AWS Partner Network (APN) Blog

Cisco conversational AI powered by Amazon Lex

Satish Subramanian — Wed, 08 Apr 2026 21:58:56 +0000

By: Aaron Keeton, Business Development Manager – Cisco
By: Jessica Smith, Director Product Marketing – Cisco
By: Soundarya Muthuvel, Product Manager Webex Developer Experience – Cisco
By: Ravi Thakur, Sr. Solutions Architect – AWS
By: Satish Subramanian, Manager Partner Solutions Architects – AWS

When customers call your support line, they’re not thinking about the technology behind it. They want answers – fast, accurate, and without the runaround.

But contact center leaders face a familiar challenge: you’ve invested in Cisco Webex Contact Center, your teams have expertise around it, and it delivers the experience your customers want. Meanwhile, conversational AI is reshaping what customers expect-instant responses, natural conversations, and uninterrupted availability without waiting in line. The pressure to modernize is real but ripping out what’s working isn’t a beneficial strategy.

That’s why Cisco and Amazon Web Services (AWS) took a different approach. They brought AWS AI capabilities into the Cisco environment, so you can modernize without starting over.

The new open source Amazon Lex connector for Webex Contact Center brings intelligent virtual agents into your existing Cisco environment, without rebuilding from scratch. Amazon Lex now plugs directly into Cisco’s Bring Your Own Virtual Agent (BYOVA) framework. With the Amazon Lex integration, you can access a powerful AI-driven virtual agent alongside your contact center workflows without any additional work, providing consistency across voice experiences. Your customers get natural, voice-driven interactions. Your team retains their existing Webex workflows, reporting dashboards, and agent desktop configurations while gaining AI capabilities that would otherwise require months of integration work.

For the more than 10,000 organizations running Cisco Webex Contact Center and Contact Center Enterprise today, this solution removes the trade-off between protecting your investment and adopting AI. You can deploy across many AWS Regions globally, and it supports over 25 languages and automates routine inquiries so that your agents can focus on conversations that really need a human.

Here’s how the integration works, where it fits across Cisco Webex Contact Center and Cisco Contact Center Enterprise, and where customers are already seeing results.

Cisco and AWS integration architecture

This integration connects your Cisco Webex Contact Center to AWS AI services through an open-source connector. The architecture comprises three integrated layers:

Customer interaction layer – Webex Contact Center and Contact Center Enterprise connect through Webex Contact Center AI (CCAI), which manages the virtual agent integration and handles escalations routing to an agent when human assistance is needed.
Connector layer – The open-source connector serves as the technical bridge between platforms, authenticating between Webex and AWS environments, managing real-time gRPC media streams for audio, and orchestrating the conversation flow between platforms.
Conversational AI layer – Amazon Lex provides conversational intelligence through automatic speech recognition (ASR), natural language understanding (NLU), and integration with large language models (LLMs) using Amazon Bedrock. Speech synthesis is handled by Amazon Polly, delivering natural-sounding responses in dozens of voices across multiple languages.

This architecture is illustrated in the following diagram.

Figure 1: Cisco Webex Contact Center integration with AWS AI services

Customer call flow

When a customer calls in to the Webex Contact Center, the following flow takes place:

Audio streams in – The caller’s voice flows from Webex Contact Center through Webex CCAI to the open-source connector. The connector establishes a gRPC media stream to carry the audio in real-time to AWS services. This stream also enables bidirectional metadata exchange, including caller information, historical journey, and subscription data between Webex CC and AWS.
Amazon Lex interprets intent – Amazon Lex processes the customer’s speech through three stages:
1. Speech recognition – ASR converts voice to text, supporting more than 25+ languages
2. Intent understanding – NLU determines what the customer wants, now enhanced with LLM-powered assisted NLU for faster, description-based intent classification
3. Response generation – For straightforward requests, Amazon Lex responds from configured intents. For complex queries requiring nuanced responses, Amazon Lex invokes Amazon Bedrock foundation models (FMs) to generate contextual, conversational replies that go beyond scripted answers.
Response flows back – Amazon Lex formulates the response and passes it to Amazon Polly. Amazon Polly transforms text into natural-sounding speech using neural text-to-speech (NTTS) technology, with support for Speech Synthesis Markup Language (SSML) to control pronunciation, emphasis, and speaking rate. The audio streams back through the connector to the customer using Webex Contact Center.
Escalation when needed – If the virtual agent can’t resolve the issue, the call routes back through Webex CCAI to a live agent within your Cisco Webex Contact Center environment. The agent receives full conversation context—including customer intent, information gathered, and dialog history—eliminating the need for customers to repeat themselves.

This architecture supports multi-turn conversations with contextual awareness requests like “I want to change my appointment from Tuesday to Thursday,” which work without requiring customers to start over.

The customer call flow is illustrated in the following flow diagram.

Figure 2: Cisco Webex Contact Center and Amazon Lex integration call flow

This solution integrates with AWS in the following ways:

AI/ML services – Amazon Lex handles ASR and NLU, converting customer speech to text and determining intent. Amazon Polly delivers lifelike voice responses using Neural Text-to-Speech (NTTS).
Agentic developer tools – Amazon Bedrock AgentCore provides the framework for building and orchestrating AI agents.
Generative AI with Amazon Bedrock – For more complex interactions, Amazon Bedrock connects your virtual agent to FMs, enabling responses that go beyond scripted intents.

The value of this architecture lies in the control it gives you. The Amazon Lex chat assistant lives in your AWS account. You control the intents, responses, and data. The solution is designed for responsive, natural conversations. Security is through cross-account authentication, which means your customer data stays in your environment. This solution is available in AWS Regions that support Amazon Lex endpoints to meet your compliance and data residency requirements.

Industry specific use cases and key benefits

Organizations across industries can find benefits in pursuing this approach, including in healthcare, finance, and government.

Healthcare organizations can enhance patient experience with intelligent routing and reduced wait times by consolidating outdated systems that need a live agent for every task. The solution is integrated with scheduling systems for seamless appointment management using automated booking, rescheduling, or canceling.

Finance organizations can improve customer self-service in situations where they don’t need to talk to a live agent by using intelligent interactive voice response (IVR), chat-based assistants, and virtual agents. Customers can check balances, update personal details, or reset passwords without a live agent. Reduce complexity through unified customer experience platforms and cloud-based solutions.

Governments can operate in Cisco’s secure, FedRAMP-authorized data centers for reliability and compliance. This solution enables migration from on premises to the cloud at the agency’s pace with an intuitive administration portal for faster operations and reduced IT burden.

Business outcomes

Conversational AI transforms routine customer interactions, including billing inquiries, order tracking, and appointment scheduling into seamless self-service experiences. Customers get immediate responses without waiting in queue, while your contact center achieves higher first-contact resolution rates. The result is consistent, quality support available around the clock without proportional staffing costs.

	Step	Traditional process	With Amazon Lex integration
1	Customer initiates	Waits in queue (4–8 min average)	Immediate virtual agent response using Webex Contact Center
2	Authentication	Agent manually verifies (2–3 min)	Amazon Lex authenticates conversationally (30 seconds)
3	Resolution	6–8 minute handle time	60–90 seconds for routine inquiries

Similar efficiency gains apply to order status and appointment scheduling interactions.

Natural language understanding in Amazon Lex goes beyond recognizing what customers say, it understands the intent of the customers. By connecting to customer data, the virtual agent delivers contextual responses. It recognizes repeat callers, references recent interactions, and anticipates needs. This intelligent, empathetic approach builds loyalty by making every customer feel known, not processed.

Conclusion

In today’s Cisco Webex Contact Center deployments, organizations face a defining moment. The need to address how to safeguard existing investments and resources but adopt AI capabilities to get natural, voice-driven interactions. Through the open-source Amazon Lex connector for Webex Contact Center, we’ve demonstrated how customers can bring powerful AI-driven intelligent virtual agents into their existing Cisco environment without significant investments or re-architecture.

Organizations implementing this open-source Amazon Lex connector show improved AI agent efficiency and enhanced customer experience. This solution integrates with proven AWS AI capabilities to improve every interaction and maintain context and intent across complete conversations, improving your customer experience.

Refer to this blog for step by step instructions on how to integrate Webex Contact Center with open-source Amazon Lex connector.

Ready to transform your customer experience strategy? Connect with Cisco and your AWS account team today to schedule a personalized consultation and discover how this integration drives customer satisfaction and business growth for your organization.

Cisco Systems – AWS Partner Spotlight

Cisco Systems is an AWS Specialization Partner that helps customers optimize their cloud strategy by bringing together networking, security, analytics and management.

Contact Cisco | Partner Overview | AWS Marketplace

AI-Powered Test Automation with Rapise and Amazon Bedrock

CJ Sturgess — Wed, 08 Apr 2026 17:20:29 +0000

By Adam Sandman, CEO – Inflectra
By Jessica Moore, Director of Global Alliances – Inflectra
By CJ Sturgess, Partner Solutions Architect – AWS

Inflectra

As organizations accelerate their transition to cloud-based application delivery and agile DevOps, automated testing has become a vital part of maintaining quality at speed. As development teams adopt agentic coding tools such as Kiro, Cursor, Cline and Windsurf, the testing bottleneck has only become greater. However, traditional test automation often requires heavy scripting by human developers, result in brittle tests that require significant maintenance effort, and lack the intelligence needed to support evolving applications. In this post, you will learn how Rapise by Inflectra uses agentic AI powered by Amazon Bedrock to automate test creation, adapt to application changes, and reduce QA cycle times by up to 70%.

Inflectra, an Amazon Web Services (AWS) ISV Accelerate Partner, developed Rapise to bring agentic AI capabilities to enterprise software test automation. Rapise uses Amazon Bedrock and Amazon Nova to automatically generate test scripts, adapt to application changes, and flag compliance issues. This solution addresses the challenges faced by traditional test automation for modern applications.

In regulated industries especially, such as healthcare, life sciences, manufacturing, and financial services, testing is integral to delivery assurance and compliance. But legacy automation frameworks struggle to keep up with the speed of modern, agentic AI enabled software pipelines or the increasing complexity of enterprise systems. Inflectra’s Rapise test automation system, now with agentic AI capabilities through connection with Inflectra.ai, uses foundation models (FMs) hosted on AWS to help bridge this gap.

How Rapise Uses Amazon Bedrock and Amazon Nova

Rapise uses Inflectra’s new cloud-based AI service, Inflectra.ai, built on Amazon Bedrock, which users can use to perform a variety of generative AI and agentic AI enhanced software testing tasks.

Both Rapise and Inflectra.ai use the Amazon Nova Pro and Claude Opus by Anthropic in Amazon Bedrock family of models to perform several key generative AI tasks. These include creating automated test scripts from manual test cases, generating synthetic test data, analyzing test results for patterns, and identifying potentially brittle or underdeveloped tests.

The following screenshot highlights the use of AI capabilities to create automatic test cases.

Figure 1: AI-powered automated test creation in Rapise

With Inflectra.ai, Rapise offers several more advanced agentic AI features that are powered by Amazon Bedrock and the Claude Sonnet by Anthropic in Amazon Bedrock family of models. Testers can use these AI agents to:

Autonomously test an application visually from business scenarios and manual test cases, handling key exploratory testing use cases
Simulate user flows using natural language and carry out test actions without the need for traditional, brittle object-based test automation
Flag usability, accessibility, and compliance issues automatically using visual models based on risk profiles
Automatically refactor existing automated test scripts to adapt to application changes using visual identification, a process known as “self-healing” tests

The following screenshot demonstrates how a tester can include qualitative tasks as part of an automated test case. For example, testers can ask the testing agent: “How many input fields do you see?” or “How does the page look?”

Figure 2: Using qualitative tests and tasks in an automated test case

Agentic AI for Smarter, Scalable Test Automation

Traditional test scripts are often fragile. A minor UI update or API schema change can break test flows. But with the use of agentic AI in Rapise, the automation suite adapts dynamically. Rapise agents learn from prior test executions and application metadata, using this context to self-correct and propose alternative test paths by visually inspecting the application.

This reduces test flakiness, maintenance overhead, and ultimately boosts team productivity. For enterprises in regulated industries, these agents work in concert with the wider Inflectra.ai solution to help enforce traceability and compliance. To do so, Rapise and Inflectra.ai track requirements coverage, automatically tag risks, and log interactions in audit-ready formats.

A leading biotech firm recently adopted Rapise with Inflectra.ai running on Amazon Bedrock to replace their existing, aging test infrastructure. Using Amazon Bedrock powered test agents, their quality assurance (QA) team successfully reduced test case creation time by 60% and identified 35% more critical defects prior to product release. More importantly, Inflectra.ai-generated validation documentation and Rapise-backed traceability reports streamlined their FDA validation workflows.

Rapise and AWS Architecture Overview

The following architectural diagram highlights how Inflectra.ai integrates with Rapise, including support for customer-deployed instances of Rapise. Notably, Inflectra.ai connects to the customer’s Rapise API server over a secure connection, allowing direct integration with their testing environment. Inflectra.ai offers support for the entire Inflectra range of solutions, including Rapise and Spira. Today, supported models include the Amazon Nova and Anthropic Claude family of models.

Figure 3: Rapise with Inflectra.ai running on Amazon Bedrock and integrated with Rapise

Conclusion

By integrating Amazon Nova and Claude models through Inflectra.ai, Rapise can generate automated test scripts from manual test cases, autonomously test applications using visual models, self-heal brittle tests by adapting to UI changes, and flag usability and compliance issues automatically. For teams navigating complex compliance requirements or rapid development timelines, this means smarter QA, faster product releases, and higher confidence.

To get started with Rapise and Inflectra.ai, explore Inflectra in AWS Marketplace or contact an AWS Partner specialist to see how Rapise can support your modernization journey.

Inflectra – AWS Partner Spotlight

Inflectra is an AWS Advanced Technology Partner and AWS Competency Partner that provides comprehensive software delivery and quality assurance solutions for both cloud and on-premise deployments. Inflectra’s integrated portfolio of application lifecycle management (ALM), testing, and automated testing systems helps organizations speed up development while maintaining quality standards. Inflectra offers end-to-end traceability and agility in the software development lifecycle through seamless cloud deployment and extensive plugin capabilities.

Contact Inflectra | Partner Overview | AWS Marketplace

How AWS Partners can use generative AI to scale content enablement

Jonathan Bach — Mon, 06 Apr 2026 18:46:55 +0000

By Jonathan Bach, Global Content Lead AWS AI & Data Knowledge Center

In today’s digital landscape, organizations need effective ways to deliver timely, relevant knowledge to their teams and customers. Content enablement at scale creates valuable opportunities to expand reach and impact through efficient knowledge sharing—but managing and distributing content effectively requires the right tools and processes.

For AWS Partners, content enablement represents a key opportunity to accelerate business growth. Partners create and distribute content across multiple markets, supporting product launches, enabling sales teams, and delivering customer training resources. By automating workflows and streamlining processes, AI helps teams quickly localize content, create digestible summaries of complex material, improve content discoverability, and accelerate distribution.

Use cases

Generative AI turns operational friction into measurable gains. With shorter publishing cycles and streamlined processes, teams can quickly move from concept to delivery. Here are key examples organizations can easily adopt:

Video creation and localization: Create and localize content and demo videos rapidly, supporting product launches or customer engagement initiatives, e.g., converting a technical workshop into multiple languages. This can reduce production time from weeks to days.
Content optimization for rapid access: Use generative AI to accelerate preparation and tagging of assets, so internal and customer-facing teams find the right information faster.
Workflow automation with Amazon Bedrock: Deploy AI agents to automate repetitive publishing or content-update workflows, reducing manual effort.
Enhanced search and discovery: Implement AI-powered indexing can help field teams and stakeholders instantly surface relevant assets from large internal repositories.

When Partners implement these AI-powered capabilities, the business impact is both immediate and measurable. Results include faster enablement on product launches, consistent access to updated training, and reduced operational overhead.

The transformation is particularly evident in content production timelines—what once took weeks can now be accomplished in days. For example, converting a 20 slide deck into a localized 4-5 minute walkthrough can be accomplished within a day.

Beyond speed, the value of generative AI lies in enabling teams to innovate and differentiate. When AI manages routine, manual enablement tasks, teams can focus on building new solutions, deepening customer engagement, and driving measurable growth.

Figure 1 – Avatar being used for training material in AWS Partner Central.

Get started with AI-powered content solutions

To capture these strategic and operational benefits, AWS Partners have several paths to get started. Here are four ways Partners can implement these capabilities:

Leverage business automation sales plays. Access targeted sales plays in AWS Partner Central (login required) that guide the implementation of AI-driven efficiencies for enablement, marketing, and operations.
Explore AWS Marketplace solutions. Many third-party offerings provide click-to-buy automation, content generation, and translation tools that accelerate enablement.
Tap into the AI & Data Knowledge Center (formerly the Generative AI Center of Excellence). Access best practices, architecture guides, and success stories demonstrating how AWS AI services can power your enablement workflows.
Build your own AI-driven enablement engine. Use Amazon Bedrock and Amazon Nova to integrate foundation models into your workflows, including tasks like summarizing documentation, creating personalized training, generating visual content, and categorizing assets automatically.

Explore the AWS AI & Data Knowledge Center

As generative AI continues to evolve, organizations that embed these capabilities into their daily operations will be equipped to scale faster and deliver more consistent, localized, and high-impact enablement.

In the AWS AI & Data Knowledge Center, Partners have access to hundreds of enablement resources, training materials, and practical guides to help implement AI-powered content workflows and transform how teams create, manage, and distribute knowledge at scale. “The Knowledge Center is the engine that powers our customer conversations—we download, customize, and present AWS-approved content to win deals,” said Denise Willet, Global Alliance Head at LeapFrog Technology.

Explore additional success stories and download the AI Partner Playbook to accelerate your own enablement journey (login required).

Transforming Enterprise Payments with Stripe and SAP on AWS

Ganesh Suryanarayanan — Thu, 02 Apr 2026 15:50:00 +0000

Stripe

By: Danny Smith, Global Specialist Solution Architect – Stripe
By: Kalyani Koppisetti, Principal Solutions Architect – AWS
By: Ganesh Suryanarayanan, Principal Solutions Architect – AWS

Many enterprise organizations face challenges with legacy payment infrastructure despite having robust back-end systems for core business processes. This outdated payment architecture often results in missed revenue opportunities, operational inefficiencies, and barriers to market expansion. This post examines how integrating Stripe and SAP on AWS helps enterprises modernize their payment operations.

Understanding Enterprise Payment Challenges

Large enterprises commonly encounter several key payment processing challenges:

Manual reconciliation of payments across multiple systems and bank accounts
Complex regulatory requirements across different regions
Integration requirements between payment systems and existing SAP implementations
Growing customer demands for modern payment experiences

These challenges are particularly significant for organizations running SAP as their core business platform. While SAP effectively manages critical business functions from finance to supply chains, organizations increasingly need modern payment capabilities that integrate seamlessly with their existing SAP environment.

Figure 1: Integration architecture showing how Stripe, SAP, and AWS work together to transform enterprise payments

Combining Stripe, SAP, and AWS

The integration of Stripe’s financial infrastructure platform with SAP environments on AWS addresses the limitations of legacy payment systems. AWS provides the secure, scalable foundation that enables seamless connectivity between SAP’s business processes and Stripe’s modern payment capabilities.

AWS: The Foundation for Innovation

AWS serves as the comprehensive foundation that powers SAP workloads, Stripe’s payment infrastructure, and the integration capabilities that connect these solutions. Through its global infrastructure, AWS delivers the performance, security, and scalability required for both mission-critical SAP operations and Stripe’s payment processing worldwide. AWS’s strategic partnerships with both SAP and Stripe ensure continuous platform optimization and innovation.

SAP: The enterprise core

For enterprises operating at scale, SAP remains the backbone of critical business operations. With over 400,000 customers in more than 180 countries, SAP powers approximately 84% of global transactions. From finance to supply chain, manufacturing to customer experience, SAP solutions have been the trusted system of record for decades.

