Responding fast to risks in your cloud environment is critical to ensure you can proactively remove issues before attackers discover them and they become active threats. That is why reducing the mean-time-to-remediate (MTTR) is a priority for security and cloud teams. Our goal is to provide customers with easy and efficient ways to remediate risks so they can rest assured they can respond fast and keep their cloud protected. We introduced the first version of AI-powered remediation earlier this year to empower customers to harness the power of GenAI to reduce MTTR.

When we built the first version of AI-powered remediation, we provided the model with a prompt that generates remediation instructions based on the generic information of the identified issue found in the cloud environment and the resource it was detected on. While this approach yielded useful results and provided teams with guidance on how to fix the issue, we wanted to develop a more customized approach that will be tailored to each customer's needs and thus will better address complex toxic combinations effectively and assist customers with further reducing their time to resolution. Today, we are excited to introduce significant remediation enhancements with the new AI-powered remediation 2.0. 

AI is powerful, but to truly maximize its benefits, it’s essential to have the necessary expertise and context of the underlying problem you wish to solve. AI-powered remediation 2.0 leverages both the power of GenAI and the Wiz Research team’s specialized knowledge in understanding complex attack paths in the cloud. The Wiz Research Team consists of security experts and researchers who focus on uncovering attack vectors and analyzing threats that are unique to cloud-native environments. Combining GenAI, cloud context, and the research team’s expertise allows Wiz to generate granular and contextual remediation guidance for Wiz Issues based on the remediation strategy of your choice. The new guidance allows you to break down Wiz Issues —which are toxic combinations — into concrete and actionable steps, and focus remediation on the specific problem your organization prioritizes. 

First off, what is a toxic combination? 

The Wiz Security Graph allows Wiz to identify toxic combinations in your cloud environment that can result in a critical threat to your business. A toxic combination refers to a combination of multiple risk factors such as misconfigurations, vulnerabilities, identities, sensitive data, external exposure and more that, when combined, create a critical risk. Individually, these issues may not be critical, but by taking into account their exploitability and their potential business impact they open pathways for potential attacks, increasing the likelihood of compromise. 

For example, a misconfigured identity and access management (IAM) policy might not pose a significant risk on its own. However, when that identity can allow lateral movement to a machine that has an unpatched vulnerability and sensitive data on it, attackers can exploit the combination to gain unauthorized access to critical data. Wiz’s deep context about cloud environments allows for accurate risk prioritization focused on the attack paths in the environment that put you at a real risk.  

AI-powered remediation 2.0: Empower customers to choose their own remediation strategy  

There are many ways to remediate a Wiz Issue based on its toxic combination, and choosing the right remediation strategy is dependent on your organization's needs. The remediation strategy is affected by the risk you wish to solve, the cloud, and the business context of the related resources. To assist customers with choosing the best remediation strategy for them, our research team built a knowledge base of multiple remediation strategies that are dynamically suggested based on the risks that make up the Wiz Issue and its evidence.

The user remediating the Wiz Issue then selects the specific strategy they would like to follow, and Wiz then sends a unique prompt to the GenAI model that includes the Wiz Issue context and remediation strategy specific instructions written by Wiz research team. Adding the context around risk and the specific strategy dramatically improves the model's ability to produce more and accurate answers. The user then receives the AI –powered remediation guidance, which is tailored to them and their organization’s needs.  

Let’s see an example: Addressing a toxic combination with AI-Powered Remediation 2.0 

In the example below, Wiz found a toxic combination for “Publicly exposed VM/serverless with high/critical severity network vulnerabilities with a known exploit can access a bucket used for AWS Bedrock custom model AI training.

Let’s break it down to the different risk factors and how remediating each can remove the toxic combination:  

1. Vulnerability: There is a critical vulnerability with a known exploit on the machine. To remediate it, we need to patch the vulnerability. Wiz’s AI-powered remediation takes into account different factors such as if the vulnerability is fixable or where it was detected. Based on that, the system suggests remediation strategy for the specific vulnerability you choose, based on how you want to remediate it: whether you want to leverage the SSM agent if the virtual machine is an AWS EC2, connect to the machine and remove the software, or patch it. 

2. Unprotected data: The AI training data can be accessed by the vulnerable machine, which means there could be sensitive data at risk of compromise. To remediate this risk, Wiz suggests a remediation strategy specific to removing access to the data by scoping down the permissions around the service role for the machine. 

3. External exposure: The vulnerable machine is also publicly exposed to the internet, which puts it at a greater risk. Here, you can choose to generate guidance to remove exposure and limit all network access to the machine. Since Wiz calculates the effective exposure of the resource, security teams can choose which network component on the exposure path they want to focus their remediation efforts on.  

4. Unprotected principal: Wiz calculates the effective access of every identity and resource in the environment. Based on the effective permissions analysis, Wiz detected that there is a highly permissive service account. The remediation guidance recommends choosing a strategy either to reduce the permissions or remove them entirely. 

 When generating the AI-powered remediation guidance 2.0, you can choose the tool of your choice to output the guidance. You can easily copy-paste the actions, whether it is a CLI command, IaC template, or directly in the CSP console. 

With AI-powered remediation 2.0, you can: 

• Reduce MTTR: With specific and actionable remediation strategies, you can resolve issues faster. 

• Improve efficiency: Instead of sorting through generic advice, you receive customized guidance that aligns with the company’s risk tolerance and remediation strategy. 

• Prevent incidents: By breaking down toxic combinations, Wiz helps prevent seemingly small issues from compounding into major security incidents. 

Get started now with AI-powered remediation 2.0 to quickly remove risk in your cloud based on the remediation strategy of choice. Learn more about it in the Wiz Docs (login required). If you prefer a live demo, we would love to  connect with you.