Reactive Machines

How Reco transforms security alerts using Amazon Bedrock

Photo of nimda nimda Send an email 4 weeks ago
0 5 5 minutes read
How Reco transforms security alerts using Amazon Bedrock

This post was written by Tal Shapira and Tamir Friedman of Reco.

Reco helps organizations strengthen the security of their software as a service (SaaS) applications and accelerate business without compromise. Using Anthropic Claude at Amazon Bedrock, Reco tackles the challenge of machine-readable security alerts that SOC teams struggle to quickly interpret. This initiative helps transform raw alerts into accurate, human-readable information, improving security performance with AI-powered analytics that help improve threat detection, alert processing, and provide the contextual intelligence needed for faster response times and improved risk mitigation.

In this blog post, we show you how Reco used Amazon Bedrock to help transform security alerts and achieve significant improvements in incident response times.

Reco chose Amazon Bedrock for this solution because of its extensive benefits in unleashing the power of AI in manufacturing. Amazon Bedrock provides access to multiple base models from leading AI providers, allowing the flexibility to choose the right model for specific use cases. The service offers built-in security features including data encryption, virtual private cloud (VPC) integration, and compliance with industry standards, helping to ensure that sensitive data remains secure throughout the AI ​​journey. Its pay-per-view pricing model removes upfront infrastructure costs and automatically scales on demand, making it cost-effective for a flexible workload. Additionally, developers can use Amazon Bedrock's API-based architecture to integrate AI capabilities into their applications, so they can build advanced AI-powered solutions while maintaining control over their application architecture and data flow.

Challenge: Making security alerts work

Modern security alerts are often highly technical, requiring security engineers to analyze raw event data, cross-reference across multiple security alerts, determine potential impact and appropriate responses, obtain actionable information, and communicate findings to non-technical stakeholders. This process is time-consuming and increases the risk of missing important threats. This raises two challenges:

  1. A warning to understand – How to turn structured alert data into meaningful information that security teams can quickly understand
  2. Investigation and correction – How to automate the process of raising investigative questions and corrective actions based on alert context

Solution: Reco Alert Story Generator

Reco's Alert Story Generator is a key component of Reco's solution that addresses these challenges through four key capabilities:

  • Warning modification – Converts complex JSON alert data into clear, actionable narratives that can be quickly understood by security teams
  • Risk correlation – Analyzes multiple data points to identify key security risks, assess potential impact, and prioritize response actions
  • Group communication – Generates descriptive alert summaries for seamless sharing between security and business stakeholders
  • Automated investigation – Creates ready-to-use investigative queries that help analysts dive deeper into suspicious activity without creating queries manually

Technology implementation

The Alert Story Generator uses a rapid engineering approach that includes:

  • Using carefully selected examples of learning in a few shots to facilitate consistent output quality. The transition from a zero-shot to a few-shot approach greatly improved the consistency of the programmed results produced by the language model.
  • Contextualization of information using alert metadata and historical patterns. This method includes injecting row-specific data for each alert while providing examples of a few selected shots corresponding to the source and type of the alert.
  • Amazon Bedrock accelerates caching to help reduce inference latency by 75%

This AI-powered approach helps transform what was traditionally a manual, time-consuming process into an automated workflow that can deliver instant insights while maintaining the depth and accuracy security teams need.

Pipeline architecture

To understand how these pieces of technology work together, let's examine the end-to-end processing pipeline that powers Reco's alert conversion system, as shown in the following chart:

The workflow follows these key steps, sorting the data from raw alert to actionable understanding:

  1. The user selects an alert to investigate in the UI.
  2. The alert, in JSON format, is received from the database.
  3. A JSON alert, a few notifications, and golden examples are combined together to generate information to identify suspicious and confusing patterns and provide actionable recommendations.
  4. Contextual information is posted on Anthropic Claude Sonnet at Amazon Bedrock.
  5. The system sends the response to the client for delivery.