SAP’s largest deployment of SAP Business Technology Platform (SAP BTP) is on AWS, offering 80+ services to help customers innovate around their ERP core. From the first SAP deployments on AWS to today’s innovative offerings like RISE with SAP and SAP GROW, the strategic partnership has helped thousands of customers accelerate their digital transformation and unlock new business value.

Stripe: The financial infrastructure

While most people recognize Stripe as a payment processor powering online and in-person shopping experiences, enterprise leaders are discovering that Stripe is much more – it’s a complete financial infrastructure platform that transforms how businesses move money.

Stripe processes more than a trillion of dollars annually for millions of businesses worldwide, from startups to Fortune 500 enterprises. Their APIs and services not only process payments but provide tools for managing subscriptions and invoicing, preventing fraud, optimizing revenue, and more – all through a unified platform that scales with your business.

Additionally, Stripe provides real-time transaction visibility and reporting capabilities that help streamline operational efficiency. The platform’s architecture enables end-to-end payment tracking, from initial capture through to final payout, giving organizations clear insight into their payment operations. According to Stripe’s analysis, businesses implementing their payment solutions have experienced an average 11.9% increase in revenue through improved payment acceptance and optimization.

Powered by AWS, Stripe offers a 99.9999% uptime reliability, ensuring that businesses can provide frictionless commerce experiences that convert more customers and unlock new revenue streams.

Transformative Impact Across the Organization

The integration of these three powerful platforms delivers significant benefits throughout the enterprise:

For Executive Leadership

The integration of Stripe with SAP on AWS delivers strategic advantages that directly impact the bottom line:

Revenue Growth: Beyond the 11.9% average revenue uplift, expanding payment options and reducing checkout friction translates to improved conversion rates and customer satisfaction.
Operational Efficiency: End-to-end automation of bank reconciliation, from receivables, payables to your month-end report, let finance teams spend less time on manual tasks and more time on strategic initiatives.
Global Expansion: Instantly access local payment methods in 40+ markets without the complexity of establishing banking relationships in each region.

For Technology Leaders

For CTOs and enterprise architects, this integration addresses critical technical challenges:

Reduced Complexity: Integrate once with Stripe’s API and gain access to the entire financial ecosystem, eliminating the need for multiple payment integrations.
Improved Security: Offload payment security and compliance requirements to Stripe, reducing your compliance scope and risk exposure.
Scalability: The AWS foundation ensures performance at scale, even during peak transaction periods.
Innovation: Enable agentic workflows, automating signing up for subscriptions, optimizing payment acceptance, or proactively handling customer refunds.

For Finance Leaders

CFOs and finance teams gain immediate operational benefits:

Faster Month-End Close: Automated reconciliation reduces manual efforts and speeds up financial closing processes. ZoomInfo fully automated their B2B reconciliation process with Stripe + SAP, dramatically improving efficiency in their financial operations.
Improved Cash Flow: Faster payment processing and reduced payment failures improve working capital efficiency.
Enhanced Reporting: Real-time visibility into payment status across channels and geographies simplifies financial management.

Three Transformative Use Cases

We’ll explore three high-impact use cases that demonstrate the tangible value of integrating Stripe with SAP on AWS:

1. B2B Payments Made Easy with SAP Digital Payments & Stripe

B2B payments remain surprisingly manual and inefficient for many enterprises. Paper-based processes, complex approval workflows, and limited payment options create friction that impacts both buyer and supplier experiences.

In our first deep dive, we’ll explore how the SAP Digital Payments integration with Stripe eliminates these challenges by enabling secure, flexible B2B payment options that work seamlessly with existing SAP workflows. Imagine enabling your customers to pay invoices instantly with their preferred payment method, all automatically reconciled on your end. Faster revenue for your business, frictionless payments for your buyers, and no manual work for your operations teams

Take Splunk, for example. The company was facing challenges with excessive customization, increasing costs, and inefficient payment processes that created reconciliation discrepancies. By implementing Stripe with SAP Digital Payments, Splunk reduced custom development timelines by 75%, automated refund processing, and significantly improved operational efficiency across their customer service, finance, IT, and sales teams.

2. Enabling Modern Business Models

Many enterprises struggle to implement modern pricing models, finding their traditional systems unable to handle the complexity of combining usage-based, subscription, and conventional billing. The integration between Stripe and SAP solves this challenge by seamlessly connecting subscription management with enterprise financial systems.

This solution enables organizations to easily deploy sophisticated pricing strategies while maintaining financial control and visibility. Real-time usage tracking, automated billing, and streamlined reconciliation remove the technical barriers to business model innovation. Companies can now confidently launch new pricing models knowing they have an infrastructure that maintains enterprise-grade financial rigor while supporting rapid business evolution.

3. Unlocking Data-Driven Insights

Many enterprises today find themselves sitting on a goldmine of data, yet unable to fully leverage it due to disconnected systems. By unifying Stripe’s rich payment data with SAP business data on AWS, companies can finally bridge this gap. This integration creates a holistic view of the customer journey, from initial engagement to final payment and beyond.

With this unified data ecosystem, businesses can unlock powerful insights. Imagine predicting cash flow with unprecedented accuracy, or tailoring customer experiences based on comprehensive purchase history. AWS’s analytics capabilities, including Amazon Redshift and Amazon Bedrock, transform this data into actionable intelligence. This enables faster, smarter decision-making across the organization, from finance to marketing.

Looking Ahead

The integration of Stripe with SAP on AWS represents more than just a technical connection between systems. It’s about transforming how enterprises manage their financial operations and customer experiences.

Want to get started now? Contact your AWS representative or reach out to Stripe to learn how these solutions can work for your business.

Stripe – AWS Partner Spotlight

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Headquartered in San Francisco and Dublin, the company aims to increase the GDP of the internet.

Contact Stripe | Partner Overview | AWS Marketplace

Say Hello to 143 New AWS Competency, Service Delivery, Service Ready, and MSP Partners Added in March

Nick Paris — Wed, 01 Apr 2026 16:43:49 +0000

By Nick Paris, APN Marketing Manager – AWS Partner Network

The AWS Partner Network (APN) is a global community that leverages Amazon Web Services (AWS) technologies, programs, expertise, and tools to build solutions and provide services for customers.

The APN has more than 130,000 partners from over 200 countries, with 70% headquartered outside of the United States. Together, partners and AWS provide innovative solutions, solve technical challenges, win deals, and deliver greater customer value.

To achieve APN specializations such as AWS Competency, AWS Service Delivery, AWS Service Ready, and AWS Managed Service Provider (MSP), organizations must undergo rigorous technical validation and assessment of their AWS solutions and practices.

NEW! AWS Competency Partners

To succeed with cloud adoption in today’s complex IT environment and continue to advance in the future, customers can team up with an AWS Competency Partner.

The AWS Competency Program validates and promotes AWS Partners with demonstrated technical expertise and proven customer success in specialized areas across industries, use cases, and workloads. Guidance from these skilled professionals can lead to better business and bigger results.

Team up with our newest AWS Competency Partners:

AWS AI Competency

AceCloud | APAC | Generative AI Consulting Services
Acroquest Technology | Japan | Generative AI Consulting Services
Adamas Tech Consulting | APAC | Agentic AI Consulting Services; Generative AI Consulting Services
APRÓ | EMEA | Generative AI Consulting Services
ATOS | NAMER | Agentic AI Consulting Services
Avnet | NAMER | Generative AI Consulting Services
Bexprt | EMEA | Generative AI Consulting Services
BigData Boutique | EMEA | Generative AI Consulting Services
Celebal Technologies Americas | NAMER | Generative AI Consulting Services
CitiusTech | NAMER | Generative AI Consulting Services
CleanSlate Technology Group | NAMER | Generative AI Consulting Services
CloudArmee | NAMER | Generative AI Consulting Services
CloudArmee | NAMER | Agentic AI Consulting Services
CloudJournee | APAC | Generative AI Consulting Services
CloudKeeper (a.k.a. TO THE NEW) | APAC | Generative AI Consulting Services
Cloudza | EMEA | Generative AI Consulting Services
Cloudza | EMEA | Agentic AI Consulting Services
CNID SAS | NAMER | Generative AI Consulting Services
Commerce Architects | NAMER | Generative AI Consulting Services
Commerce Architects | NAMER | Agentic AI Consulting Services
DBiz Solutions | APAC | Generative AI Consulting Services
Fusemachines | NAMER | Generative AI Consulting Services
GlobalTask | NAMER | Generative AI Consulting Services
Labyrinth Labs | EMEA | Generative AI Consulting Services
Morris & Opazo | LATAM | Agentic AI Consulting Services
Nagarro | EMEA | Generative AI Consulting Services
Necko Technologies | EMEA | Generative AI Consulting Services
Ness A.T | EMEA | Generative AI Consulting Services
O2B – Operation to Business | LATAM | Generative AI Consulting Services
Polarity | EMEA | Generative AI Consulting Services
Provectus | NAMER | Agentic AI Consulting Services
QloudX – A Systems Plus Group Company | EMEA | Generative AI Consulting Services
Quantiphi | NAMER | Agentic AI Consulting Services
Renova Cloud Company | China | Generative AI Consulting Services
RYSUN LABS | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
Sedmi Odjel | EMEA | Generative AI Consulting Services
Serverworks Co. | Japan | Generative AI Consulting Services
Smile IT Solutions | EMEA | Agentic AI Consulting Services
SoftGEM Global Technologies | EMEA | Generative AI Consulting Services
Sopra Steria | EMEA | Generative AI Consulting Services
Soulax | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
Strata Analytics Group | NAMER | Agentic AI Consulting Services
THINKSAAS TECHNOLOGIES | APAC | Generative AI Consulting Services
XalDigital | NAMER | Agentic AI Consulting Services
YAQEEN TECHNOLOGY CONSULTING | NAMER | Agentic AI Consulting Services
agenticai | APAC | Agentic AI Applications; Foundation Models and App Development; Generative AI Applications
Ajax Network Solutions | APAC | Generative AI Applications
Arize AI | NAMER | Agentic AI Applications
autobotAI | NAMER | Agentic AI Tools
Cloudera | NAMER | Generative AI Applications
CloudSmart | NAMER | Agentic AI Applications
Cockroach Labs | NAMER | Generative AI Applications
Firefly | NAMER | Generative AI Applications
Glia Technologies | NAMER | Generative AI Applications
Panther | NAMER | Agentic AI Applications
Pieces Technologies | NAMER | Generative AI Applications
Quantiphi | NAMER | Agentic AI Applications
rhino.ai | NAMER | Agentic AI Applications
SECURITI AI | NAMER | Agentic AI Tools
Vistring | China | Generative AI Applications
Workato | NAMER | Agentic AI Applications; Agentic AI Tools; Generative AI Applications

AWS Automotive Competency

PlaxidityX (Formerly Argus Cyber Security) | EMEA | Connected Mobility; Software Defined Vehicle

AWS Cloud Operations Competency

Applogika | NAMER | Cloud Governance; Monitoring & Observability
Cloutive Technology Solutions | EMEA | Monitoring & Observability
EPAM Systems | NAMER | Cloud Financial Management; Cloud Governance; Compliance & Auditing; Monitoring & Observability; Operations Management
MyOps | EMEA | Monitoring & Observability
Persistent Systems | NAMER | Cloud Financial Management
Rego Consulting Corporation | NAMER | Cloud Financial Management; Cloud Governance; Compliance & Auditing; Monitoring & Observability; Operations Management
Triangu | NAMER | Cloud Financial Management; Cloud Governance; Compliance & Auditing
Velocis Systems | APAC | Cloud Financial Management; Cloud Governance; Compliance & Auditing; Monitoring & Observability; Operations Management
Grafana Labs | NAMER | Monitoring & Observability

Consumer Goods Competency

Bloomreach | NAMER | Marketing; Unified Commerce

AWS Data & Analytics Competency

Redeploy AB | EMEA | Consulting Services
SCSK Corporation | Japan | Consulting Services

AWS DevOps Competency

Aivar Innovations | APAC | Consulting Services
F9 INFOTECH | EMEA | Consulting Services
Necko Technologies | EMEA | Consulting Services
Pace Wisdom Solutions | APAC | Consulting Services
PRECISION INFOMATIC M | APAC | Consulting Services
TechBrein | APAC | Consulting Services

AWS Digital Sovereignty Competency

Zühlke (Zuehlke/Zuhlke) Group | EMEA | Consulting Services

AWS Education Competency

EPAM Systems | NAMER | Consulting Services
Docebo | NAMER | Teaching and Learning

Energy & Utilities Competency

Datadog | NAMER | Data Analytics and Insights; Health, Safety & Environment; Upstream
Gorilla | EMEA | Power & Utilities
Snowflake | NAMER | Core Energy Business Applications; Data Analytics and Insights
TigerData | NAMER | Data Analytics and Insights

AWS Financial Competency

Kore.ai | NAMER | Banking; Capital Markets; General Financial Services
Resilient (Smartnumbers) | EMEA | Banking; Insurance

AWS Government Competency

KBR | NAMER | Citizen Services; Defense & National Security

AWS Government Competency

PA Consulting | EMEA | Defense & National Security
ScaleCapacity | NAMER | Citizen Services
Xtremax | APAC | Citizen Services

AWS Healthcare Competency

Dedalus | LATAM | Consulting Services

AWS IoT Competency

XalDigital | NAMER | Consulting Services

AWS Machine Learning Competency

Minfy Technologies | APAC | Consulting Services

AWS Manufacturing and Industrial Competency

Innovapptive | NAMER | Enterprise Solutions; Operational Technology; Smart Manufacturing; Supply Chain Management

AWS Migration and Modernization Competency

Flatiron Software Corporation | NAMER | Infrastructure Automation
Sensedia | LATAM | Application Mobility
Changeis | NAMER | Migration Services
eMaster | NAMER | Migration Services
INADEV Corporation | NAMER | Modernization Services
Initech Global | NAMER | Migration Services
Scott Logic | EMEA | Migration Services
Sonata Software | NAMER | Migration Services; Modernization Services

AWS Nonprofit Competency

Protagona | NAMER | Consulting Services

AWS Oracle Competency

IBM | NAMER | Consulting Services

AWS SAP Competency

Delaware Consulting International CV | EMEA | Consulting Services
skie.io | NAMER | Consulting Services

AWS Security Competency

Rego Consulting | NAMER | Compliance and Privacy; Infrastructure Protection; Threat Detection and Response

AWS Small and Medium Business (SMB) Competency

Ankercloud | EMEA | Small and Medium Business
CloudHero | EMEA | Small and Medium Business
Com7 | APAC | Small and Medium Business
F6S Advisors | EMEA | Small and Medium Business
Innovation Cloud Services – ICS Compute | APAC | Small and Medium Business
NCLOUD THREE INFORMATION TECHNOLOGY | EMEA | Small and Medium Business

AWS Storage Competency

Zaptoz Technologies | APAC | Consulting Services

AWS Travel and Hospitality Competency

XalDigital | NAMER | Data360; Digital Customer Engagement; Internet of Things; Technology Migration and Modernization
Riskified | NAMER | Digital Customer Engagement

NEW! AWS Managed Service Providers (MSPs)

The AWS Managed Service Provider (MSP) Program validates AWS Partners with a proven track record and experience providing end-to-end AWS solutions to customers at any stage of the cloud journey, including planning and design, building and migration, operations and support, and automation and optimization.

To achieve this level of specialization, AWS MSP Partners must complete an extensive independent audit to ensure business health and technical capabilities meet a high bar, and they must maintain this status through annual audits.

Say hello to our newest AWS MSP Partners:

AWS Managed Service Provider Program

2bcloud | EMEA
AppSquadz Software | APAC
Big Blue Marble (Insys Video Technologies) | EMEA
Bynet Data Communications | EMEA
Cloudelligent | NAMER
E&M Computing | EMEA
Geniusee | NAMER
Help.NGO | EMEA
Hostin Services | APAC
Idea 11 | APAC
Modality | EMEA
Mytech | NAMER
Ness A.T | EMEA
One | EMEA
Quadrasystems.net India | APAC

NEW! AWS Service Delivery Partners

The AWS Service Delivery Program validates AWS Partners that have deep technical knowledge, experience, and proven success in delivering specific AWS services to customers.

To achieve this specialization, AWS Partners must undergo service-specific technical validation by AWS Partner Solutions Architects, including review of architecture, customer documentation, and customer case study details to ensure they follow AWS best practices for each AWS service.

Work with our newest AWS Service Delivery Partners:

Amazon DynamoDB Delivery Partners

Allata | NAMER
Myridius | NAMER

Amazon ECS Delivery Partners

Cogniv Technologies | APAC | Containers
Myridius | NAMER | Containers

Amazon EKS Delivery Partners

Myridius | NAMER

Amazon Kinesis Delivery Partners

Insbuilt | LATAM

Amazon QuickSight Delivery Partners

YAQEEN TECHNOLOGY CONSULTING | NAMER

Amazon RDS Delivery Partners

Adamas Tech Consulting | APAC | Amazon RDS for MySQL; Amazon RDS for PostgreSQL
Romexsoft | EMEA | Amazon RDS for MariaDB; Amazon RDS for MySQL

More Value, Greater Profitability for AWS Partners

Our mission is to make the AWS Partner Network (APN) with AWS Marketplace your preferred route to market and empower partners to deliver differentiated value to millions of AWS customers, helping you to win more, win bigger, and win faster.

We’re aligning the AWS Partner experience—including programs, incentives, and enablement—around AWS services and the partner business models: business outcome solutions, technology solutions, managed services, services, and resell.

These enhancements provide you with more relevant and prescriptive guidance, where you need it, and in a consistent and predictable manner. Your profitability, along with helping you drive new business, is our number one goal.

In 2026, we’ll continue to ensure that AWS Marketplace and our AWS Partner programs provide demonstrated pathways to success—helping you drive greater customer value and profitability. There’s an exciting journey ahead, and we’re thrilled to be on it together!

Learn how AWS is transforming the partner experience >>

Accelerate US Federal cloud migrations with Nutanix GC2 on AWS GovCloud (US)

Mike Corey — Mon, 30 Mar 2026 18:10:44 +0000

By: Mike Corey, WWPS Partner Solutions Architect – AWS
By: John Stockard, Public Sector Hybrid Multi-Cloud Systems Engineer – Nutanix

Nutanix

Technologists in the US federal government and Department of War (DoW) face unique challenges in delivering secure, compliant, and cost-efficient cloud infrastructure and services for their programs. These organizations encounter several obstacles. They must balance stringent security requirements with IT modernization needs. They face increasing costs from VMware licensing changes. Additionally, they must manage hardware replacement and reduce data center footprints.

Many federal customers face constraints with the mission-critical applications they support. These applications run on outdated, unsupported, or legacy operating systems. Such systems are difficult to migrate to Amazon Elastic Compute Cloud (Amazon EC2) or other AWS services. These organizations need a solution that bridges their current environment to the cloud while maintaining security and compliance requirements achieved on premises. At Amazon Web Services (AWS), we’re committed to helping our customers meet these challenges wherever they are in their cloud adoption journey.

Nutanix Government Cloud Clusters (GC2) on AWS GovCloud (US) provides a pathway, enabling Federal customers to accelerate their cloud adoption without compromising security or compliance. In this blog post, we’ll explore how GC2 helps Federal customers securely migrate their virtualized and containerized workloads to AWS GovCloud (US), with speed, simplicity, and efficiency.

