharing between security and business stakeholders.
  • automatic investigation – Create ready-to-run investigative queries to help analysts dig deeper into suspicious activity without having to manually create queries.

technical implementation

The alert story generator uses an advanced prompt engineering approach that combines:

  • Promotes consistent output quality by using carefully selected samples for several-shot learning. Moving from a zero-shot approach to a few-shot approach has significantly improved the consistency of structured output produced by language models.
  • Implementing contextual prompts using alert metadata and historical patterns. This approach involves inserting specific row data for each alert, providing a small number of shot examples dynamically selected for the source and type of alert.
  • Amazon Bedrock Prompt Cache Reduces Inference Latency by 75%

This AI-powered approach helps transform traditionally manual and time-consuming processes into automated workflows that can provide instant insights while maintaining the depth and precision that security teams require.

pipeline architecture

To understand how these technical components work together, let’s examine the end-to-end processing pipeline that powers Reco’s alert transformation system, as shown in the following diagram.

Pipeline architecture diagram

The workflow follows these key steps to orchestrate data from raw alerts to actionable insights.

  1. Users select alerts to investigate in the UI.
  2. Alerts are retrieved from the database in JSON format.
  3. Alert JSON, few-shot prompts, and golden samples are combined to generate prompts to identify suspicious patterns and anomalies and provide actionable, prioritized response recommendations.
  4. Contextualized prompts to Anthropic Claude Sonnet on Amazon Bedrock.
  5. The system sends the response back to the client for rendering.

The workflow shown in the following diagram runs on the AWS Cloud using microservices deployed in Amazon Elastic Kubernetes Service (Amazon EKS), a fully managed Kubernetes service, and Amazon RDS for PostgreSQL, a relational database service that holds context data related to prompts. Access to your users’ chats is secured by AWS WAF, which helps protect your backend from common exploits, and provided by Amazon CloudFront, which helps you deliver content with low latency and high transfer speeds.

pipeline request flow

Example result

The following image is an example of Reco Alert Story Generator results generated on mock data.

conclusion

Using Anthropic Claude on Amazon Bedrock, Reco has built a cutting-edge alert summarization tool that helps transform raw security alerts into actionable intelligence. This innovation enables security teams to respond more effectively, collaborate seamlessly, and reduce risk faster than ever before.

The Amazon Bedrock integration has significantly helped Reco’s customers enhance the way they manage and respond to security incidents. Key benefits include:

  • Investigation time reduced by 54% – AI-powered systems suggest investigative steps and automatically generate queries that help analysts gain deeper insight into potential threats.
  • 63% improvement in incident response time – Security teams can efficiently respond to security alerts with clear AI-generated remediation recommendations, significantly reducing the time it takes to mitigate threats. Reco customers report that their first-line support (Tier 1) analysts are now able to handle a broader range of security incidents independently, reducing the need for escalation to highly specialized specialists.
  • Strengthen cross-departmental collaboration – AI-generated narratives help transform technical alerts into business-relevant intelligence that security teams can share with non-technical stakeholders. This improved communication speeds decision-making and aligns security responses with business priorities.

To further explore how AI can help you transform your security alerts, enhance incident response, and implement Amazon Bedrock into your security operations, check out these essential resources:

About the author

Dr. Tal Shapira is the co-founder and CTO of Reco.ai.

Tal Shapira

Tal ShapiraHe is the co-founder and CTO of Reco, a leader in SaaS security, and an active member of the Cloud Security Alliance. He previously served as head of the Cybersecurity Research and Development Group within the Israeli Prime Minister’s Office and is an alumnus of the Elite Talpiot Program. Tal’s research spans artificial intelligence, computer networks, and cybersecurity, and he has held postdoctoral work at the Hebrew University of Jerusalem and Reichmann University. He holds a Ph.D. in electrical engineering from Tel Aviv University.

Tamir Friedman is a GenAI and Infrastructure Engineer at Reco.

Tamir Friedman

Tamir Friedman He is a GenAI and Infrastructure Engineer at Reco in Tel Aviv, where he has been designing AWS-based DevOps and enterprise-grade infrastructure since the company’s inception. He leads the development of Reco’s generative AI solution built on Amazon Bedrock and Anthropic Claude, including multiple production AI agents. Tamir holds a B.S. He holds a PhD in electrical and computer engineering from the Technion-Israel Institute of Technology and regularly speaks at industry events such as Go Israel meetups. When he’s not optimizing his cloud pipeline, you can probably find him practicing his bachata on the dance floor.

Doron Bleiberg, Senior Startup Solutions Architect

Doron Bleiberg

Doron BleibergSenior Startup Solutions Architect.



Source link

Related Posts

Top 5 AI courses students can explore

Michael Lewis

From folding boxes to vacuum cleaner repairs, GEN-1 robotics models achieve 99% reliability

Michael Lewis

NavigateAI begins building AI copilot for the physical world

Michael Lewis