The workflow, shown in the following image, runs in the AWS cloud using microservices embedded in Amazon Elastic Kubernetes Service (Amazon EKS), a fully managed service for Kubernetes, and Amazon RDS for PostgreSQL, a relational database service that hosts contextual information. User access to the chat is monitored by AWS WAF, which helps to protect the backend from normal use, and is provided by Amazon CloudFront, which helps to deliver content with low latency and high transfer speed.

Pipeline request flow

An example of the result

The following image is an example of the result of the Reco Alert Story Generator generated from the dummy data:

The conclusion

Using Anthropic Claude at Amazon Bedrock, Reco built a state-of-the-art alert summarization tool that helps turn raw security alerts into actionable intelligence. These innovations empower security teams to respond more effectively, collaborate more seamlessly, and mitigate risks faster than ever before.

The Amazon Bedrock integration has greatly helped improve the way Reco's customers manage and respond to security incidents. Other important benefits include:

  • 54% improvement in investigation time – An AI-powered system suggests investigative measures, automatically generating questions that help analysts uncover deeper insights into potential threats.
  • 63% improvement in incident response time – Security teams can use clear, AI-generated remediation recommendations to make security alerts more effective, which greatly helps reduce threat mitigation times. Reco customers report that first-line (tier 1) support analysts can now handle a wide range of security incidents independently, reducing the need to escalate to more experienced technicians.
  • Improved multitasking collaboration – Narratives generated by AI help turn technical alerts into business-relevant intelligence that security teams can share with non-technical stakeholders. This improved communication accelerates decision-making and aligns security responses with business priorities.

To further explore how AI can help transform security alerts, improve incident response, and leverage Amazon Bedrock for your security operations, check out these valuable resources:

About the writers

Tal Shapira, Ph.D., is the founder and CTO of Reco.ai

Tal Shapira

Tal ShapiraPh.D., is the founder and CTO of Reco, a SaaS security leader, and an active member of the Cloud Security Alliance. He previously led the cybersecurity R&D group within the Israeli Prime Minister's Office and is a graduate of the Talpiot elite program. Tal's research includes artificial intelligence, computer networking, and cybersecurity, with post-graduate work at the Hebrew University of Jerusalem and Reichman University. He holds a Ph.D. in Electrical Engineering from Tel Aviv University.

Tamir Friedman, is a GenAI and Infrastructure Engineer at Reco

Tamir Friedman

Tamir Friedman, is a GenAI and Infrastructure engineer at Reco in Tel Aviv, where he has built the company's AWS-based DevOps and enterprise-class infrastructure since its inception. He leads the development of Reco's productive AI solutions, built on Amazon Bedrock and Anthropic Claude, including many productive AI agents. Tamir holds a B.Sc. in Electrical & Computer Engineering from the Technion-Israel Institute of Technology and is a frequent speaker at industry events such as the Go Israel meetup. If he's not fixing storm drains, you'll probably find him on the dance floor practicing bachata.

Doron Bleiberg, Chief Architect of First Solutions

Doron Bleiberg

Doron BleibergA Master Builder of Startup Solutions.

Source link

Photo of nimda nimda Send an email 4 weeks ago
0 5 5 minutes read
Photo of nimda

nimda

Related Articles

Introducing granular cost attribution for Amazon Bedrock

Introducing granular cost attribution for Amazon Bedrock

2 days ago
Optimize video semantic search intent with Amazon Nova Model Distillation on Amazon Bedrock

Optimize video semantic search intent with Amazon Nova Model Distillation on Amazon Bedrock

2 days ago
Nova Forge SDK series part 2: Practical guide to fine-tune Nova models using data mixing capabilities

Nova Forge SDK series part 2: Practical guide to fine-tune Nova models using data mixing capabilities

2 days ago
International Conference on Learning Representations (ICLR) 2026

International Conference on Learning Representations (ICLR) 2026

3 days ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button