Use cases for GC2 on AWS GovCloud (US)

Customers use GC2 to accelerate workload migrations to AWS GovCloud (US) and modernize applications faster and without compromise to compliance posture or regulation. GC2 enables the following common pathways to AWS GovCloud (US):

Migrate and modernize applications with AWS GovCloud (US) – Accelerate migration to AWS by relocating workloads without refactoring or rewriting applications. Quickly get on-premises workloads to AWS virtualization and modernize applications with direct AWS service integrations.
Hybrid cloud – Implement a single pane of glass to operate and manage your virtual machine workloads in your on-premises data center and GC2 on AWS GovCloud (US) environments.
Disaster recovery (DR) to AWS GovCloud (US) – Configure GC2 on AWS GovCloud (US) for data replication to ensure rapid recovery of business-critical workloads during disaster recovery events. Take advantage of the global presence and elasticity of AWS for your DR configuration through a scalable and always-on pilot light recovery environment.
On-demand capacity bursting – Traditional infrastructure requires weeks or months to purchase, install, and connect the necessary equipment and operationalize it on premises. With GC2, you can reduce hardware procurement lead time. It’s seamless to consume GC2 capacity when needed and return it when you don’t.

For more information, refer to Nutanix Use Cases.

GC2 on AWS GovCloud (US) architecture

GC2 deploys the complete Nutanix Cloud Platform directly on bare-metal EC2 instances, using EC2 instance store for primary Nutanix AOS Storage capacity. GC2 features built-in integration with Amazon Virtual Private Cloud (VPC). This integration allows direct consumption of cloud-based services from GC2 hosted workloads.

Federal customers can use familiar Nutanix tools across their hybrid environment, facilitating operational consistency between on-premises and AWS GovCloud (US) deployments. The inclusion of Nutanix Move facilitates smooth workload migration from existing infrastructure to GC2, minimizing operational disruption during transition periods.

The following diagram illustrates the Nutanix GC2 architecture, showing hybrid cloud integration with AWS services on AWS.

Figure 1: Nutanix GC2 architecture diagram

Benefits of GC2 on AWS GovCloud (US)

Nutanix GC2 on AWS GovCloud (US) offers enterprises a seamless hybrid cloud experience that bridges their on-premises Nutanix environment with the scalability and services of AWS.

The key benefits of the GC2 solution are:

Cluster management:

A single console for private and AWS resources
Burst into AWS to meet temporary increases in demand
Use AWS for high availability and disaster recovery
Simplified cluster deployment within customers’ VPC

Seamless application mobility:

Direct lift and shift without application refactoring
Consistent performance across environments
Simplified virtual machine (VM) migration using Nutanix Move
Maintain existing application configurations

Flexible cost control:

Usage-based payment options for EC2 instances
Multiple purchasing channels such as AWS Marketplace, Joint Warfighting Cloud Capability (JWCC), or partners
Use existing private pricing agreements and enterprise discounts
Nutanix license portability and compatibility between on-premises infrastructure and GC2

Supported EC2 instances

Whether an organization is running a small department operation or managing massive defense programs, customers are provided the flexibility and choice for rightsizing GC2 clusters to balance cost and performance. These instance types provide varying combinations of compute, memory, and storage capabilities to match your workload requirements. Organizations can choose the appropriate instance type based on their specific performance needs and budget constraints.

The following table lists the EC2 bare-metal instance types supported by Nutanix in the AWS GovCloud (US) Regions.

Figure 2: Amazon EC2 support for Nutanix on AWS GovCloud (US)

GC2 also supports the following AWS tenancy options:

Default tenancy:

Standard EC2 instance deployment
Instances might migrate across hosts during power cycles
Supports Windows Server License Included (LI) and Linux-only instances

Dedicated host:

Fixed hardware allocation of EC2 instance
Instances remain on assigned host through power cycles
Enables use of existing software licenses (per-socket, per-core, or per-VM)

Migration paths

There are a few different paths enterprises can take to migrate to GC2 on AWS GovCloud (US):

Nutanix Acropolis Hypervisor (AHV) to GC2 on AWS GovCloud (US) – Ideal for customers running the Nutanix AHV hypervisor on premises. Nutanix’s built-in replication capabilities enable VM replication from on-premises AHV to GC2. This maintains workload configurations and operational consistency on AWS GovCloud (US).
On-premises ESXi to GC2 – Organizations running VMware on premises can also migrate to GC2 using the Nutanix Move application mobility tool. Nutanix Move converts VMs directly into AHV format and replicates the workloads for a streamlined migration from on premises to GC2 on AWS GovCloud (US).
Microsoft technology to GC2 on AWS GovCloud (US) – Customers running Hyper-V or Microsoft Azure Cloud resources can migrate to GC2 by using Nutanix Move as well. The automated workload conversion maintains application consistency while consolidating workloads from multiple source locations.

Nutanix Move

For many enterprise customers, automated VM conversion and orchestrated migration are critical capabilities that make moving workloads to AWS far more straightforward.

Nutanix Move is a complimentary migration tool that streamlines workload transition to GC2 on AWS GovCloud (US). The tool automatically handles VM conversion from ESXi to AHV format while orchestrating the entire migration process from end to end. As a zero-cost solution, Move enables straightforward lift-and-shift operations, alleviating common migration barriers by automating conversion processes and coordinating data transfer. This enterprise-grade tool makes hybrid cloud adoption straightforward and efficient. Organizations can transition workloads seamlessly with minimal complexity and disruption.

Security and compliance

AWS GovCloud (US) provides the foundation and infrastructure controls that help organizations achieve and maintain critical compliance standards, including Federal Risk and Authorization Management Program (FedRAMP) High, Criminal Justice Information Services (CJIS), International Traffic in Arms Regulations (ITAR), and Department of War Impact Levels 4/5—all essential for protecting sensitive government workloads.

Nutanix GC2 enhances these capabilities by deploying directly to the customer’s Amazon VPC, minimizing the complexity and scrutiny of a separate software-as-a-service (SaaS) control plane. This direct integration allows for seamless security consistency between on-premises and cloud environments. GC2 is deployed preconfigured with Security Technical Implementation Guide (STIG) settings and aligns with NIST 800-53 standards. Combined with AWS GovCloud (US) support from US-based personnel, GC2 creates a comprehensive security framework that meets the demanding requirements of federal agencies. This means that organizations can embrace cloud scalability and innovation without compromising their security posture.

Most importantly, federal customers can use GC2 to confidently migrate their mission-critical workloads to AWS GovCloud (US) while maintaining the robust security controls and compliance standards established in their on-premises environments. This facilitates a more secure and compliance-aligned transition to the cloud without sacrificing operational security requirements.

Conclusion

Nutanix GC2 on AWS GovCloud (US) provides federal agencies with a path to accelerate their cloud adoption while meeting their mission requirements. The solution combines the familiarity of Nutanix operations with the innovation and scale of AWS GovCloud (US), so agencies can confidently migrate and modernize their mission-critical workloads.

Ready to get started?

To learn more about how GC2 can help your agency:

Contact your AWS or Nutanix account teams
Visit the Nutanix GC2 on AWS GovCloud (US) solution page
Download the GC2 solution brief

Nutanix – AWS Partner Spotlight

Nutanix is an AWS Technology Partner. Nutanix Enterprise Cloud OS software melds private, public and distributed cloud operating environments and provides a single point of control to manage IT infrastructure and applications at any scale. Nutanix solutions are 100% software-based, and are built on the industry’s most popular hyperconverged infrastructure (HCI) technology to power any application, at any scale.

Contact Nutanix | Partner Overview | AWS Marketplace

Expanding the BOX Program to Business Consulting and Advisory Partners

Amanda Lowe — Thu, 19 Mar 2026 20:39:05 +0000

By Amanda Lowe – WW BD Lead, Business Outcomes, AWS
By Dmitry Roma – Principal ASP Core Industries, AWS
By Duygu Cibik – Principal WW Strategic Initiatives Leader, AWS

At Amazon Web Services (AWS), we’re committed to helping customers achieve their desired business outcomes. To continue delivering on this commitment, we’re excited to expand the Business Outcomes Xcelerator (BOX) Program for Business Consulting and Advisory Partners—bringing specialized industry and line-of-business (LOB) expertise directly to customers to accelerate their business outcomes.

This expansion, which is invite-only, reflects a fundamental shift in how customers are approaching transformation. Line-of-business leaders are no longer seeking technology deployments alone; they’re demanding end-to-end solutions that deliver measurable, strategic business outcomes. Business Consulting and Advisory Partners (BCAPs) are uniquely positioned to meet this demand, and BOX now provides them with a dedicated journey and distinctive benefits designed specifically for how they operate and grow.

These Partners bring deep domain expertise in strategic advisory, operating model design, and organizational change management—the capabilities that drive lasting transformation. By expanding the BOX Program for BCAPs, we’re enabling multi-partner collaboration that positions business advisory expertise at the forefront of customer engagements. This creates a powerful end-to-end journey for our Partners—combining business consulting with AWS services and at-scale technical implementation, unlocking the full multiplier potential and delivering complete, business outcome-driven customer success.

Benefits

The BOX Program provides a unique, dedicated journey for BCAPs with distinctive benefits:

Funding designed to support customers across the full business transformation journey, including customer assessments to engage clients early in the transformation lifecycle, execution funding for process redesign, and outcome-based funding that addresses the people and organizational change required to achieve lasting business results. In addition, Partners gain access to all existing BOX milestone-based incentives spanning solution ideation, build, readiness, go-to-market, and delivery.
Go-to-market and co-sell support, which includes access to existing BOX mechanisms, such as Partner Matchmaking events and Partner Connections, to identify and collaborate with complementary Partners, as well as direct engagement pathways with AWS sales leaders. Partners also benefit from AWS-funded demand generation campaigns designed to help BCAPs reach and engage LOB buyer personas, driving awareness and pipeline for their transformation offerings.

Launch Partners

Partners are already helping customers bridge the gap between AI investment and business outcomes.

Bain & Company highlights that the biggest barrier to scaling AI isn’t technology—it’s the business and functional transformation required to unlock its value.

“Through the BOX Program, Bain and AWS combine complementary strengths: Bain’s expertise in strategy, tech and AI, operating model transformation, and change management with AWS’ world-class infrastructure and AI capabilities,” said Matthew Leybold, Partner at Bain & Company. “Together, we help organizations across multiple industries build AI-ready enterprises and realize lasting value from their AI investments. For example, partnering with AWS, we helped a major European bank unlock the value of its data and improve customer engagement. Using an Agentic AI workflow solution, the bank achieved a 98% reduction in campaign cycle time, cutting the time to launch personalized marketing campaigns from more than 60-100 days to just one day, while delivering 15% income growth and 2x uplift in cross-sell.”

Boston Consulting Group (BCG) demonstrates how aligning strategy with technology drives practical business outcomes, as evidenced by their work with a major APAC telecom.

“Transformation delivers the greatest value when strategy and technology move in sync,” said Stephen Robnett, Managing Director & Partner at BCG. “BCG and AWS bring together the expertise required for practical business change, combining BCG’s ability to create competitive advantage, BCG X’s technological expertise, and the AWS Cloud and AI capabilities that power businesses worldwide. Partnering with Meta and AWS, we built a GenAI Accelerator on Amazon Bedrock that empowers enterprises to rapidly deploy and scale generative AI use cases in just weeks. Leveraging this solution, an APAC telecom giant with more than 350 million users achieved a 10x increase in conversion rates and a 3x reduction in acquisition costs.”

Customers: Engage BCAPs early in your transformation

Organizations today aren’t struggling to invest in AI—they’re struggling to realize its value. The missing link isn’t technology; it’s the strategic expertise to connect AI capabilities to business priorities that drive revenue growth, cost optimization, and competitive differentiation.

The BOX Program expansion addresses this directly. Customers gain access to a structured, AWS-enabled pathway to engage Partners who specialize in delivering business transformation by working backwards from the business goals—not just deploying technology.

Partners who work backwards from business goals. BCAPs bring deep industry and line-of-business expertise, combined with technology design-and-build expertise, enabling them to engage directly with C-suite and LOB executives, translate business priorities into AI investment strategies, and quantify business value.
End-to-end transformation support. Customers are supported at every phase, from early-stage vision and feasibility, through solution design and execution, to business outcome realization.
Positive ROI on technology investments. BCAPs help customers redesign operating models and processes, ensure employee adoption, and transform the workforce to achieve measurable returns on their AI investments.

Get started

For customers wanting to engage BCAPs, find out more about what these Partners offer in AWS Marketplace or contact your Account Manager.

For BCAPs interested in joining the BOX Program, reach out to your PDM. For more information, review the benefits and requirements in the Program Guide (AWS Partner Central login required).

Modernizing Healthcare Workflows with WRITER AI on AWS

Gokhul Srinivasan — Tue, 17 Mar 2026 19:58:03 +0000

By Nolan Chen, Partner Solutions Architect – AWS
By Gokhul Srinivasan, Sr.Partner Solutions Architect – AWS
By Divya Srungaram, VP of Healthcare Solutions – WRITER

WRITER

The healthcare industry stands at a crossroads of complexity and opportunity. As organizations transition from traditional care delivery models to personalized medicine, they face new levels of operational complexity while managing stringent regulatory requirements and resource constraints. Healthcare providers, payers, and life sciences companies must balance operational efficiency with patient safety and regulatory compliance. Healthcare is expecting staffing shortages exceeding 200,000 nurses and 100,000 physicians by decade’s end.

Built specifically for regulated environments and powered by Amazon Web Services (AWS) infrastructure, WRITER delivers the transparency, control, and governance that healthcare teams need to implement AI at scale. In this post, we explore how WRITER, an AWS Partner Network member, transforms how healthcare organizations operate in this evolving landscape.

Addressing inefficiencies and patient care quality

Healthcare organizations today grapple with operational bottlenecks that directly impact patient care quality and organizational efficiency. Manual processes create significant workflow inefficiencies, from member letter creation that burdens clinical staff to request for proposal (RFP) responses that historically take weeks to complete. These administrative tasks consume multiple hours weekly for each physician, contributing to clinician burnout while reducing time available for direct patient interaction.

Healthcare regulations add another layer of complexity. Healthcare organizations must maintain compliance with multiple frameworks and various clinical documentation standards. Traditional automation approaches struggle to address these healthcare-specific considerations but stay flexible enough to adapt to evolving compliance requirements.

Healthcare organizations manage petabytes of clinical, imaging, and other data across disparate systems, creating integration challenges that impact care coordination and operational efficiency. Electronic health records, claims data, clinical documentation, and administrative systems often operate in isolation, limiting organizations’ ability to use comprehensive patient information for care optimization. This evolving landscape demands a new solution, one that understands these nuances and is built on a foundation of security and control.

WRITER differentiation

WRITER distinguishes itself in the healthcare AI market through its purpose-built approach to regulated environments. Unlike competitors that layer AI capabilities onto existing platforms, WRITER employs a vertically integrated architecture that provides unified system deployment with direct control over accuracy, reliability, and security.

Healthcare organizations require AI systems that support their compliance obligations while operating at scale. WRITER is a secure, enterprise-grade, end-to-end agent system, purpose-built from the ground up to operate in high-complexity, regulated environments. It’s designed and built for full transparency, control, and governance, helping give healthcare teams the confidence to deploy AI at scale.

Four years of experience working with national payers and major healthcare leaders allowed WRITER to understand healthcare workflows. This led them to build Palmyra Med, a domain-specific large language model (LLM) specialized in real-world medical use cases.

WRITER architecture on AWS

WRITER’s technical architecture uses AWS infrastructure to deliver enterprise-grade healthcare AI capabilities with robust security, scalability, and compliance features. The integration provides healthcare organizations with a platform that maintains data sovereignty while delivering advanced AI capabilities through managed services.

Palmyra Med is a domain-specific LLM trained specifically on real-world medical use cases. This 70-billion parameter model with a 32,000-token context window achieves 85.9% accuracy across medical benchmarks and outperforms other comparable models.

WRITER’s AWS architecture centers on Amazon Bedrock integration, providing healthcare organizations with access to Palmyra-Med-70B-32K through a fully managed API service. This integration enables seamless deployment of healthcare-specific AI capabilities without requiring organizations to manage underlying infrastructure or model hosting responsibilities.

Amazon Bedrock serves as the foundation for WRITER’s healthcare AI services, offering enterprise-grade security, privacy, and responsible AI safeguards. Healthcare data remains secure and private; inputs and outputs aren’t shared with model providers or used to train base models.

The following diagram illustrates the solution architecture.

Figure 1: WRITER Palmyra One Med Model Architecture on AWS

Full-stack architecture for healthcare workflows

WRITER employs a comprehensive full-stack architecture specifically designed to integrate AI into complex healthcare enterprise workflows. The system consists of three primary layers:

Agent system and intelligent interface – Serves as the primary interface where both technical and non-technical healthcare teams can build and deploy AI agents for clinical and administrative workflows. The system includes over 100 prebuilt agents developed with enterprise customers for specific healthcare workflows.
Intelligence layer and governance framework – Manages AI governance across healthcare organizations through comprehensive controls designed for regulated environments. This includes AI guardrails specifically configured for healthcare requirements, a compliance engine that addresses medical regulatory standards, and real-time monitoring of agent behavior and outputs.
Core technology layer – Powers the agent system and includes Palmyra, WRITER’s family of LLMs trained for healthcare-specific applications. This layer connects agents to healthcare business data, reducing inaccuracies.

The architecture uses AWS PrivateLink so healthcare organizations can maintain complete network isolation while accessing AI capabilities. Customers access Amazon Bedrock as if it were within their Amazon Virtual Private Cloud (Amazon VPC) connection, without requiring internet gateways, NAT devices, AWS VPN connections, or AWS Direct Connect.

Benefits and outcomes

Healthcare organizations implementing WRITER’s AI solutions report increased efficiencies and improved performance across several areas, including clinical outcomes, security and compliance, operations, and finance.

WRITER addresses healthcare’s stringent regulatory requirements through comprehensive compliance certifications including SOC2, General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), and the International Organization for Standardization (ISO) trust triad standards. The offering keeps healthcare data within the AWS environment and doesn’t store it or use it for training when accessing through Amazon Bedrock from an Amazon VPC connection. To prevent hallucinations, WRITER uses a proprietary Knowledge Graph and domain-specific models:

Knowledge Graph – Anchors AI responses in an organization’s verified internal data such as clinical trial data and approved medical libraries, achieving over 86% accuracy on clinical benchmarks.
Traceability and auditability – AI-generated drafts are fully auditable, providing links back to the source evidence, making claims defensible.
Palmyra Med – The WRITER medical-specific LLM is trained in standards such as ICD-10-CM, SNOMED CT, and RxNorm to provide technical precision in coding and documentation.

Real-world implementations demonstrate WRITER’s transformative impact on healthcare operations. CirrusMD’s deployment achieved a 234% increase in physician benefits recommendations and a fifteen-fold improvement in patient benefits engagement, with implementation timelines reduced from 1 year of in-house development to 6 months using WRITER’s platform.

Healthcare organizations report up to 70% productivity increases in medical record summarization processes, while a top 5 health plan achieved 60% productivity gains and reduced legal compliance review from 6 weeks to 5 days.

WRITER embeds AI into core workflows that unlock new capacity and streamline operations:

Utilization management letters – Traditionally time-intensive and compliance-heavy processes are now generated with both clinical accuracy and human nuance.
RFP responses – Previously taking weeks, these are now completed faster while maintaining quality and regulatory alignment.
Clinical documentation – Automated generation of high-quality clinical summaries reduces physician administrative burden while improving documentation consistency.

Palmyra Med is priced at $10 per 1 million output tokens compared to GPT-4’s $60 per 1 million output tokens. This pricing structure means that healthcare organizations can deploy AI capabilities at scale without prohibitive operational costs. The service addresses healthcare organizations’ financial pressures through demonstrable efficiency improvements and cost reductions. Healthcare organizations’ productivity gains translate directly to cost savings through reduced processing time, improved staff utilization, and enhanced operational throughput.

By automating routine tasks, WRITER frees healthcare professionals to focus on high-value activities that require human judgment and clinical expertise, directly addressing the industry’s structural labor shortages.

