AWS announced its AWS Security Incident Response service at its annual re:Invent …
Incident response has become a defining factor in how organizations weather the storms of digital threats. With the cloud at the heart of modern business operations, cyber intrusions have shifted focus, targeting data repositories, AI models, and core business functions. To tackle this growing challenge, AWS and CrowdStrike have joined forces to reshape how incidents are managed, emphasizing speed, collaboration, and innovation.
The launch of AWS Security Incident Response is a notable step toward empowering organizations to respond more effectively to cyber incidents. Paired with CrowdStrike’s expertise and tools, this partnership strives to set a new standard for resilience
From Chaos to Collaboration
Incident response has traditionally been plagued by inefficiencies—disparate tools, slow resolution times, and siloed teams. AWS’s new service aims to change that by offering organizations a comprehensive solution.
I had a chance to sit down with Hart Rossman, VP of Global Services Security for AWS, and Daniel Bernard, chief business officer at CrowdStrike, during the AWS re:Invent conference in early December to talk about the collaboration and what it means for customers.
“Incident response is a team sport,” noted Rossman. He explained that the service streamlines processes by integrating data from AWS’s GuardDuty and partner tools like CrowdStrike’s Falcon platform. “It’s all about speed to resolution,” Rossman emphasized, highlighting how the centralized platform reduces response times from days to minutes.
The service also features case management and collaboration tools that bring together security teams, legal advisors, and external partners. This integrated approach ensures that all stakeholders can respond cohesively to incidents, minimizing chaos and confusion.
CrowdStrike’s Role in the Ecosystem
CrowdStrike’s specialization in stopping breaches aligns perfectly with AWS’s objectives. “We’re not just participants; we’re thought partners,” said Bernard. He explained that as a company born in the cloud and deeply integrated with AWS, CrowdStrike brings critical capabilities to the table.
Bernard emphasized the value of Falcon Cloud Security, which offers cross-cloud visibility—a crucial advantage for organizations with hybrid or multi-cloud strategies. “AWS is my native cloud, but I might have some assets in Azure or Google Cloud,” Bernard explained. “Our platform provides a single layer to manage security across all these environments.”
This interoperability extends AWS’s reach while enabling CrowdStrike to deliver seamless protection, ensuring that even complex cloud ecosystems are secure.
Generative AI: A Game-Changer with Caveats
Artificial intelligence is not new to cybersecurity, but its potential has reached new heights with the advent of generative AI. AWS and CrowdStrike are exploring how these technologies can enhance incident response, from automating triage to offering actionable insights.
Rossman outlined AWS’s cautious yet optimistic approach: “Generative AI can add a lot of value, but we need responders to be comfortable with the technology first.” To that end, AWS has developed internal tools like a triage assistant that uses natural language processing to identify patterns, recommend actions, and speed up decision-making.
However, challenges remain. Generative AI’s tendency to “hallucinate”—generate inaccurate or misleading outputs—is a critical concern. AWS is addressing this by employing automated reasoning, a mathematical approach that reduces errors and guarantees reliable results. Rossman noted a specific example: “We’ve used this to ensure that AI-generated IAM policies are not only correct but also the most efficient way to accomplish tasks.”
CrowdStrike, too, is pushing boundaries. Bernard described how AI has evolved in cybersecurity, from basic prevention to predictive capabilities. “We’re moving toward agentic AI—systems that not only detect threats but take action to mitigate them. This is where generative AI can really shine,” he said.
Innovation Through Partnership
Beyond their immediate offerings, AWS and CrowdStrike are investing in the broader cybersecurity ecosystem. The two companies, along with Nvidia, have launched a startup accelerator program to foster innovation. Bernard highlighted the program’s impact: “Startups can build on AWS, leverage Nvidia’s AI capabilities, and secure everything with CrowdStrike. It’s a powerful combination that drives industry-wide progress.”
This collaboration also serves as a “living lab,” as Bernard described it, where AWS and CrowdStrike continuously refine their tools based on real-world use and customer feedback. Bernard believes the result is not just better products but a more resilient cybersecurity landscape.
The Future of Incident Response
As the threat landscape evolves, so too must the strategies and tools used to combat it. AWS and CrowdStrike are working toward a future where incident response is not just reactive but predictive. By integrating generative AI and fostering collaboration, they are making it possible to scale response capabilities even as threats grow more sophisticated.
However, both Rossman and Bernard emphasized that humans remain critical to the process. “You don’t want to take the pilot out of the cockpit,” Bernard said, reflecting on the balance between automation and human oversight. “AI can handle the mundane, but you need human judgment for complex situations.”
A Collaborative Vision
The partnership between AWS and CrowdStrike is a blueprint for how the cybersecurity industry can adapt to a rapidly changing world. By combining AWS’s cloud infrastructure, CrowdStrike’s security expertise, and the power of AI, they can enable organizations of all sizes to respond faster, more effectively, and with greater confidence.
As Rossman put it, “At the end of the day, it’s about helping customers navigate the chaos and come out stronger.”
English 