Conclusion

As healthcare evolves toward personalized medicine and integrated care delivery, organizations need more than automation. They need intelligent systems that understand clinical nuances, administrative complexities, and regulatory demands. WRITER’s purpose-built approach to healthcare AI, combined with the robust infrastructure and security of AWS, creates a foundation for healthcare organizations to lead this transformation.

The documented results speak for themselves: 234% increases in physician engagement, 70% productivity improvements in clinical workflows, and 60% gains in administrative efficiency. These aren’t theoretical benefits—they’re measurable outcomes achieved by healthcare organizations already using WRITER’s capabilities on AWS.

The platform’s comprehensive compliance framework, specialized medical AI models, and proven implementation methodology address the unique challenges healthcare organizations face while enabling them to capture the opportunities of AI-driven care delivery.

The future of healthcare is being written today by organizations that embrace intelligent automation while maintaining the highest standards of patient care and regulatory compliance. WRITER on AWS provides the foundation for this transformation, offering healthcare organizations a proven path to operational excellence and improved patient outcomes.

Ready to transform your healthcare workflows with AI? With WRITER, AWS Partners have a powerful ally in bringing this future to life. Begin your journey with implementing AI in healthcare today by requesting a demo and learning more about WRITER’s Palmyra on Amazon Bedrock.

Start your healthcare AI transformation today and join the organizations already realizing the benefits of intelligent, compliant, and effective healthcare intelligence.

WRITER – AWS Partner Spotlight

WRITER is an AWS Advanced Technology Partner that provides a full-stack generative AI platform that empowers enterprises to deploy AI agents and workflows with built-in security, governance, and control across highly regulated industries.

Contact WRITER | Partner Overview | AWS Marketplace

New AWS ISV Accelerate benefits: Unlock the co-sell advantage

Cara Bohmann — Mon, 16 Mar 2026 19:05:35 +0000

By Cara Bohmann, Charlene Vela, Patricia Kim, and Eduardo Estrada – Sr. Co-Sell Initiative Managers, AWS

Co-selling is one of the most powerful growth levers available to AWS Partners—and the data backs it up. According to a Canalys study, 65% of Partners close deals faster by co-selling with AWS, resulting in larger deals for 54% of Partners.

To continue investing in your co-sell success, we’re introducing new benefits for the AWS ISV Accelerate (ISVA) Program, designed to help you accelerate growth through funding and specialized workshops—plus access to agentic capabilities in AWS Partner Central.

Benefits

The new ISVA Program benefits include:

Marketing Development Funds 

Unlock Marketing Development Funds (MDF) to accelerate go-to-market activities and drive demand generation to grow your sales pipeline. This benefit is available to Partners newly enrolled in ISVA after January 1, 2026.

To access funding, Partners must implement Partner Revenue Measurement and meet co-sell engagement requirements. For full eligibility criteria, review the MDF Guide in AWS Partner Central (login required).

Partner Workshops 

Get access to in-person workshops where you can join leaders from AWS and fellow AWS Partners to learn how to build an effective go-to-market strategy and scale your customer reach through AWS Marketplace. These sessions cover co-selling best practices, tools and capabilities, program benefits, and customer success stories—so you can learn what’s working, sharpen your approach, and maximize your engagement with AWS.

AWS Partner Central agents

In addition to these program benefits, the new agentic capabilities in AWS Partner Central enhance sales pipeline visibility by delivering real-time, conversational intelligence directly on the Opportunity listing page—so you can instantly surface deals that need attention based on stage progression and upcoming deadlines.

Partner testimonials

ISVA Partners are seeing strong results. “Through the AWS ISV Accelerate program, Sumo Logic has increased co-sell engagement with AWS by more than 70%, unlocking stronger joint execution and pipeline growth,” said Ruthy Ross, Global AWS Alliance director at Sumo Logic. “Participation in MPOPP has enabled us to win high-profile customer logos, validating the strength of our joint value proposition. By transacting in AWS Marketplace, we’ve helped customers save millions while simplifying procurement. ISVA has been a critical accelerator in our AWS journey, driving measurable outcomes for both our organizations.”

That co-sell engagement translates directly into business outcomes. “Being part of the AWS ISV Accelerate Program has strengthened Qlik’s partnership with AWS,” said Jessica DuBois, Senior Director, AWS Alliance at Qlik. “The ISVA Program helped us expand and deepen co-sell engagement across our joint field teams, accelerating sales cycles and creating greater commercial value for shared customers. In 2025, our customer wins increased 41% YoY globally, AWS Marketplace TCV increased 13% YoY, and MPPO quantity 16% YoY. Overall, ISVA has significantly amplified our joint impact—technically, commercially, and in the market.”

Get started

Ready to take advantage of these new benefits? Here’s how to get started:

Register for an upcoming workshop in AWS Partner Central.
Implement Partner Revenue Measurement to unlock funding and revenue insights. Review the MDF Guide in AWS Partner Central to learn more about eligibility and how to access funding.
Review the ISVA Program Guide for program benefits and requirements.

To unlock the full potential of co-selling with AWS, we recommend the following best practices:

Designate a co-sell point of contact to manage business planning and strengthen alignment with your AWS team.
Migrate to the AWS Partner Central in the AWS Console to take advantage of new agentic capabilities and Partner Revenue Measurements insights.
Share opportunities and leads on an ongoing basis. Make sure your AWS Marketplace listings are up-to-date and linked to relevant opportunities to improve visibility with AWS Sales teams.

Looking ahead, we’ll continue investing in enhancements to help Partners increase discoverability and accelerate solution enablement with AWS.

Introducing AWS Partner Central agents

Nicole Schreiber — Mon, 16 Mar 2026 18:55:24 +0000

By Nicole Schreiber – Partner Experience Lead, AWS
By Prachi Bhopatkar – Senior Product Manager, Partner Systems, AWS
By Tom Thayer – Global Leader, ACE Program, AWS

Organizations today have more data and more tools than ever before, and with that comes increasing operational demands on teams. Partners shared that they need faster, more effective ways to sell with AWS and close deals—but fragmented data, siloed expertise, and the manual coordination required to move a deal forward all slow momentum when it matters most.

That’s why we’re excited to announce the AWS Partner Central agentic experience, powered by Amazon Bedrock AgentCore. AWS Partner Central agents automate administrative tasks and streamline opportunity management, guiding actions across co-selling, funding, and beyond.

Agents don’t just speed up the existing process; they change what’s possible:

Expertise on demand. Your teams get the guidance they need—sales plays, customer and pipeline insights, funding recommendations, next-step intelligence—when they need it.
Coordination that happens automatically. Agents initiate workflows on your behalf, pre-populating available data, so your team spends time on decisions, not data entry. And with Model Context Protocol (MCP) servers, Partners can connect their existing tools and systems directly to agents—reaching teams from within the tools they already work in on a day-to-day basis.
Personalization at scale. Get tailored guidance within your workflows: custom next steps to progress a particular deal, targeted recommendations for funding benefits, sales plays curated to the specific opportunity. What used to require hours of manual customization now happens in minutes, shortening sales cycles and accelerating time-to-close.

Agentic capabilities

These agentic capabilities are embedded directly in AWS Partner Central to accelerate co-selling, helping you:

Get pipeline and opportunity insights

Agents enhance sales pipeline visibility by delivering real-time, conversational intelligence directly in Partner Central. Ask the agent to identify deals that need attention, flag opportunities approaching key deadlines, or summarize where your pipeline stands, and it responds with the context you need to act, instantly.

Accelerate deal progression

Accelerate opportunity progression through intelligent next-step recommendations to advance each deal. Upload meeting transcripts, notes, or emails and let agents populate the relevant opportunity fields for you. Not only does this reduce the manual effort required to keep deals moving, but agents can generate tailored sales plays on demand, transforming how they support customers at scale and accelerating deal velocity across their entire pipeline.

Optimize funding

Instead of spending hours researching funding benefits, comparing opportunity fields to offline eligibility requirements, or digging through documentation to find answers, agents identify opportunities in your pipeline that qualify for benefits, surface real-time eligibility, and flag gaps to qualification. They can instantly create fund requests pre-populated with relevant opportunity data—eliminating manual entry, increasing funding utilization, and accelerating time to funding. This means you can close more deals, faster—making funding part of how deals get closed, not a step that happens after.

Connect agents to your existing tools

Get these capabilities directly in the hands of your team. With MCP integration, you can build custom integrations or leverage third-party automation solutions that bring Amazon Web Services (AWS) intelligence directly to the tools your teams already use. Explore automation capabilities.

Watch a demo of AWS Partner Central agents

Success stories

AWS Partner Central agents are helping teams accelerate opportunity management, surface funding insights, and move deals forward faster than before. Early feedback from Partners has been positive.

WatchGuard noted that agents help them accomplish tasks in minutes that previously took days, while also surfacing valuable funding insights for relevant deals.

“We’ve seen a dramatic acceleration in how quickly we can manage and optimize opportunities in ACE,” said Danny Banks, Technical Business Development at WatchGuard. “Specifically, tasks that took days now take minutes thanks to the agent’s depth of knowledge and responsiveness. We’re also realizing greater returns on our APN investment, as the agent surfaces funding insights that were previously buried in extensive enablement documentation. This is exactly the kind of innovation that moves our business forward.”

KXC Tecnologia experienced how agents transform sales conversations by surfacing customer intelligence that turns cold outreach into informed engagement.

“Instead of walking into cold calls with just a name and LinkedIn profile, our SDR team now has the customer’s pain points mapped out, compliance requirements identified, and budget projections ready,” said Alex Assis, CTO at KXC Tecnologia. “That’s not a cold call anymore—it’s a warm conversation with a map. Architects come prepared with scoped architecture and POC frameworks, not starting from scratch.”

Integration Partners

AWS Partners are building custom automation solutions that extend agent capabilities into existing systems and workflows.

Archera worked with AWS Partner Labra and their AI agents to automate revenue operations and funding workflows.

“Labra’s AI agents help partners operationalize Cloud GTM by guiding opportunity progression, optimizing marketplace transactions, and identifying the right AWS funding programs to accelerate deals,” said Jaren Tilley, VP of Alliances and Ecosystems at Archera. “Together, these capabilities help partners move faster.”

Hyland, working with AWS Partner WorkSpan, is piloting agent capabilities that bring proactive deal guidance directly into their sellers’ workflows.

“WorkSpan has been instrumental in helping Hyland operationalize our AWS co-sell motions, from AWS Marketplace transactions to funding program execution,” said Alecia Hitchman, Alliance Manager at Hyland. “As we’ve scaled, the need for smarter deal guidance has only grown—and the AI Agent pilot is a natural next step. The AI Agent represents an exciting evolution, giving our sellers proactive guidance on program eligibility, incentive amounts, and SCA budget availability right within their workflow.”

Get started

Agents are available today for Partners who have migrated to the new AWS Partner Central experience in the AWS Console. Here’s how to get started:

New Partners: Register as an AWS Partner in the AWS Console.
Existing Partners: Migrate to the new AWS Partner Central experience. For step-by-step guidance, review the Migration Guide.

Partners can also access agents directly through their CRM via MCP server. Explore automation and integration options.

Need migration support? Explore professional services from AWS Partners to help accelerate your migration and set you up for success from day one.

Looking ahead
This is only the beginning. We’ll continue to launch agentic capabilities throughout 2026 to empower Partners at each stage of their journey.

Strengthening application security: How Detectify and AWS help enterprises control their attack surface

Parascovia Digori — Wed, 11 Mar 2026 18:00:06 +0000

By: Parascovia Digori, Partner Solutions Architect – AWS
By: Carlos Villalon Herrera, Partner Solutions Architect – AWS
By: Rickard Carlsson, CEO and Co-Founder – Detectify
By: Haris Kabiljagic, Head of Cloud Operations – Detectify

Detectify

In an era where attackers identify vulnerabilities within minutes of exposure, static security can’t keep pace. Research shows that over 70% of organizations have experienced a cyberattack starting with the discovery of an unknown or unmanaged asset. As enterprises scale their AWS environments, they need more than just tools; they need a dynamic, community-powered security ecosystem that adapts as quickly as threats emerge. In this post, we explore how Detectify’s AWS-integrated solution provides the continuous visibility required to close these security gaps before they’re exploited.

Detectify, an AWS Advanced Technology Partner, helps security leaders move beyond point-in-time testing toward a resilient, automated posture that matures alongside their business. By combining Surface Monitoring, Application Scanning, and direct integration with AWS, Detectify’s enterprise solution continuously discovers, tests, and secures external assets. Together, Detectify and AWS help security and IT leaders align business growth and security maturity. This collaboration exemplifies the AWS Shared Responsibility Model in action.

The challenge: Visibility in the age of sprawl

Your organization builds for speed. Modern DevOps pipelines, microservices, and distributed teams have accelerated innovation, but they’ve also made it difficult for security teams to maintain visibility into every internet-facing asset. Shadow IT, mergers and acquisitions (M&A) activity, and multi-cloud environments only add complexity.

You now manage thousands of domains and web assets, many of which are created and forgotten during rapid development cycles. Traditional security scanning tools often rely on point-in-time tests, missing newly deployed or misconfigured assets between scans. As a result, you face a growing number of unknown vulnerabilities and blind spots where risk accumulates.

This reality demands a shift from reactive, periodic testing to continuous discovery and monitoring. Your security team can no longer rely on static lists; they need a solution that maps the unknown to establish a foundation of control. This is where Detectify excels, moving beyond basic asset management to provide a continuously updated inventory of internet-facing assets, backed by a global community of ethical security researchers who feed real-world exploit knowledge into the service.

Detectify and AWS: Security that scales with your business

Built on AWS, Detectify’s enterprise platform provides an always-on, automated way to identify and prioritize vulnerabilities across the entire attack surface. The solution combines two powerful components:

Surface Monitoring: Continuously discovers and classifies internet-facing assets, including unknown domains, shadow IT, and inherited web properties. This provides security teams with a complete, dynamic map of their organization’s attack surface.
Application Scanning: Goes beyond basic Common Vulnerabilities and Exposures (CVE) matching by using a stateful, payload-based engine to identify complex vulnerabilities such as Server-side Request Forger (SSRF), SQL injection (SQLi), and broken access control. What makes Detectify unique is our community-powered intelligence: we automate the latest findings from an elite group of ethical hackers. This means when a new exploit is discovered in the wild, it’s often turned into a scan check for our customers within hours, providing protection that traditional, database-reliant scanners miss.

Detectify’s architecture benefits from the scale, resilience, and flexibility of AWS infrastructure, which means that enterprises can use Detectify to scan global assets at speed without straining internal systems. Beyond identifying risks, we provide detailed remediation guidance for every finding, helping developers fix issues faster. Integrations with Amazon Route 53 to get DNS attack surface data and partner workflows, such as Jira, Slack, and continuous integration and delivery (CI/CD) pipelines, make it straightforward to embed security directly into existing processes.

See how automated classification turns a list of unknown assets into an organized inventory, with specific recommendations on which high-value applications and APIs require deep scanning.

Figure 1: Detectify Application Scanning recommendations

The result: faster detection, fewer blind spots, and a security posture that confidently scales with business growth.

Customer spotlight: ABC Fitness Solutions

A strong example of Detectify’s enterprise impact is ABC Fitness Solutions, a global leader in fitness software serving over 31,000 gyms and studios across 100 countries and processing nearly USD $11.5 billion in annual payments. Read the full case study to learn more about their security journey.

Like many fast-growing organizations, ABC Fitness expanded through multiple acquisitions, inheriting more than 15 websites and a variety of technology stacks hosted across AWS. Each acquisition brought valuable digital assets but also introduced potential risks: hidden vulnerabilities, outdated technologies, and configuration mismatches. For their security team, gaining visibility across this heterogeneous environment was an essential priority.

To bring order and control to their sprawling digital landscape, ABC Fitness adopted Detectify Enterprise. Quickly, the platform provided a unified view of internet-facing assets, highlighting forgotten domains and technologies in need of consolidation.

Detectify’s Surface Monitoring gave the team a real-time inventory of their external assets, while Application Scanning identified vulnerabilities that posed genuine business risk. Integration with Jira streamlined remediation by automatically converting high-signal vulnerabilities into tickets, so that developers can act without switching tools.

“Using Surface Monitoring identifies what technologies each of our acquisitions has, the versions of those technologies, and if they’re outdated, so we can align as an enterprise.” – Enterprise Security Architect at ABC Fitness

For ABC Fitness, Detectify provided more than visibility, it created a shared language between developers and security teams. Vulnerabilities became actionable tasks, not abstract reports. The result was a faster remediation cycle, stronger compliance readiness, and a consistent global security baseline.

Figure 2: Detectify Surface Monitoring discovery of Domains

How Detectify and AWS help enterprises stay ahead

Detectify operates as a continuous, outside-in security layer. By assuming the perspective of a sophisticated attacker, our platform identifies and tests your AWS-hosted assets from the public internet, exactly as a threat actor would, while using AWS connectors to help ensure no asset is left unmapped. Here’s how the joint approach benefits customers:

Continuous discovery at cloud scale
Detectify doesn’t just scan; it integrates. By connecting directly to Amazon Route 53 and other AWS services, we ingest your DNS data to build a real-time inventory. This inside-out knowledge combined with outside in scanning helps ensure that even shadow assets or forgotten staging environments are brought under security’s control.
Comprehensive testing, inspired by real threat actors
Detectify’s community of ethical security researchers contributes real-world security issues that are continuously translated into automated tests. This allows the solution to reflect current cyber attacker behavior, using payload-based testing to verify exploitability rather than relying on static databases.
Streamlined remediation and DevSecOps integration
Through integrations with tools like Jira, Slack, and CI/CD pipelines, Detectify enables security findings to reach developers faster. Security becomes an enabler rather than a bottleneck, critical for enterprises adopting DevSecOps models.
Extending visibility with internal scanning agents
While our core strength is the external attack surface, we are expanding the hacker’s view to the private network. By using Detectify’s internal scanning agents, you are able to deploy our elite Dynamic Application Security Testing (DAST) capabilities inside your private VPCs to secure internal-only applications with the same precision as your public ones.
Simplified procurement and deployment through AWS Marketplace
Available on the AWS Marketplace, consumers can use Detectify to subscribe, deploy, and scale security capabilities through existing AWS contracts. This helps enterprise buyers align security procurement with cloud governance and budgeting practices.
Always-on security built on AWS
By running natively on AWS, Detectify benefits from the same reliability, scalability, and compliance standards that enterprises trust in their own AWS environments. Together, AWS and Detectify enable a secure foundation for continuous innovation.

Why it matters for AWS Partners and customers

For AWS Partners, the Detectify story illustrates how collaboration can unlock mutual value: combining AWS’s scale and infrastructure with Detectify’s security expertise to deliver measurable outcomes for joint customers.

For customers, it demonstrates that managing a sprawling attack surface is achievable without adding complexity. By using AWS and Detectify together, organizations gain:

Full visibility into internet-facing assets
Continuous vulnerability testing informed by live security research
Streamlined workflows that accelerate remediation
A scalable model for managing security across global operations
In short, enterprises can move faster, without losing sight of what they’re exposing.

Getting started

Detectify’s enterprise security solution is available through AWS Marketplace, offering a streamlined path to deployment. Organizations can begin with a comprehensive attack surface assessment and scale seamlessly to continuous security monitoring, while maintaining integration with their existing AWS infrastructure.

To learn more about how Detectify can help secure your expanding digital footprint, contact us for a security discovery session or schedule a demo.

Detectify – AWS Partner Spotlight

Detectify is an AWS Advanced Technology Partner specializing in automated security solutions that continuously discover and test external attack surfaces. Their solution combines ethical hacker research with automated scanning to help enterprises maintain security confidence at scale.

Contact Detectify | Partner Overview | AWS Marketplace

Enhancing Security Incident Response with AWS Partners: Program updates and capabilities

Dean Lawrence — Tue, 10 Mar 2026 19:19:54 +0000

By: Dean Lawrence, Security Partner Lead, Incident Response – AWS

We’ve seen it time and time again since launching the AWS Security Incident Response service in 2025—a swift, coordinated response that includes people, process, and technology is how teams successfully resolve security incidents. We’re continuing to enhance the capabilities of the service based on customer feedback, and we’re strengthening our collaboration with AWS Security Partners, helping to bring their deep expertise in incident response detection and recovery to our customers.

What is AWS Security Incident Response?

AWS Security Incident Response helps customers accelerate each phase of the incident response lifecycle: preparation, detection and analysis, containment and recovery, and post-incident learning. Our approach focuses on helping customers improve their ability to respond to and recover from security incidents while reducing impact to their organization.

Customers can customize incident response across accounts with centralized team coordination, permission management, and communication channels for faster resolution. This helps organizations strengthen their processes before security events occur and optimize the use of Amazon Web Services (AWS) security capabilities during an active event.

From automated monitoring and triage of security findings to automated containment, the service streamlines every step of the security incident response lifecycle. When expert assistance is needed, customers have direct around-the-clock access to AWS security experts, who can investigate and coordinate response efforts across multiple providers and even perform containment actions on behalf of the customer.

AWS Security Incident Response partners play a crucial role in this journey by helping customers implement these capabilities effectively. Partners provide incident response expertise, managed security services, and proven methodologies that help organizations accelerate their security incident response programs. Through the AWS Security Incident Response Partner Specialization Program, customers can access validated partner solutions that integrate seamlessly with AWS services while meeting rigorous technical standards.

Recent enhancements to these workflows have focused on improving customer experience through simplified automation setup, expanded detection capabilities, and more flexible response options. These improvements help security teams work more efficiently while maintaining the security controls needed to protect their AWS environments.

We’ve recently enhanced these capabilities to provide improved playbook customization options, making it easier for security teams to tailor their response procedures. The expanded service integrations and streamlined automation setup workflows help teams respond faster and more effectively to potential incidents, reducing mean time to resolution.

Recent enhancements include AI-powered capabilities that reduce security event investigation time. The new AI investigative agent delivers the speed and efficiency of AI-powered automation, backed by the expertise and oversight of AWS security experts. The investigative agent is included at no additional cost with Security Incident Response, which now offers metered pricing with a free tier covering your first 10,000 findings ingested per month. Beyond that, findings are billed at rates that decrease with volume. This consumption-based approach means you can scale usage as your needs grow, reflecting our commitment to helping customers of all sizes get value from Security Incident Response more easily while maintaining the same trusted service and support.

AWS Partners enhance customer incident response capabilities

AWS Security Incident Response provides the foundation for resolving security incidents, and our AWS Partners are essential collaborators in helping customers strengthen their security posture, and respond to incidents collaboratively.

Today, we’re announcing additional partner integrations through the AWS Security Incident Response Partner Specialization Program. Customers can use these integrations to build automated operational and technology processes to drive further efficiencies in incident detection and response.

New partner integrations and capabilities with AWS Security Incident Response

Read on to learn about specific cases of AWS Partners integrating with Security Incident Response.

CrowdStrike
Falcon for AWS Security Incident Response strengthens cyber resilience for AWS customers with industry-leading protection from the AI-native CrowdStrike Falcon® platform. This delivers AI-powered incident response to help organizations respond to incidents faster, reduce risk, and strengthen their cloud security posture. Available in the AWS Marketplace, the Falcon platform’s advanced threat detection capabilities complement AWS Security Incident Response’s automated triage and investigation workflow, creating a comprehensive solution that spans the entire security incident lifecycle.

Cyber Security Cloud
Cyber Security Cloud provides CloudFastener, a fully managed service for AWS environments. CloudFastener helps customers centrally manage alerts from AWS security services and identify high-risk findings, while providing flexible support tailored to each customer’s cloud environment and organizational structure. It supports a broad range of cloud security operations, from governance and policy development to remediation and recovery activities. By combining CloudFastener’s fully managed security operations with AWS Security Incident Response, customers can quickly surface actionable insights from their AWS environments and accelerate remediation while reducing the operational burden on in-house teams. Learn more and get started with CloudFastener.

Elastio
Elastio is proud to join the AWS Security Incident Response initiative, helping customers strengthen cyber resilience and accelerate recovery across AWS environments. Through this integration, Elastio validates recovery points, quarantines compromised data, and confirms the integrity of backups. Incident Response teams can investigate safely and recover fast, and chief information security officers (CISOs) gain measurable, auditable proof of recovery readiness. This comprehensive approach to security reduces downtime, risk, and uncertainty after an incident. Learn more about Elastio for AWS Security Incident Response.

Fortinet
Fortinet FortiCNAPP integrates with AWS Security Incident Response, delivering unified visibility and control across AWS environments through a single platform for threat detection, risk assessment, and remediation. Complementing this integration, Fortinet offers specialized cloud consulting and FortiGuard incident response services—empowering AWS customers with end-to-end security expertise. From proactive risk assessments to rapid incident response, these services are powered by FortiGuard AI-driven threat intelligence and deep integration with AWS tools. Backed by proven methodologies and expert guidance, Fortinet helps organizations prepare for, respond to, and recover from security incidents faster and more effectively. AWS Security Incident Response customers can now effortlessly engage Fortinet’s services directly in AWS Marketplace.

Palo Alto Networks
Palo Alto Networks Unit 42 and AWS Security Incident Response partner to deliver seamless, end-to-end incident response services. The partnership provides customers with rapid access to Unit 42’s world-class investigative expertise and dramatically minimizes the critical time between an alert and full containment. Unit 42 offers qualified customers a No Cost Incident Response Retainer, available in AWS Marketplace. The No Cost Incident Response Retainer includes 250 hours of incident response services, a 2-hour response time agreement and 24/7/365 access to the Unit 42 team. Additionally, customers receive preferred pricing for Unit 42 proactive services through paid retainer offerings in the AWS Marketplace.

SentinelOne
Accelerate incident response from hours to seconds by moving from reactive investigation to autonomous response with SentinelOne’s native integration with AWS Security Incident Response. SentinelOne’s Singularity platform’s agentic workflow automation capabilities (Singularity Hyperautomation) integrate with AWS Security Incident Response to deliver automation and playbooks that orchestrate response actions like isolating impacted resources, generating notifications, and triggering containment. This eliminates manual work and handoffs during investigations to amplify human efforts, scale teams and dramatically reduce mean time to remediation (MTTR). To explore this automation-first approach, visit SentinelOne in AWS Marketplace.

Get started with AWS Security Incident Response partners

To learn more about working with AWS Security Incident Response partners, visit the AWS Security Incident Response partner page. By working together, AWS and our Security Incident Response partners help customers build robust, scalable security incident response capabilities that meet today’s challenging security requirements.

AVEVA and AWS expand cloud capabilities for industrial operations

Christophe Renard — Mon, 09 Mar 2026 15:56:04 +0000

By: David Nardone, Senior Technical Product Manager – AVEVA
By: Ernst Van Wyk, Senior Product Manager HMI/SCADA – AVEVA
By: Christophe Renard, Sr Partner Solutions Architect – AWS
By: Dr. Rajesh Gomatam, WW Manufacturing Principal Partner Solutions Architect – AWS
By: Dr. Henning Rudolf, Principal Partner Development Manager for Industrial – AWS

AVEVA

AVEVA, a global leader in industrial software, and Amazon Web Services (AWS) are strengthening their long-standing collaboration to help industrial organizations reduce IT challenges and accelerate cloud adoption. Building on their more than 10-year relationship, AVEVA has successfully validated key components of its industrial operations software portfolio on AWS infrastructure, creating new opportunities for digital transformation in industrial settings.

The collaboration between AVEVA and AWS began with the deployment of AVEVA PI System on AWS, which has become a cornerstone for data management in cloud environments for numerous industry leaders over the past 5 years.

Now, AVEVA has achieved two significant milestones with AWS in expanding its cloud capabilities:

Successful validation of AVEVA System Platform and AVEVA Manufacturing Execution System on Amazon Elastic Compute Cloud (Amazon EC2)
Integration of Amazon Relational Database Service (Amazon RDS) with AVEVA PI Data Infrastructure

Organizations can now manage their entire operational technology stack—from data collection and historization to advanced process control and manufacturing execution—within a unified AWS environment.

A recent Control Engineering study, Rethinking HMI/SCADA: Now and beyond, highlighted key challenges faced by industrial decision-makers:

59% struggle with system upgrades and maintenance efforts
49% face data integration challenges
37% grapple with both total cost of ownership and ease of making changes

The successful testing of AVEVA’s operations control solutions on AWS directly addresses these pain points, offering a path to more efficient, integrated, and cost-effective industrial operations.

AVEVA PI Data Infrastructure with Amazon RDS

Through the integration of Amazon RDS with AVEVA PI Data Infrastructure, industrial organizations can simplify and scale operational data management by running the PI Asset Framework’s SQL backend on AWS Cloud managed database services.

This integration blends the full scale of AWS secure, cloud-managed database capabilities with expert industrial operations data management from AVEVA, providing reliable, high-performing database infrastructure that can scale with a business’s evolving needs.

“AVEVA’s collaboration with AWS marks a significant step in our commitment to deliver flexible, hybrid-ready solutions for industrial data management. By enabling components of AVEVA PI Data Infrastructure to run on Amazon RDS, we’re giving customers more choice in how they modernize their operations while reducing IT overhead and accelerating time to value. AVEVA’s SaaS offerings on AWS will enable deployment times to be reduced from weeks to just minutes and cut maintenance costs for hardware and servers by up to 40%.”

Rob McGreevey, Chief Product Officer, AVEVA.

“Industrial companies benefit from cloud solutions that transform operations and deliver value—not just migrate data. By integrating Amazon RDS with AVEVA PI Data Infrastructure, energy and utilities customers can reduce operational overhead while gaining enterprise-grade security and seamless scalability as their operations grow.”

Howard Gefen, General Manager, energy and utilities industry, Amazon Web Services.

Key benefits of AVEVA software on AWS

The validated architecture uses AWS robust infrastructure while maintaining the high-performance standards that AVEVA’s solutions are known for. Key benefits include:

Reduced maintenance effort – Cloud deployment significantly decreases the time and resources required for system upgrades and maintenance.
Enhanced data integration – Standardized cloud interfaces and built-in connectivity options streamline data integration across systems.
Optimized total cost of ownership – Dynamic resource scaling, based on actual needs, helps control costs more effectively.
Increased flexibility – Cloud-based systems offer greater ease in making changes and adapting to evolving operational requirements.
Unified management – A single technology stack for AVEVA PI System, Supervisory Control and Data Acquisition (SCADA), and manufacturing execution systems (MES) simplifies overall system management and reduces complexity.

Future-ready industrial operations

The successful validation of AVEVA’s SCADA and MES on AWS, combined with the proven track record of AVEVA PI System, provides a clear pathway for comprehensive industrial digital transformation. Organizations can:

Take advantage of cloud elasticity for backup systems
Use emerging cloud technologies and advanced analytics
Maintain the reliability and security required for critical operational systems

As AVEVA finalizes comprehensive requirement documentation and architecture guidelines on AWS, the focus remains on providing seamless deployment experiences for customers.

A continuing collaboration for industrial innovation

AVEVA and AWS have been working together since 2015, delivering digital transformation solutions for industrial customers worldwide. The collaboration combines AVEVA’s industrial software expertise with scalable AWS Cloud infrastructure, creating innovative solutions that help manufacturers and industrial companies drive operational efficiency, boost productivity, and accelerate growth.

Customers can deploy solutions faster, reduce IT costs, and access their data from anywhere in the world, with low latency and high reliability. Sharing this trusted vision for a sustainable and efficient industrial lifecycle, AVEVA and AWS empower customers to foster innovation, reduce costs, achieve business objectives, and promote sustainable outcomes.

AVEVA and AWS remain committed to driving innovation in the industrial sector. These successful validations mark significant steps forward in their mission to provide flexible, scalable solutions that meet the evolving needs of industrial customers.

Get started

Existing AVEVA customers seeking to consolidate operational data across multiple sites or streamline administrative overhead for on-premises AVEVA software deployments can now take advantage of AVEVA’s new cloud offerings on AWS infrastructure. Additionally, organizations that previously hesitated to commit to large-scale on-premises AVEVA installations now have the flexibility to start small with the AVEVA portfolio and take advantage of the cloud’s elasticity and scalability to support their digital transformation journey. We encourage both current customers and prospective clients to connect with their AVEVA and AWS representatives to explore how they can deploy AVEVA software on AWS, either independently or with the assistance of a system integrator.

AVEVA – AWS Partner Spotlight

AVEVA is an AWS Energy & Utilities Software / Manufacturing and Industrial Software Competency Partner.
AVEVA is a global leader in industrial software, sparking ingenuity to drive responsible use of the world’s resources. The company’s secure industrial cloud service and applications enable businesses to harness the power of their information and improve collaboration with customers, suppliers and partners.

Over 20,000 enterprises in over 100 countries rely on AVEVA to help them deliver life’s essentials: safe and reliable energy, food, medicines, infrastructure, and more. By connecting people with trusted information and AI-enriched insights, AVEVA enables teams to engineer efficiently and optimize operations, driving growth and sustainability.

Contact AVEVA | Partner Overview

Continuous Compliance in the Cloud: Automating File Security for Regulated Industries

CJ Sturgess — Wed, 04 Mar 2026 23:33:18 +0000

By: Tim Wikander, Alliance Manager – OPSWAT
By: CJ Sturgess, Partner Solutions Architect – AWS

OPSWAT

Driven by the high value of financial data and personally identifiable information (PII), regulated industries such as banking, financial services, and insurance organizations face a mounting risk of cyber threats. As organizations in these industries continue to modernize and expand their cloud footprints, they often become larger targets for threat actors, despite increased investment in cybersecurity and stronger risk management processes.

In modernizing applications across these regulated industries, the digitization of customer interactions has made file upload capabilities an essential business function. However, this opens a new and expanded attack surface that sophisticated threat actors increasingly target. Financial institutions face particularly acute risks, from ransomware attacks targeting their cloud storage systems to novel, previously undisclosed (zero-day) exploits hidden in seemingly innocent file uploads. As these organizations process thousands of customer-uploaded documents daily, including loan applications, insurance claims, and more, even a single compromised file can lead to breaches, operational disruptions, and compliance violations.

OPSWAT, an Amazon Web Services (AWS) ISV Accelerate Partner, offers a unique solution for these challenges: MetaDefender Storage Security. Through advanced technologies such as Deep Content Disarm and Reconstruction (CDR), multi-scanning, and proactive data loss prevention (DLP), MetaDefender Storage Security safeguards cloud storage systems. By implementing robust file security processes and automation, organizations can maintain continuous compliance while ensuring seamless customer experience in an increasingly complex threat landscape.

The challenge

The acceleration of cloud adoption offers new and unique opportunities for financial institutions to scale their operations and enhance customer experiences. For example, as organizations transition from traditional Amazon Elastic Compute Cloud (Amazon EC2) instances to containerized environments using Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS), they can achieve greater operational efficiency and flexibility in deployment. However, this evolution can introduce complex security considerations, especially around file handling and storage access patterns. This is further compounded by the need to manage sensitive customer data across multiple Availability Zones and Regions while still maintaining compliance with industry regulations. For financial institutions, these may include the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA).

These challenges present a unique opportunity for forward-thinking organizations to reimagine their security posture and compliance strategies. By using advanced file security solutions, such as OPSWAT’s MetaDefender Storage Security, financial institutions can turn these challenges into competitive advantages. Implementing automated, policy-driven security checks across diverse cloud storage systems enhances protection against sophisticated attacks and streamlines compliance processes. Organizations that take this approach can confidently innovate and scale their cloud adoption while maintaining crucial security and regulatory requirements typical of the financial services industry.

Introducing MetaDefender Storage Security

To address these evolving security challenges, OPSWAT has introduced MetaDefender Storage Security (MDSS). This solution gives organizations a containerized, cloud-based approach to file security that aligns with their modern infrastructure requirements. Through a centralized management console, security teams can efficiently orchestrate security policies, monitor scanning activities, and maintain compliance across multiple storage locations. That includes locations such as Amazon Simple Storage Service (Amazon S3), Amazon Elastic File System (Amazon EFS) volumes, or hybrid environments.

OPSWAT’s MetaDefender Storage Security deploys seamlessly through Amazon ECS or Amazon EKS, which means organizations can scale their security measures in parallel with their infrastructure growth. This flexibility extends to deployment strategies, enabling real-time, on-demand, or scheduled scanning across multiple storage repositories. This software as a service (SaaS)-based solution deploys seamlessly and cost-effectively into your existing infrastructure, without extensive setup or storage administration. Further, this solution supports redundant and distributed architectures for continuous protection, minimizing downtime and maximizing service availability. Get up and running in minutes with ready-to-use protection.

Figure 1: Simplified storage security with MetaDefender Storage Security

Implementation and results

A major US banking institution with $31.6 billion in assets and over 1,850 employees successfully implemented this solution with substantial results. They faced a critical challenge: instituting secure file scanning across multiple accounts, Regions, and organizational units (OUs) while actively undergoing an Amazon EC2 to Amazon ECS or Amazon EKS transition. They used OPSWAT’s MetaDefender Storage Security to deploy a scalable solution that protects their extensive Amazon S3 storage infrastructure, overcome technical roadblocks, and meet strict compliance and performance needs. OPSWAT’s tailored configuration produced a successful deployment for the bank. This included supporting secure access to S3 buckets using AWS PrivateLink, consolidating operations under a single account, and deployment using Amazon ECS or Amazon EKS, which resulted in elastic scaling and better resource efficiency.

OPSWAT took a five-step approach to tailoring the configuration and deployment for the institution:

AWS Identity and Access Management (IAM) role integration with PrivateLink
Centralized resource management
Containerized deployment
Validated quality assurance (QA) environment
Flexible deployment strategy

The following diagram illustrates this five-step approach.

Figure 2: MetaDefender Storage Security tailored configuration

The results demonstrated immediate and substantial improvements in the bank’s security operations. Transitioning to an Amazon ECS or Amazon EKS deployment model enabled rapid rollout of policy and engine updates, leading to 75% faster security update deployments. Additionally, IAM role-based integration greatly reduced API key exposure risk, while AWS PrivateLink helped the bank achieve secure, high-throughput scanning. Comprehensive testing facilitated the successful deployment of MDSS across multiple Regions and accounts while supporting future scaling without the need to rearchitect security workflows.

To learn more about how OPSWAT solved this customer’s unique challenges, read the full case study at OPSWAT Powers Secure, Scalable S3 Access for a Major US Bank.

Benefits and impact

The implementation of MetaDefender Storage Security delivers several key benefits and measurable impact. For AWS customers, implementing MDSS offers a transformative impact on their cloud security operations and business efficiency. The solution’s automated S3 bucket discovery and continuous monitoring capabilities significantly reduce manual overhead while strengthening security posture through multiple layers of protection against advanced file-borne threats. Organizations can benefit from streamlined compliance processes with automated reporting and detailed audit trails, helping to meet regulatory requirements across their cloud infrastructure. MDSS’s flexible deployment methods support containerized deployment for efficient resource utilization, scalability, and high availability. This comprehensive approach enhances security through advanced features, including Deep CDR, multi-scanning, and proactive DLP, delivering real business benefits such as reduced operational cost, improved productivity, and faster deployment. The solution’s seamless integration with existing AWS services and support for hybrid environments means that organizations can maintain robust security controls while continuing to innovate and scale their cloud operations.

Getting started

Getting started with MetaDefender Storage Security is straightforward through the AWS Marketplace, where customers can quickly procure and deploy the solution. The solution’s flexible deployment strategy supports rapid deployment through Amazon ECS or Amazon EKS, while the intuitive management console simplifies the initial configuration of security policies and storage connections. OPSWAT provides comprehensive documentation and technical support to ensure a successful implementation, whether starting with a proof of concept or planning a production deployment. To begin protecting your cloud storage infrastructure, visit the AWS Marketplace listing for MetaDefender Storage Security, where you can review pricing options and launch the solution with only a few clicks. For organizations requiring additional guidance or custom configurations, OPSWAT’s technical teams are available to help design and implement a security strategy that meets your specific compliance and operational requirements.

Check out more AWS Partners, speak with an AWS Partner specialist, or contact an AWS representative to learn how we can help accelerate your business.

OPSWAT – AWS Partner Spotlight

OPSWAT is an AWS Advanced Technology Partner and AWS Competency Partner that provides software solutions to secure and manage IT infrastructure, protecting devices and helping secure digital data flow.

Contact OPSWAT | Partner Overview | AWS Marketplace

Say Hello to 165 New AWS Competency, Service Delivery, Service Ready, and MSP Partners Added in February

Nick Paris — Tue, 03 Mar 2026 19:52:01 +0000

By Nick Paris, APN Marketing Manager – AWS Partner Network

The AWS Partner Network (APN) is a global community that leverages Amazon Web Services (AWS) technologies, programs, expertise, and tools to build solutions and provide services for customers.

NEW! AWS Competency Partners

To succeed with cloud adoption in today’s complex IT environment and continue to advance in the future, customers can team up with an AWS Competency Partner.

Team up with our newest AWS Competency Partners:

AWS AI Competency

Applify | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
Blue Pearl | APAC | Generative AI Consulting Services
Cloud Combinator | EMEA | Agentic AI Consulting Services
Cloud Life Consulting | NAMER | Generative AI Consulting Services
Cognetiks Consulting | EMEA | Generative AI Consulting Services
dbSeer | NAMER | Generative AI Consulting Services
Digitspot Solutions | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
Effectual | NAMER | Generative AI Consulting Services
EFS Networks | NAMER | Generative AI Consulting Services; Agentic AI Consulting Services
ElectroMech CloudTech | APAC | Generative AI Consulting Services
HEXAWARE TECHNOLOGIES | NAMER | Generative AI Consulting Services
io Digital | EMEA | Agentic AI Consulting Services; Generative AI Consulting Services
JBS Dev | NAMER | Agentic AI Consulting Services
KIIRO | EMEA | Generative AI Consulting Services
N-iX | EMEA | Generative AI Consulting Services
Rebura | EMEA | Generative AI Consulting Services
Synechron | NAMER | Generative AI Consulting Services
tecRacer | EMEA | Generative AI Consulting Services
Trek2Summit | EMEA | Generative AI Consulting Services
爱动超越人工智能科技（北京）有限责任公司 | China | Generative AI Applications
Alice | NAMER | Generative AI Applications; Infrastructure and Data
autobotAI | NAMER | Generative AI Applications
AZLOGICA | LATAM | Generative AI Applications
Boost.ai | EMEA | Generative AI Applications
Cerbrec | NAMER | Generative AI Applications
Deepdub | NAMER | Generative AI Applications
Fenergo | EMEA | Agentic AI Applications; Agentic AI Tools; Generative AI Applications; Infrastructure and Data
ILLUIN Technology | EMEA | Generative AI Applications
John Snow Labs | NAMER | Generative AI Applications
SUPER 8 Studio | APJ | Generative AI Applications
Terra Security | EMEA | Agentic AI Applications
Tuya Global | China | Generative AI Applications

AWS Automotive Competency

FPT Software | APAC | Connected Mobility
NetApp | NAMER | Product Engineering

AWS Cloud Operations Competency

IAMOPS | EMEA | Operations Management

Consumer Goods Competency

Adastra | NAMER | Supply Chain
Datavail | NAMER | Manufacturing; Supply Chain
XalDigital | NAMER | IT & Digital Transformation; Manufacturing; Marketing; Product Development; Supply Chain
FourKites | NAMER | Supply Chain
Kasada | APAC | IT & Digital Transformation

AWS DevOps Competency

Eficode Oy | EMEA | Consulting Services
Magicorn Technology | EMEA | Consulting Services
Softtek | LATAM | Consulting Services
TemaBit | EMEA | Consulting Services
Bricks Software AS | EMEA | Continuous Integration & Continuous Delivery

AWS Education Competency

Process Street | NAMER | Teaching and Learning

AWS Financial Competency

Glassbox | EMEA | General Financial Services
Glia Technologies | NAMER | Banking

AWS Government Competency

Experis | EMEA | Citizen Services
Insight Enterprises | NAMER | Citizen Services

AWS Healthcare Competency

RISCPoint | NAMER | Consulting Services
Strata Analytics Group | NAMER | Consulting Services

AWS High Performance Computing Competency

NetApp Inc. | NAMER | HPC Management

AWS IoT Competency

iret | Japan | Consulting Services

AWS Life Sciences Competency

Kanda Software | NAMER | Consulting Services
ZiMetrics | APAC | Consulting Services

AWS Machine Learning Competency

Rapyder Cloud Solution | APAC | Consulting Services

AWS Mainframe Modernization Competency

Karsun Solutions | NAMER | Mainframe Workload

AWS Manufacturing and Industrial Competency

Applify | NAMER | Engineering and Design; Enterprise Solutions; Smart Manufacturing
Process Street | NAMER | Smart Manufacturing
Cohesity | NA | Resilience Recovery
Snowflake | NAMER | Content Production; Data Science and Analytics; Direct to Consumer; Media Supply Chain and Archive
Caleidos Media S.A.C. | LATAM | Migration Services

AWS Migration and Modernization Competency

Crayon Software Experts India | APAC | Migration Services
Dakok Company | APAC | Migration Services
LCloud | EMEA | Migration Services; Modernization Services
Modus Create | Scaling AI ROI in Regulated Industries | NAMER | Migration Services
Noveo | EMEA | Migration Services
Opsfleet | EMEA | Migration Services
Select Soluções | LATAM | Migration Services
Sutherland Global | NAMER | Migration Services
Temus | APAC | Migration Services
Trask Solutions | EMEA | Migration Services

AWS Networking Competency

Trustsoft | EMEA | Consulting Services
Console Connect | NAMER | Direct Connect Infrastructure Partners; Direct Connect Integrated Partners; Networking Connectivity

AWS Oracle Competency

Infosys | APAC | Consulting Services
Quantum Integrators Group | NAMER | Consulting Services

AWS Retail Competency

Brighting | EMEA | Consulting Services
Hyundai Futurenet | APAC | Consulting Services

AWS Retail Competency

Mara Labs | NAMER | Intelligent Supply Chain

AWS Security Competency

The Scale Factory | EMEA | Identity and Access Management
Abnormal AI | NAMER | Data Protection
Expel | NAMER | Threat Detection and Response
Heimdall Data | NAMER | Data Protection; Identity and Access Management
Netskope | NAMER | AI Security
Terra Security | EMEA | Application Security
Tevico (Comprinno Technologies) | APAC | Compliance and Privacy

AWS Small and Medium Business (SMB) Competency

Cloud4Partners | EMEA | Small and Medium Business
CloudPiles | LATAM | Small and Medium Business
Compass UOL | NAMER | Small and Medium Business
Loka | NAMER | Small and Medium Business
NHN Techorus | Japan | Small and Medium Business

AWS Travel and Hospitality Competency

Kasada | APAC | Digital Customer Engagement

NEW! AWS Managed Service Providers (MSPs)

Say hello to our newest AWS MSP Partners:

AWS Managed Service Provider Program

CACI | NAMER
Cambrian Technologies | EMEA
Concentrix Corporation | NAMER
Crayon | EMEA
Crayon Software Experts India | APAC
Dati | LATAM
Hong Kong Qineasy Technology | China
OpsGuru, a Carbon60 Company | NAMER
Sabytel Technologies | NAMER
Synthesis Software Technologies | EMEA
Tigo Business | NAMER

NEW! AWS Service Ready Products

The AWS Service Ready Program validates software products built by AWS Partners that work with specific AWS services.

Explore our newest AWS Service Ready Products:

AWS Lambda Ready Products

Beijing Zeasn Information Technology | China | Runtimes
KNOBS | EMEA | Deployment

AWS Security Incident Response Ready

Obok | LATAM

NEW! AWS Service Delivery Partners

The AWS Service Delivery Program validates AWS Partners that have deep technical knowledge, experience, and proven success in delivering specific AWS services to customers.

Work with our newest AWS Service Delivery Partners:

Amazon API Gateway Delivery Partners

10Pearls | NAMER
Aivar Innovations | APAC
Cloudwalker | EMEA
Insphere Solutions | APAC
Liberty TI | LATAM

Amazon CloudFront Delivery Partners

CLOUD CHARIOTS | EMEA
Nerdshub | EMEA
SCAFE | EMEA
Secure Way Technologies | EMEA
StarOne IT Solutions | APAC
UpperStack | LATAM

Amazon Connect Delivery Partners

Cronos NV – Scale division | EMEA

Amazon DynamoDB Delivery Partners

Bricom | China
Cloudwalker | EMEA
Whistlemind Technologies | APAC

Amazon EC2 for Microsoft Windows Server Delivery Partners

Marlocks Technologies | EMEA
West Loop Strategy | NAMER

Amazon ECS Delivery Partners

allOps Solutions | EMEA | Containers
Galactic Network | APAC | Containers
MakoLab | EMEA | Containers
Romexsoft | EMEA | Containers
XalDigital | NAMER | Compute; Containers; Serverless Computing

Amazon EKS Delivery Partners

ENREAP | APAC
Enreap Systems | EMEA
OpsTeam | LATAM

Amazon EMR Delivery Partners

Quantum Bits | APAC

Amazon QuickSight Delivery Partners

Computer Revolution Africa Group | EMEA
M2. technology and project consulting | EMEA
Necko Technologies | EMEA

Amazon RDS Delivery Partners

Shenzhen Yunwei Internet Information Service | China | Amazon Aurora MySQL; Amazon RDS for MySQL
SHINSEGAE I and C | APAC | Amazon Aurora MySQL
StarOne IT Solutions | APAC | Amazon RDS for Oracle
Stormit | EMEA | Amazon RDS for MySQL

Amazon Redshift Delivery Partners

Comprinno Technologies | APAC

AWS CloudFormation Delivery Partners

CloudZenia | EMEA
Enuaba Technologies | EMEA
Whistlemind Technologies | APAC

AWS Config Delivery Partners

EVOLVENX | LATAM
Stefanini IT Solutions | LATAM
Whistlemind Technologies | APAC

AWS Control Tower Delivery Partners

Reply | EMEA | Migration; Networking

AWS Database Migration Service (DMS) Delivery Partners

Aivar Innovations | APAC
Mayhive | EMEA

AWS Direct Connect (ISV and SI)

ACP Engineering (Formerly 56k.Cloud) | EMEA

AWS Graviton Delivery Partners

广州上鸣科技有限公司 | China

AWS IoT GreenGrass Delivery Partners

ACP Engineering (Formerly 56k.Cloud) | EMEA

AWS Lambda Delivery Partners

Arolit Global Services | APAC
cloudvests | EMEA
Max International | APAC
SDNit | EMEA
Structurit Consulting | EMEA

AWS Security Response Delivery

Ancrew Global Services | APAC

AWS Systems Manager Delivery Partners

DeltaOps | LATAM
Digitspot Solutions | EMEA
EVOLVENX | LATAM

AWS Web Application Firewall (WAF) Delivery Partners

Shenzhen Yunqiao Technology | China

More Value, Greater Profitability for AWS Partners

Learn how AWS is transforming the partner experience >>

Code Ocean and AWS transform reproducible scientific research with agentic AI

Ankith Ede — Mon, 02 Mar 2026 21:37:25 +0000

By: Ankith Ede, Solutions Architect – AWS
By: Jake Valsamis, Sr Product Manager – Code Ocean
By: Gokhul Srinivasan, Sr Partner Solutions Architect – AWS
By: Simon Adar, CEO – Code Ocean
By: Daniel Koster, VP of Product – Code Ocean

Code Ocean

Introduction

Cloud computing has transformed the life sciences industry, offering scientists access to vast computational resources: petabytes of storage and high performance compute. Yet this digital transformation comes with a paradox. Effectively and securely using the cloud requires engineering and DevOps skills that fall outside of the core expertise of most scientists. This gap has created pressure on research IT teams, who must balance the demands of infrastructure management and compliance while enabling scientists to focus on research.

As the pace of AI innovation accelerates, new demands are being placed on research IT because the safe and compliant use of these technologies hinges on IT-led governance. Generative and agentic AI accelerate scientific discovery by giving researchers the tools to analyze complex datasets and build workflows at scale using natural language. Although scientists are eager to adopt these tools, research IT must ensure secure implementation and meet both organizational and regulatory standards. Without adequate infrastructure, AI implementations risk security, IP exposure, inconsistent reproducibility, and lack of auditability.

In this post, we explore how organizations can adopt Code Ocean to empower research IT and equip scientists with a scalable, reproducible research platform. We’ll also highlight a real-world case study from the Allen Institute and introduce how research IT delivers secure, compliant access to agentic AI with Trusted Agents, which we recently launched in Code Ocean 4.0.

Scaling research IT with a FAIR and reproducible science platform

Code Ocean is a cloud-centered computational research platform that scientists can use to access cloud resources self-sufficiently while maintaining security, compliance, and cost control. Deployed within the customer’s Amazon Virtual Private Cloud (Amazon VPC) endpoint, Code Ocean provides built-in access to data and scalable compute for researchers to run analyses, freeing research IT from day-to-day support. Code Ocean automates the provisioning of cloud computing, which means scientists can focus on discovery rather than managing infrastructure.

At the core of the Code Ocean platform are integrated computational best practices. Code is automatically versioned with Git, so that every change is tracked and reversible. All analyses and pipelines are designed to be immutable and fully reproducible, which guarantees that any result can be recreated exactly as it was originally generated. Data lineage is captured for every result, providing a transparent record of how each output was produced from its source inputs. By working in Code Ocean all data, analyses, and pipelines are automatically findable, accessible, interoperable, and reusable (FAIR). Code Ocean also inherently supports the tools scientists already use, including RStudio, Jupyter, Code Server, Nextflow, and MLflow, which means business users can operate without dependency on research IT. The platform incorporates cost optimizations by default: storage is automatically tiered, idle compute resources are detected and shut down, and high-resolution budget monitoring provides clear visibility into spend. By embedding these capabilities into its platform, Code Ocean reduces the operational burden on research IT while giving scientists the flexibility to innovate and collaborate at scale.

From risk to readiness with Trusted Agents

Organizations are increasingly exploring the power of agentic AI to automate and accelerate the process of discovery. However, organizations must still consider secure, compliant, and documented usage before applying agent workflows in a highly regulated industry such as life sciences. It was these concerns that motivated Code Ocean’s latest release, Trusted Agents in version 4.0, which now enables research IT to bring secure, auditable AI to their organization. With this major release, Code Ocean provisions and manages AI infrastructure securely within the customer’s virtual private cloud (vpc), keeping sensitive data within the customer’s environment.

Code Ocean uses AWS Batch to run workflow pipelines and system jobs and Amazon Elastic Compute Cloud (Amazon EC2) instances for system services and workers. This provides built-in guardrails so scientists can use generative AI confidently within a compliant, controlled framework and work more independently with intelligent agents that guide analysis and assist with troubleshooting.

Secure AI infrastructure

Built on Amazon Bedrock, Code Ocean 4.0 uses large language model (LLMs) such as Amazon Nova Pro and Claude Sonnet by Anthropic in Amazon Bedrock, and supports agents built using agentic frameworks such as Strands Agents. This approach means that developers and scientists can safely use the latest AI capabilities without compromising security or compliance.

The following architecture diagram shows two EC2 instances with Code Ocean Amazon Machine Image (AMI) handling system services and worker tasks. LLM flows go to Amazon Bedrock. AWS Batch manages pipelines and system jobs, interacting with Amazon Elastic Container Service (Amazon ECS). Data is stored across different AWS data storage services.

Figure 1: Code Ocean AWS architecture for scalable workloads

Aqua: Trusted AI for reproducible science

The release introduces Aqua, a natural language AI agent designed specifically for scientists. Purpose-built to work within the context of Code Ocean, Aqua combines the reasoning power of Claude Sonnet models by Anthropic in Amazon Bedrock with the ability to retrieve platform-specific knowledge and execute actions directly. Using the Code Ocean Model Context Protocol (MCP), Aqua is equipped with 18 specialized tools for managing, searching, and executing tasks across platform resources. To ensure compliance and reproducibility, Aqua operates entirely within Code Ocean’s controlled environment, with several factors that underscore Aqua’s ability to generate fully tracked, reproducible, and accountable results:

Data assets accessed or created by Aqua are immutable.
Code generated by Aqua is executed within a Capsule for version control and reproducibility.
Results include full provenance, making the AI-generated output traceable to its underlying code, data, and environment.
Actions that Aqua performs are attributed to the specific user on whose behalf it operates, maintaining a comprehensive, auditable history.

The following screenshot shows the Code Ocean platform UI. On the left, the user asks Aqua the following question about the protein structure displayed on the right:

“What is the solvent accessible surface area of the 1GFL protein I’m viewing?”

With awareness of what is displayed in the platform UI, Aqua has all the necessary context to answer the question.

Figure 2: Aqua, Code Ocean’s AI assistant, embedded in the platform UI

The following screenshot shows the Aqua UI. On the left, an AI generated result of a single cell analysis is displayed. The right side shows the result’s lineage graph, which traces data flow from input, through capsule execution, to final reproducible result.

Figure 3: Aqua’s automated provenance and lineage tracking for AI-generated results

For developers, the release introduces Cline, a secure, context-aware coding agent embedded directly into Visual Studio Code (VSCode). Preconfigured through Amazon Bedrock, Cline provides LLM-powered coding assistance within a familiar development environment and enables integration of custom MCP servers into the Code Ocean platform.

Allen Institute scaled reproducible research with Code Ocean

Driven by the need for a secure, reproducible research platform, the Allen Institute, a Seattle-based research institute, adopted Code Ocean. Code Ocean accelerated Allen Institute’s transition to AWS and provided scientists with access to a scalable computing environment. By using Code Ocean’s integration with AWS services, researchers now consume over 1.75 million CPU hours and generate more than 150 TB of reproducible results each month. Using Code Ocean to manage scalability, cost controls, and compliance, the institute has scaled its data processing from terabytes to petabytes annually.

“Code Ocean makes it easy for our scientists to do their work reproducibly. New users to the platform can get far with just a little support; this gives our engineers time to focus on domain-specific challenges.”

– Dr. David Feng, Senior Director of Scientific Computing, the Allen Institute for Neural Dynamics

Three years into their partnership, the Allen Institute has already generated a data corpus on Code Ocean of over two petabytes, running over 450,000 computations totaling over 1,500,000 hours. They now support over 250 researchers across disciplines with the part-time effort of only five members of the research IT team.

Code Ocean: The trusted foundation for AI-driven science

The convergence of cloud computing and AI presents both a transformative opportunity and a growing challenge for life sciences organizations. As researchers strive to harness the power of these technologies, research IT needs to ensure security, compliance, and reproducibility at scale. Code Ocean bridges this divide, empowering scientists to innovate independently while allowing research IT to maintain full governance and control. The Allen Institute’s experience shows how research IT can use Code Ocean to support hundreds of researchers and petabyte-scale workloads through automation and easy access to scalable infrastructure.

Code Ocean Trusted Agents extends this foundation, providing scientists with secure, auditable access to AI capabilities within their own AWS environment. Aqua intelligent research assistant accelerates discovery with traceable and reproducible agentic analysis. It also acts as a real-time support agent, diagnosing build issues, interpreting AWS errors, and guiding users through complex workflows without IT intervention. Aqua frees IT teams to focus on infrastructure scaling and scientific innovation by cutting operational costs and boosting self-sufficiency.

Code Ocean delivers a future where every scientific breakthrough is reproducible, where researchers spend 100% of their time on discovery, and AI accelerates rather than complicates the scientific process.

Experience the future of secure, scalable science

Discover how Code Ocean empowers research IT and scientists to innovate faster with Trusted Agents. Book a demo today or visit www.codeocean.com to learn more.

Code Ocean – AWS Partner Spotlight

Code Ocean is an AWS Advanced Technology Partner that provides a Computational Science platform for life science Research and Development teams who want a fast and efficient way to start, scale, collaborate, and reproduce computational research

Contact Code Ocean | Partner Overview | AWS Marketplace

Unlocking API Security with Natural Language: How Salt Security’s MCP Server Transforms Insights into Action

CJ Sturgess — Mon, 23 Feb 2026 16:57:54 +0000

By: Michael Callahan, CMO – Salt Security
B:y CJ Sturgess, Partner Solutions Architect – AWS

Salt Security

APIs are sets of software instructions and protocols that enable applications to communicate and exchange data. Today, they’re the fabric of modern applications, connecting data, services, and, more recently, AI agents. Yet for many organizations, understanding the state of their API security can be a challenge. Security teams often face questions such as:

Which of our APIs are most at risk right now?
Which APIs process sensitive information such as personally identifiable information (PII) or financial data?
What policies are being violated that create posture gaps across our environment?
What’s the most effective and efficient way to fix them?

Traditionally, answering these questions requires specialized expertise, sifting through dashboards, and correlating logs and reports across multiple tools. This slows down remediation and keeps critical insights siloed within small security teams.

Salt Security, an AWS ISV Accelerate partner, aims to remove that complexity with the introduction of the Salt Model Context Protocol (MCP) server.

A breakthrough with MCP servers and natural language interaction

Salt Security’s new MCP server brings a fundamentally new way to engage with API security data: natural language. By connecting Salt’s solution with large language models (LLMs) through an MCP server, organizations can ask direct, non-technical questions in everyday language and instantly receive authoritative answers.

Imagine typing queries such as:

“Show me the APIs with the highest risk scores in the last 24 hours.”
“List APIs that expose sensitive customer data and aren’t governed by policy.”
“What policy gaps leave my APIs unprotected, and how do I fix them?”

Instead of spending several hours sifting through logs and reviewing your API security posture, the Salt MCP server delivers answers in seconds. More importantly, it goes beyond surface-level visibility to provide explanations and remediation guidance, making insights actionable for both security and development teams alike.

Customers can also use Pepper AI, Salt Security’s AI-powered natural language interface, to receive actionable insights about their API landscape, posture gaps, and risk. The following screenshot shows using natural language to query the API environment in the Salt MCP server.

Figure 1: The Salt Ask Pepper AI interface showing natural language querying capabilities for API security analysis

Solving the three core API security challenges

There are three central API security challenges that enterprises must address. They need to reduce the amount of time it takes to identify vulnerabilities, find a way to democratize API security knowledge, and make it possible for security teams to make faster, more informed decisions.

In security, every second counts. Traditional methods require analysts to parse raw logs, query dashboards, and build manual reports to pinpoint vulnerabilities. Salt’s MCP-powered natural language interface removes that friction, accelerating time-to-insight and enabling security teams to move at the speed of modern threats.

API security expertise is typically limited to a small group of specialists. With natural language interaction, stakeholders from developers to compliance teams can query Salt for insights without needing deep technical expertise. This democratization brings API security to the forefront across the organization, not only within the security operations center (SOC).

When posture gaps are identified, speed and clarity matter. Salt doesn’t merely flag the gap, it explains why the policy is in violation, what the associated risks are, and what steps can close the exposure. As a result, teams can act with confidence and align remediation with compliance and governance requirements.

Why this matters for AWS customers

For organizations running on AWS, the benefits multiply because Salt’s MCP server integrates seamlessly into cloud-centered environments. Customers can:

Maintain compliance posture using AWS security and data governance frameworks, including the AWS Well-Architected Framework and AWS Cloud Adoption Framework: Governance Perspective.
Simplify reporting for audits with natural language queries like “Which APIs with sensitive data lack encryption policies?”
Protect critical workloads by closing posture gaps faster and with less friction.

AWS customers can now bridge the divide between complex, multi-service API environments and actionable security intelligence, all while staying aligned with their cloud-first strategies.

Getting started with Salt Security’s API protection platform and MCP server

Getting started with Salt Security’s API Protection Platform is straightforward and flexible. Organizations can quickly procure Salt’s solution through AWS Marketplace, streamlining the purchasing and deployment process. For AWS customers, Salt’s Cloud Connect for AWS enables rapid integration with their cloud environment, typically taking only minutes to begin discovering and analyzing APIs. This automated connection alleviates the need for complex manual configurations or agent deployment, providing immediate visibility into API risks and vulnerabilities. As soon as the system is connected, teams can use the power of the Salt MCP server to start querying their API security posture using natural language, making advanced API security capabilities accessible across the organization.

The following screenshot shows the Salt Connector Hub, with its seamless connection to AWS.

Figure 2: Salt Connector Hub dashboard showing AWS environment integration options

The future of API security: From data to dialogue

With the rise of AI agents and LLM-driven workflows, security tools must evolve from static dashboards to interactive, conversational patterns. Salt Security’s MCP server represents that evolution. By empowering organizations to speak to their API security fabric in natural language, Salt is transforming the way teams can discover, govern, and protect their APIs.

The result? Faster insights, stronger security posture, and a security capability that scales with both the complexity of your environment and the pace of AI-driven innovation.

Check out more AWS Partners, speak with an AWS Partner specialist, or contact an AWS representative to learn how we can help accelerate your business.

Salt Security – AWS Partner Spotlight

Salt Security is an AWS Advanced Technology Partner and AWS Competency Partner that delivers an API Threat Protection solution focused on securing the ubiquitous APIs connecting everything from web and mobile applications to microservices and IoT devices. These are the APIs that you develop and own and are at the core of connecting your applications and data.

Contact Salt Security | Partner Overview | AWS Marketplace

How to manage peak traffic on AWS using Queue-it’s virtual waiting room

Jasmine Chua — Thu, 19 Feb 2026 16:29:15 +0000

By: Jasmine Chua, Sr. Account Manager – AWS
By: Alexander Guensche, Sr. Solutions Architect – AWS
By: Martin Larsen, Distinguished Product Architect – Queue-it
By: Mojtaba Sarooghi, Distinguished Product Architect and Engineering Manager – Queue-it
By: Christian Schøning, Head of Content & Product Marketing – Queue-it

Queue-it

Peak traffic events can drive website visits to spike 2 to 25 times, as experienced by Rakuten France and Ingresso, beyond normal levels within seconds, whether from planned launches or unexpected viral attention. While standard AWS best practices like auto scaling, load testing, and caching form essential foundations, they might not fully address scenarios where traffic arrives faster than capacity can provision, backend systems hit scaling constraints, or pre-scaling costs become prohibitive. Additionally, organizations running limited-inventory events face a fairness challenge that infrastructure scaling alone cannot solve.

A virtual waiting room provides a different approach. Unlike load balancers that distribute requests or distributed denial-of-service (DDoS) mitigation that filters threats, a waiting room is fundamentally a user experience solution that controls the rate at which visitors enter applications. This post explores how Queue-it, an AWS Partner, integrates with Amazon CloudFront to add traffic control capabilities while customers maintain their existing AWS architecture.

Understanding the challenge of peak traffic

Peak traffic moments span across industries and can be both planned and unplanned. They range from major product launches and concert ticket sales to unexpected media attention or viral marketing campaigns. Ecommerce organizations face product drops and flash sales. Ticketing companies manage concert sales and venue bookings. Public sector agencies handle registrations for services such as immigration, tax filing, benefit distribution, and parks and recreation access. Educational institutions navigate enrollment periods and housing registrations. Financial services providers experience payday and campaign-driven traffic spikes. Telecommunications companies prepare for device launches.

Real traffic patterns frequently diverge from modeled scenarios, introducing load characteristics that weren’t anticipated during testing. Automatic scaling mechanisms respond to observed load, but when traffic spikes faster than new capacity can provision, a gap emerges between demand and available resources. Backend dependencies like databases and payment processors often have inherent scaling limitations that make them bottlenecks even when frontend infrastructure scales successfully. The cost implications of pre-scaling infrastructure for short-duration events can significantly impact budget planning, particularly when peak magnitude remains uncertain.

Figure 1: A Queue-it customer saw traffic jump 561% within two minutes of a media mention, with spikes often reaching 2–25× normal levels.

Beyond technical considerations, organizations running limited-inventory events face an additional challenge: fairness. Without traffic control mechanisms, high-demand sales can become races measured in milliseconds, often dominated by automated bots rather than genuine customers, resulting in poor customer experience and damaged brand trust.

The business impact of inadequately managed peak traffic can be significant. According to industry research on downtime, 93% of enterprises report costs exceeding $300,000 per hour, while the Global 2000 experiences an average of $23 million annually in productivity losses and overtime wages, plus $11 million in additional infrastructure spending. From a customer experience perspective, 77% of customers will leave a site without transacting if they encounter an error, and one in three will leave a brand they love entirely after only one bad experience.

How Queue-it integrates with AWS architecture

Queue-it provides a managed software as a service (SaaS) virtual waiting room that manages visitor flow during high-traffic periods before giving them access to protected parts of applications at a controlled rate, preventing system overload and ensuring fair access for visitors. The solution operates as a control layer at the edge, integrating seamlessly with existing AWS infrastructure without requiring application re-architecting. The integration works through CloudFront using AWS Lambda@Edge functions to intercept and evaluate traffic before it reaches origin servers.

The integration centers on two lightweight Lambda@Edge functions running at ViewerRequest and ViewerResponse events within an existing CloudFront distribution. This edge-based approach means traffic evaluation happens at AWS edge locations closest to users without introducing latency to origin infrastructure. Configuration requires no DNS changes. An initial prototype integration, including basic testing, can be completed in less than an hour, with full production rollout and validation typically achieved within a day.

When a request arrives at a CloudFront distribution, the Queue-it Connector running as a Lambda@Edge function evaluates whether that request targets a protected resource and whether the visitor has a valid Queue-it token signaling they’ve already passed through the waiting room. Protection rules can be defined for entire sites, specific pages, or actions such as checkout, based on flexible configuration criteria like request URL, user agent, or HTTP header.

When a request requires protection and the visitor lacks a valid token, Queue-it Connector responds with an HTTP 302 redirect to send the visitor to waiting room infrastructure hosted and managed within Queue-it’s own AWS environment. All waiting room logic—including queue management, visitor handling, real-time reporting, monitoring, and rendering of the queue page—occurs outside the customer’s infrastructure, requiring no management effort and consuming none of the customer’s AWS resources. When it’s the visitor’s turn, another HTTP 302 redirect returns them to the site with a signed Queue-it token that grants access. The token remains valid for a configured duration, so the visitor can complete their journey navigating the application normally.

Figure 2: The Queue-it Connector checks incoming requests at the CloudFront edge, temporarily redirecting (HTTP 302) visitors to the waiting room when required, based on configured rules.

Architecture using AWS services

Queue-it’s virtual waiting room is built using AWS services to provide scalability and high availability. The architecture spans multiple AWS Regions and Availability Zones to support data residency requirements and performance optimization. Amazon DynamoDB serves as the primary datastore for queue state management, providing low-latency, high-throughput access for tracking session states and user positions in real time, scaling to handle hundreds of thousands of transactions per second.

Application Load Balancer and Amazon Elastic Compute Cloud (Amazon EC2) work together to distribute traffic intelligently across compute resources; delivering built-in fault tolerance, high availability, and seamless scalability. AWS Fargate provides the foundation for running containerized tasks without server management overhead. Additionally, Queue-it relies on AWS services to provide its core functionality: Amazon API Gateway for API security, Amazon Route 53 for DNS routing, Amazon CloudWatch for monitoring, and AWS Shield Advanced for advanced threat protection. To deliver visitor traffic monitoring and reporting as part of its core features, Queue-it uses Amazon Kinesis for scalable data streaming and Amazon OpenSearch Service for advanced search and visualization.

Figure 3: Queue-it is built on more than 10 core AWS services and runs all waiting room logic, queue management, and visitor handling on its infrastructure.

Operating capabilities

Real-time monitoring and control capabilities are essential for managing peak traffic events. Queue-it uses Kinesis and OpenSearch Service to enable real-time traffic monitoring and control through a web-based admin interface and REST APIs. During an active event, administrators can adjust traffic throughput based on system performance under load, update waiting customers with real-time messages, and pause the queue process and communicate with visitors if unexpected issues arise. These control mechanisms are supported by real-time traffic analytics dashboards, where administrators can monitor key metrics including arrivals per minute, current queue length, and average wait times.

Figure 4: The Monitor page in Queue-it’s web-based admin platform provides real-time metrics and can be used to adjust throughput based on backend system performance.

The customer experience during peak traffic shifts from encountering crashes and errors to receiving controlled access with clear communication. Queue-it provides first-in-first-out access through centralized request management or randomized access options for limited-inventory scenarios. Waiting visitors receive information including queue position, expected wait time, and progress indicators. Email notifications can alert visitors when their turn arrives. Visitors can queue across devices, and customizable branded waiting room pages maintain brand presence throughout the experience.

Figure 5: Visitors enter a branded waiting room that sets expectations, provides real-time updates, and shows their progress.

Customer examples

Sky Mobile, a UK telecommunications provider, used Queue-it’s virtual waiting room for their 2024 iPhone launch, achieving a 37% year-over-year increase in conversion rate to their previous solution and higher sales year-over-year despite smaller relative demand. By using the real-time visibility and control capabilities, they could optimize the event dynamically, running the waiting room for slightly more than an hour compared to 3 hours in 2023.

“The insights Queue-it provides into traffic and the level of control it gave us made a dramatic difference,”

– Kevin Lau, Service Manager at Sky Mobile

“If you have peak demand scenarios like an iPhone launch, Queue-it is really a no brainer,”

– Tom Grammer, Head of Mobile Services at Sky Mobile

His Majesty’s Passport Office processes 4–8 million passport applications annually, with 90% submitted online. To manage traffic spikes that were overwhelming their systems, the team scaled up their cloud infrastructure and even built an in-house waiting room, but the costs and risks were too high. Then they integrated Queue-it using the Connector for Amazon CloudFront and have successfully handled traffic spikes of nearly 70,000 applications while maintaining system stability and avoiding major outages.

“Queue-it really gives us and the business the confidence we need,”

– Elaine Salveta, Digital Services Manager at His Majesty’s Passport Office

“What we’re paying for with Queue-it is safety and reliability, and that’s paid off 100 times over,”

– Kevin Lewis, Product Manager at His Majesty’s Passport Office

Getting started

AWS customers interested in exploring virtual waiting room solutions for peak traffic management can find Queue-it on AWS Marketplace for streamlined procurement. To learn more, visit Queue-it AWS virtual waiting room.

Queue-it – AWS Partner Spotlight

Queue-it is an AWS Validated Technology Partner and a global leader in virtual waiting room technology. Trusted by more than 1,000 organizations and managing over 30 billion visitor interactions annually, Queue-it helps ensure stable operations during peak demand, orchestrating traffic to prevent overload, block bad bots, and improve customer experience. Built on AWS, Queue-it combines deep domain expertise and 24/7/365 global support to help major retailers, ticketing companies, government agencies, and financial institutions run mission-critical high-traffic online events with confidence.

Contact Queue-it | Partner Overview | AWS Marketplace

Say Hello to 224 New AWS Competency, Service Delivery, Service Ready, and MSP Partners Added in January

Nick Paris — Wed, 18 Feb 2026 21:30:01 +0000

By Nick Paris, APN Marketing Manager – AWS Partner Network

The AWS Partner Network (APN) is a global community that leverages Amazon Web Services (AWS) technologies, programs, expertise, and tools to build solutions and provide services for customers.

NEW! AWS Competency Partners

To succeed with cloud adoption in today’s complex IT environment and continue to advance in the future, customers can team up with an AWS Competency Partner.

Team up with our newest AWS Competency Partners:

AWS AI Competency

AllCode | NAMER | Generative AI Consulting Services
Armakuni | NAMER | Agentic AI Consulting Services
Cloudar | EMEA | Generative AI Consulting Services
CloudiQS | EMEA | Agentic AI Consulting Services
Codex | APAC | Generative AI Consulting Services
EDT&Partners | EMEA | Generative AI Consulting Services
HIBERUS IT DEVELOPMENT SERVICES | EMEA | Generative AI Consulting Services
Horizon Digital | APAC | Generative AI Consulting Services
Horus Technologies | NAMER | Generative AI Consulting Services
Idexcel | NAMER | Generative AI Consulting Services
Indra Sistemas (Minsait) | EMEA | Generative AI Consulting Services
INIT | APAC | Generative AI Consulting Services
Integra Technologies | EMEA | Agentic AI Consulting Services
Jump Cube | NAMER | Agentic AI Consulting Services
Kyndryl | NAMER | Generative AI Consulting Services
Lambert Labs | EMEA | Generative AI Consulting Services
Nebulane | EMEA | Generative AI Consulting Services
NeenOpal Inc. | NAMER | Agentic AI Consulting Services
Nextlink Technology Co. | China | Generative AI Consulting Services
Ollion or 2ND WATCH | NAMER | Generative AI Consulting Services
Royal Cyber | NAMER | Generative AI Consulting Services
TEKsystems Global Services | NAMER | Agentic AI Consulting Services; Generative AI Consulting Services
UsefulBI Corporation | NAMER | Generative AI Consulting Services
zeb | NAMER | Agentic AI Consulting Services
Cloudzero | NAMER | Generative AI Applications
Coder Technologies | NAMER | Agentic AI Tools
Pier Cloud | LATAM | Generative AI Applications
Process Street | NAMER | Generative AI Applications
Redis | NAMER | Infrastructure and Data
Tealium | NAMER | Infrastructure and Data
ZAFRAN SECURITY | EMEA | Generative AI Applications

AWS Cloud Operations Competency

11:59 | NAMER | Cloud Financial Management; Cloud Governance; Compliance & Auditing; Monitoring & Observability; Operations Management
B8 ICT Solutions | APAC | Cloud Governance
DreamSquad Tecnologia | LATAM | Cloud Financial Management
Out.Cloud | EMEA | Cloud Governance

AWS DevOps Competency

7EDGE | APAC | Consulting Services
adesso SE | EMEA | Consulting Services
Ancrew Global Services | APAC | Consulting Services
Andersen | EMEA | Consulting Services
Apexon | NAMER | Consulting Services
CloudifyOps | APAC | Consulting Services
LIMONCLOUD | EMEA | Consulting Services
Akeyless Security | EMEA | DevSecOps

AWS Digital Sovereignty Competency

Kyndryl | NAMER | Consulting Services
PricewaterhouseCoopers | NAMER | Consulting Services
SnapSoft | NAMER | Consulting Services

AWS Education Competency

Kunduz | EMEA | Teaching and Learning

AWS Financial Competency

AllCloud | NAMER | Banking; Capital Markets; General Financial Services; Insurance
Indra Sistemas (Minsait) | EMEA | General Financial Services

AWS Government Competency

CC Tech Digital | NAMER | Citizen Services; Public Safety
Veterans Engineering | NAMER | Citizen Services

AWS Life Sciences Competency

Benchling | NAMER
Quilt.Bio | NAMER

AWS Mainframe Modernization Competency

Thoughtworks | NAMER | Mainframe Workload

AWS Microsoft Workloads Competency

Futran Solutions | NAMER | Application Modernization

AWS Migration and Modernization Competency

Clouxter | LATAM | Migration Services
Ness A.T | EMEA | Migration Services
Netsync Network Solutions | NAMER | Migration Services
Operisoft Technologies | APAC | Migration Services
OpsTree Global | APAC | Migration Services

AWS MSSP Services Competency

F9 INFOTECH | EMEA | Infrastructure Security; Workload Security

AWS Networking Competency

upd8 | LATAM | Consulting Services
Cohesity | NA | Resilience Recovery
ControlMonkey | EMEA | Resilience Recovery
Gremlin | NAMER | Resilience Operations

AWS Security Competency

Digico Solutions | EMEA | Identity and Access Management
Trustsoft | EMEA | Identity and Access Management
1Password | NAMER | Infrastructure Protection

AWS Small and Medium Business (SMB) Competency

Cloutive Technology Solutions B.V. | EMEA | Small and Medium Business
Criptonube – Myappsoftware | LATAM | Small and Medium Business
Dedalus | LATAM | Small and Medium Business
Dualboot Partners | NAMER | Small and Medium Business
Dudobi | EMEA | Small and Medium Business
ForceOne | LATAM | Small and Medium Business
Ibexlabs / Labra | NAMER | Small and Medium Business
Lambert Labs | EMEA | Small and Medium Business
Optimum Healthcare IT and eCloud Managed Solutions | NAMER | Small and Medium Business
Smile IT Solutions | EMEA | Small and Medium Business
XalDigital | LATAM | Small and Medium Business

AWS Storage Competency

Nubinix Technologies | APAC | Consulting Services

AWS Travel and Hospitality Competency

Phrase | EMEA | Digital Customer Engagement

NEW! AWS Managed Service Providers (MSPs)

Say hello to our newest AWS MSP Partners:

AWS Managed Service Provider Program

Escala24X7 | LATAM
FCN | NAMER
Futran Solutions | NAMER
InfusionPoints | NAMER
Innovative Solutions | NAMER
Lentech | NAMER
Mantalus | APAC

NEW! AWS Service Ready Products

The AWS Service Ready Program validates software products built by AWS Partners that work with specific AWS services.

Explore our newest AWS Service Ready Products:

Amazon CloudFront Ready Products

太美医疗科技 | China | Security
北京生数科技有限公司 | China | Media Management
北京尽微致广信息技术有限公司 | China | Media Management; Monitoring & Analytics; Security
Zenlayer | NAMER | Media Management; Monitoring & Analytics

Amazon RDS Ready Products (Business Applications & Tooling)

浙江数新网络有限公司 | China | Business Applications
北京咖瓦信息技术有限公司 | China | Business Applications
北京尽微致广信息技术有限公司 | China | Business Applications

AWS PrivateLink Ready Products

SINGDATA CLOUD | NAMER

AWS Web Application Firewall (WAF) Ready Products

北京尽微致广信息技术有限公司 | China | Advanced Threat Detection & Mitigation; Logging/Analytics; WAF Managed Rules
Fuama Technologies | EMEA | Advanced Threat Detection & Mitigation

NEW! AWS Service Delivery Partners

The AWS Service Delivery Program validates AWS Partners that have deep technical knowledge, experience, and proven success in delivering specific AWS services to customers.

Work with our newest AWS Service Delivery Partners:

Amazon API Gateway Delivery Partners

Enuaba Technologies | EMEA
HexaIO Kft. | EMEA

Amazon CloudFront Delivery Partners

菲诺氪斯（重庆）科技有限公司 | China
神灏（北京）云计算科技有限公司 – Shenhao (Beijing) Cloud Computing Technology | China
Atyos | EMEA
HexaIO Kft. | EMEA
Japan Open Systems | Japan
Marlocks Technologies | EMEA
Shenzhen Fuwen Cloud | China
Starto Spark | APAC
twoday | EMEA

Amazon Connect Delivery Partners

AandT Systems | NAMER
Applogika | NAMER
CXBuilder.ai | NAMER

Amazon DynamoDB Delivery Partners

Aivar Innovations | APAC
Comprinno Technologies | APAC
Flexion | NAMER
KTM ONE | EMEA
Marlocks Technologies | EMEA

Amazon EC2 for Microsoft Windows Server Delivery Partners

Amazon ECS Delivery Partners

Ampity Infotech | APAC | Containers; Serverless Computing
CostQ | NAMER | Containers
Cygnet.One | APAC | Compute; Containers; Serverless Computing
Devoteam | EMEA | Compute; Containers; Serverless Computing
Necko Technologies | EMEA | Compute; Containers; Serverless Computing
Nusummit Technologies | APAC | Compute

Amazon EKS Delivery Partners

Atyos | EMEA
SQUAD | EMEA
XalDigital | LATAM
ZiMetrics | APAC

Amazon EMR Delivery Partners

AICorePro Technology | NAMER
ZiMetrics | APAC

Amazon Kinesis Delivery Partners

TemaBit | EMEA
Zero&One | EMEA

Amazon OpenSearch Delivery Partners

AICorePro Technology | NAMER | Log Analytics; Search
Business Compass | NAMER | Search
Cirrusgo | EMEA | Search

Amazon RDS Delivery Partners

知鱼智联科技股份有限公司 (CORECLOUD (HK) TECHNOLOGY) | China | Amazon RDS for MySQL
Aivar Innovations | APAC | Amazon RDS for PostgreSQL
Almoayyed Computers Middle East | EMEA | Amazon Aurora PostgreSQL
ASSURE IT | LATAM | Amazon RDS for MySQL
Bion Solutions | EMEA | Amazon Aurora PostgreSQL
CLOUD CHARIOTS | EMEA | Amazon RDS for MySQL
Cognitivo AI | LATAM | Amazon RDS for PostgreSQL
Enuaba Technologies | EMEA | Amazon Aurora MySQL; Amazon Aurora PostgreSQL
Frontier Business Systems | APAC | Amazon Aurora MySQL; Amazon RDS for MariaDB
NOVA Cloud | NAMER | Amazon Aurora MySQL
SK Inc. | APAC | Amazon Aurora PostgreSQL; Amazon RDS for PostgreSQL
Tuxpas | LATAM | Amazon Aurora PostgreSQL; Amazon RDS for PostgreSQL

Amazon Redshift Delivery Partners

Ancrew Global Services | APAC
DBiz Solutions | APAC
RYSUN LABS | NAMER
XalDigital | LATAM

AWS CloudFormation Delivery Partners

One Cloud Utopia | NAMER
ZirconTech | NAMER

AWS Config Delivery Partners

4STRATEGIES | LATAM
Aivar Innovations | APAC
dataRain Consulting | LATAM
Digico Solutions | EMEA
Kolomolo | EMEA
Necko Technologies | EMEA

AWS Control Tower Delivery Partners

AICorePro Technology | NAMER | Containers; Databases; Infrastructure as a Service; Security
Cloud Family AB | EMEA | Security
Enuaba Technologies | EMEA | Migration
Galactic Network | APAC | Databases; Migration; Security; Storage
Insight Enterprises | NAMER | Security
KTM ONE | EMEA | Security; Serverless
Lussiv | NAMER | Migration
Mayhive | EMEA | Migration
Searce | NAMER | Migration; Networking; Security

AWS Database Migration Service (DMS) Delivery Partners

Applify | NAMER
Clerion | EMEA
CloudifyOps | APAC

AWS Direct Connect (ISV and SI)

Atyos | EMEA
TemaBit | EMEA

AWS Glue Delivery Partners

Enuaba Technologies | EMEA
Hostin Services | APAC
RAMBUNCT CONSULTING | EMEA
RYSUN LABS | NAMER
The Black Puma | LATAM

AWS Graviton Delivery Partners

Aivar Innovations | APAC
HexaIO Kft. | EMEA
Maximyz Cloud | APAC

AWS IoT Core Delivery Partners

Yalantis | EMEA

AWS Service Catalog Delivery Partners

EVOLVENX | LATAM

AWS Systems Manager Delivery Partners

Aivar Innovations | APAC
dataRain Consulting | LATAM
Fixel Bilgi Iletisim Hiz AS | EMEA
KTM ONE | EMEA
Whistlemind Technologies | APAC

AWS Transfer Family Delivery Partners

Ampity Infotech | APAC
KTM ONE | EMEA

More Value, Greater Profitability for AWS Partners

Learn how AWS is transforming the partner experience >>

Transform CTEM with Zafran’s threat exposure management platform on AWS

Sriram Mohan — Fri, 06 Feb 2026 08:48:07 +0000

By: Len Gomes – AWS Partner Solutions Architect
By: Sriram Mohan – AWS Cloud Architect
By: Yonatan Zerahia – Zafran Director of Product
By: Nick Fisher – Zafran VP of Marketing

ZAFRAN

Vulnerability management has evolved beyond traditional scanning. Modern threat exposure management requires constant, AI-powered approaches that use Amazon Web Services (AWS) security services. Continuous threat exposure management (CTEM) represents a fundamental shift in how organizations address vulnerability management challenges across cloud, hybrid, and on-premises environments. Security teams struggle to manage vulnerabilities while sophisticated threat actors accelerate attack methods. Traditional vulnerability management with periodic scans and Common Vulnerability Scoring System (CVSS) based patching can’t keep pace with current attack patterns. Organizations need a new operating model that is continuous, contextual, and tightly aligned with business priorities.

This post explores how Zafran’s Threat Exposure Management Platform uses generative AI and AWS services to revolutionize vulnerability management through CTEM, so organizations can close the critical period between vulnerability discovery and risk reduction, referred to as the exposure window.

The vulnerability management challenge

As organizations adopt cloud innovations and expand their technology portfolios, their vulnerability to attack grows exponentially. Security teams struggle against both overwhelming volumes of findings and accelerating attack timelines, with threat actors exploiting vulnerabilities within only 5 days of publication and sometimes minutes when using AI tools.

Traditional vulnerability management approaches fail in this environment, creating a widening exposure window between discovery and remediation. Legacy scanners compound this problem through blind spots, fragmented data, and performance impacts across heterogeneous infrastructure. The most dangerous aspect is that attackers now preferentially target CVSS Medium-severity vulnerabilities over Critical and High-severity ones combined. This renders conventional severity-based prioritization ineffective, demanding a fundamental shift from periodic scanning to continuous, context-aware threat exposure management.

Introduced by Gartner in 2022, CTEM reframes vulnerability management through five stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. The CTEM framework focuses finite security resources on exposures most likely to be exploited in specific environments. The following graphic illustrates the constant cycle of moving through these five stages.

Figure 1: Five stages of CTEM

	Traditional vulnerability management	CTEM
1	Periodic scans	Continuous discovery
2	Generic CVSS severity	Contextual exploitability with runtime analysis
3	Service level agreement (SLA)-driven patching	Risk-driven mitigation and remediation
4	Limited business context	Alignment with critical business services

CTEM helps chief information security officers (CISOs) improve mean time to remediate (MTTR), maintain audit readiness, and prevent breaches through context-aware, continuous operations.

Zafran’s solution: A CTEM engine for hybrid-cloud environments

Zafran’s Threat Exposure Management Platform operationalizes CTEM across AWS services, on premises, and for multi-cloud estates. The Zafran platform is a cloud-based architecture hosted on AWS. Zafran’s architecture uses AWS services for scalability, performance, and reliability.

The platform uses Amazon Bedrock for AI-powered remediation guidance, Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation for scalable vulnerability data storage, AWS Lambda and Amazon EventBridge for real-time workflow orchestration, and Amazon API Gateway with AWS Identity and Access Management (IAM) for secure tool integration.

This architecture delivers elastic scalability, processing vulnerability data across hundreds of thousands of assets while maintaining subsecond query response times. For AWS customers, this means rapid onboarding through API-only, agentless integration and elastic processing for even the largest vulnerability datasets. The following diagram illustrates this architecture.

Figure 2: Zafran Threat Exposure Management Platform cloud-based AWS architecture

Unified exposure graph

Zafran processes signals from multiple security sources. These include vulnerability scanners, endpoint detection and response (EDR) tools, and cloud-based application protection platforms (CNAPP). The Zafran platform also integrates with firewalls and configuration management databases (CMDBs). Zafran creates a unified exposure graph that maps assets, common vulnerabilities and exposures (CVEs), MITRE ATT&CK techniques, and compensating controls, providing a single source of truth for vulnerability data.

Zafran integrates with your existing AWS security infrastructure through API connections, including:

Vulnerability management – Tenable, Qualys, Rapid7, Amazon Inspector

Cloud security (CNAPP) – Wiz, Prisma Cloud, Orca Security, AWS Security Hub

Endpoint protection (EDR) – CrowdStrike, Microsoft Defender, Trend Micro, SentinelOne

Network security – Palo Alto Networks, Fortinet, Cisco

Identity providers – Okta, Microsoft Entra ID (Azure AD), IAM

Ticketing and Security Orchestration, Automation, and Response (SOAR) – Jira, ServiceNow, Splunk

This agentless, API-based approach enables deployment in minutes without infrastructure changes or performance impact on production systems. Security analysts gain visibility into potential attack paths across the environment.

Contextual prioritization

Instead of relying solely on CVSS scores, Zafran evaluates exploitability using five environmental signals:

1. Runtime presence – Is the vulnerable component running?

2. Internet reachability – Is the asset exposed externally?

3. Active threat intelligence – Are attackers actively exploiting this CVE?

4. Control posture – Do web application firewall (WAF), next generation firewall (NGFW), or EDR policies block exploitation?

5. Business criticality – Does the asset support mission-critical workloads?

This contextual approach reduces false critical findings by 90%, so security and IT teams can focus resources on actual risk. The following screenshot shows the tool providing contextual risk scoring.

Figure 3: Contextual risk scoring reduces CVSS 9.2 Critical to 5.9 Medium

Proactive exposure hunting

Beyond reactive vulnerability management, security teams can use Zafran to proactively hunt for exposures before attackers exploit them. The platform answers critical questions that traditional scanners can’t:

Threat actor exposure – Am I exposed to RegreSSHion vulnerability or threats from APT29 or BlackBasta? Zafran surfaces high-profile vulnerabilities and reveals your specific exposure, enabling rapid deployment of fixes or mitigations.
Security control gaps – Am I exposed to gaps in CrowdStrike coverage? Zafran identifies gaps in security control coverage and exposures from vulnerable or outdated agents across your endpoint protection.
Identity misconfiguration – Am I exposed to identity attacks? Through integrations with identity providers such as Okta or Entra ID, Zafran discovers misconfiguration such as root users without multi-factor authentication (MFA).

These proactive hunting capabilities help security operations center (SOC) teams, threat intelligence teams, and incident response teams stay ahead of attackers by identifying and mitigating exposures before they become incidents.

Rapid risk mitigation

When patching requires extended change windows, Zafran prescribes fast mitigations through existing security controls, such as WAF rules, EDR policies, and CNAPP guardrails. This approach removes lengthy patch cycles from the critical path for immediate risk reduction. The following screenshot shows a CheckPoint Firewall policy change mitigating 20,000 vulnerabilities across 128 assets, demonstrating rapid risk reduction without patching.

Figure 4: CheckPoint Firewall

Agentic Remediation

CTEM’s fifth phase, Mobilization, represents where vulnerability management programs often stall. Tickets accumulate, ownership remains unclear, and MTTR increases. Zafran’s Agentic Remediation solves this challenge with AI-powered automation. Zafran’s generative AI engine, powered by Amazon Bedrock, consolidates overlapping CVEs into streamlined, high-fidelity tickets containing clear, step-by-step remediation actions. This eliminates redundant work and reduces noise for remediation teams. The following screenshot shows the UI for the remediation workflow with step-by-step patching.

Figure 5: Remediation workflow with step-by-step patching

Policy-driven assignment

Automate the assignment and delivery of remediation tickets to the appropriate responsible parties. Through administrator-defined rules, remediation tasks are automatically routed to the correct owners in platforms like Jira or ServiceNow, eliminating manual triage efforts and substantially reducing mean time to communicate (MTTC). This intelligent routing ensures faster response times and more efficient vulnerability management workflows.

Progress and SLA tracking

Zafran tracks MTTR, SLA deadlines, and residual risk in unified dashboards, providing CISOs with real-time evidence of program effectiveness for executive reporting and audit preparation. As patches deploy or mitigations activate, Zafran automatically re-scores exploitability and updates stakeholders, closing the loop between security and IT operations teams.

Real-world results

Organizations implementing Zafran’s CTEM solution across healthcare, manufacturing, and financial services report measurable security improvements:

A healthcare organization with over 50,000 employees and 200,000 assets reduced CVSS Critical vulnerabilities by 94% while measuring the efficacy and return on investment (ROI) of existing security tools
Hospital Sisters Health System (HSHS) reduced urgent vulnerabilities by 87% following implementation of contextual scoring and agentic remediation
Organizations report 90% decrease in false critical findings, 70% fewer remediation tickets through AI-powered deduplication, and workflow creation time reduced from hours to minutes

These results demonstrate measurable improvements in security posture while reducing operational burden on security and IT teams.

What sets Zafran apart?

Zafran delivers a unified Continuous Threat Exposure Management platform purpose-built for modern hybrid cloud environments:

Comprehensive exposure graph – Creates a unified view that maps assets, vulnerabilities, MITRE ATT&CK techniques, and compensating controls. Security teams can understand attack paths and exposure risks in context.
Context-driven prioritization – Reduces false critical findings by 90% by analyzing runtime behavior, network exposure, active threats, deployed controls, and business criticality.
Rapid risk mitigation – Uses existing security controls (such as CNAPP, EDR, and WAF) to prescribe immediate mitigations across thousands of assets, removing lengthy patch cycles from the critical path.
AI-powered remediation – Uses Amazon Bedrock to consolidate overlapping vulnerabilities into streamlined workflows with clear ownership, step-by-step guidance, and automatic SLA tracking.
Agentless deployment – Completes deployment in hours through API connections without infrastructure changes, agent deployment, or performance impact.

Built for AWS customers

Zafran’s architecture delivers specific advantages for organizations running workloads on AWS:

AWS integration offers:

Threat Exposure Management Platform integrates directly with AWS Security Hub for centralized security finding management
Amazon Inspector vulnerability data flows automatically into Zafran’s Exposure Graph
IAM identity analysis identifies misconfigurations like root users without MFA

Cloud-based scalability means that:

Elastic processing through AWS Lambda handles vulnerability datasets from tens to hundreds of thousands of assets
Amazon S3 and Lake Formation provide cost-effective, durable storage for historical exposure data
Multi-Region deployment options support global enterprise requirements

Threat Exposure Management Platform offers deployment flexibility and provides:

Availability through AWS Marketplace with simplified procurement and billing
Support for both multi-tenant SaaS and single-tenant deployment models
GovCloud availability for regulated industries and government agencies

For AWS customers extending security operations across hybrid environments, Zafran provides a unified platform that treats AWS findings (Amazon Inspector, AWS Security Hub, Amazon GuardDuty) alongside on-premises vulnerability data with equal depth and contextual analysis.

Conclusion

Modern vulnerability management demands active, contextual, and automated treatment of risk. CTEM provides the strategic framework; Zafran delivers the operational engine, powered by AWS services, enriched by existing security defenses, and accelerated by Agentic Remediation.

Whether you’re starting a CTEM program or scaling existing vulnerability management operations, Zafran provides the tools for you to:

Identify exactly which vulnerabilities are exploitable in your specific environment
Reduce exposure rapidly using security controls already deployed
Automate remediation workflows with AI-driven intelligence
Demonstrate measurable risk reduction to executives and auditors in real time

The combination of CTEM methodology, AWS Cloud services, and generative AI capabilities represents a fundamental shift in how organizations protect their expanding attack surfaces.

Ready to transform your vulnerability management program? Explore Zafran in AWS Marketplace or request a demo to see Agentic Remediation in action.

Zafran – AWS Partner Spotlight

Zafran is an ISV Partner with AI Software Competency, Zafran Threat Exposure Management Platform automatically maps security findings to controls already in your security stack, so that you know exactly what actions will provide the most risk posture improvement. With Zafran, you can significantly reduce the number of critical vulnerabilities, slash mean time to mitigate, and gain much-needed SLA relief. Contact Zafran | Partner Overview | AWS Marketplace