Andrea Malagotti, CTO of Sonar, discusses how the company successfully transitioned from on-premise to SaaS, leveraging AWS partnership and maintaining focus on developer-centric code quality and security solutions.

Topics Include:

• Andrea Malagotti is CTO of Sonar, guest on podcast
• Sonar founded 16+ years ago by three software engineers
• Founders wanted to help developers understand code quality issues
• Focus on giving developers precise, actionable insights for improvement
• Products include SonarQube Server, Cloud, and IDE versions
• Recent acquisitions: ACR, Tidelift, and Structure 101 companies
• SaaS journey began seven years ago with SonarQube Cloud
• Initially targeted individual developers, then expanded to enterprises
• Now multi-region with comprehensive enterprise features available
• Seven million developers rely on Sonar's solutions globally
• 400,000 organizations and 28,000 enterprise customers use Sonar
• Started SaaS to test market demand, not assumptions
• Engaged customers early to understand migration requirements needed
• Recommends alpha versions with design customers for feedback
• Free tier for open-source code enables quick trial
• Enterprise certifications (ISO 27001, SOC 2) build trust
• AWS partnership includes enterprise support and technical resources
• Used CDK for infrastructure-as-code, experienced early adoption challenges
• Multi-region strategy should be considered from the beginning
• AWS Learning partnership certified all engineers in cloud
• Cloud enables faster development cycles than traditional infrastructure
• Recommends avoiding architectural one-way doors during transition
• Consider data residency requirements for global customer base
• AI-generated code creates productivity gains but needs validation
• Sonar provides deterministic rules for AI-generated code review
• Working on MCP protocol and AI code quality solutions
• Security approach is "start left" not "shift left"
• Advanced Security offering includes dependency scanning and vulnerabilities
• Available on sonarsource.com and AWS Marketplace
• Free tier offers 50,000 lines of code analysis

Participants:

• Andrea Malagodi – Chief Technical Officer, Sonar

Further Links:

• Website: www.sonarsource.com
• Sonar in the AWS Marketplace

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Kanaiya Vasani, Chief Product Officer, explains how ExtraHop leverages AWS services and generative AI to help enterprise customers address the growing security challenges of uncontrolled AI adoption.

Topics Include:

• ExtraHop reinventing network detection and response category
• Platform addresses security, performance, compliance, forensic use cases
• Behavioral analysis identifies potential security threats in infrastructure
• Network observability and attack surface discovery capabilities included
• Application and network performance assurance built-in features
• Traditional IDS capability with rules and IOCs detection
• Packet forensics for investigating threats and wire evidence
• Cloud-native implementations and compromised credential investigation support
• ExtraHop partnership with AWS spans 35-40 different services
• AWS handles infrastructure while ExtraHop focuses core competencies
• ExtraHop early adopter of generative AI in NDR
• Natural language interface enables rapid data access queries
• English questions replace complex query languages for users
• Agentic AI experiments focus on SOC automation workflows
• L1 and L2 analyst workflow automation improves productivity
• Shadow AI creates major risk concern for customers
• Uncontrolled chatbot usage risks accidental data leakage
• Governance structures needed around enterprise gen AI usage
• Visibility required into LLM usage across infrastructure endpoints
• AI innovation pace challenges security industry keeping up
• Models evolved from billion to trillion parameters rapidly
• Traditional security tools focus policies, miss real-time activity
• "Wire doesn't lie" - network traffic reveals actual behavior
• ExtraHop maps baseline behavior patterns across infrastructure endpoints
• Anomalous behavioral patterns flagged through network traffic analysis
• MCP servers enable LLM access through standardized protocols
• Stolen tokens allow adversaries unauthorized MCP server access
• Machine learning identifies anomalous traffic patterns L2-L7 protocols
• Gen AI automates incident triage, investigation, response workflows
• Best practices include clear policies, governance, monitoring, education

Participants:

• Kanaiya Vasani – Chief Product Officer, ExtraHop Networks

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Notes:

Cribl’s Field CISO Ed Bailey discusses how customers can manage the quality and quantity of data by providing intelligent controls between data sources and destinations.

Topics Include:

• Cribl company name origin
• Company helps organizations screen data to find valuable insights
• Ed Bailey was Cribl's first customer back in 2018
• Data growth of 25% yearly created seven-figure cost increases
• CEOs and CIOs complained about explosive data storage costs
• Users demanded more data while budgets remained constrained
• Bailey discovered Cribl through a random Facebook advertisement
• Cribl Stream sits between data sources and destinations
• No new agents required, uses existing infrastructure connections
• Reduced data growth from 28% to 8% within year
• Development cycles shortened from six weeks to two weeks
• Bailey managed global security and telemetry data systems
• Operated large Splunk instance across forty different countries
• Team spent time collecting data instead of extracting value
• Cribl provided consistent data control plane for operations
• Smart engineers could focus on machine learning solutions
• Migrated from terrible SIEM to better security platform
• Data strategy should focus on business requirements first
• Not all data has the same business value
• Tier one: Critical data goes to expensive platforms
• Tier two: Important data stored in cheaper lakes
• Tier three: Compliance data in low-cost object storage
• SIEM costs around one dollar per gigabyte stored
• Data lakes cost twelve to eighteen cents per gigabyte
• Object storage costs fractions of pennies per gigabyte
• AWS partnership provides scalable infrastructure for rapid growth
• EC2, EKS, and S3 are heavily utilized services
• Cribl Search finds data directly in object storage
• Avoids costly data movement for search and analysis

Participants:

• Edward Bailey – Field CISO, Cribl

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Saviynt Co-Founder Amit Saha discusses how their AWS partnership has enabled the identity security company to deliver comprehensive identity protection while minimizing organizational friction.

Topics Include:

• Saviynt is leading identity security provider in market
• Secures human, non-human, workforce, and privileged access identities
• Eliminates friction while automating organizational access management processes
• Biggest challenge: reducing friction in new access processes
• Second challenge: visibility into accumulated technical debt problems
• Lost business context makes access permissions difficult to unwind
• Saviynt provides quick visibility to prioritize identity risks
• Shadow IT creates ungoverned workloads and cloud applications
• Need integration with asset management and cloud providers
• Must derive intelligence from multiple disconnected information sources
• AWS partnership provides access to prolific customer base
• AWS security owners are same buyers for Saviynt
• Eleven-year AWS relationship with early security competency
• ISV Accelerate program connects with sellers and architects
• Rising Star program helps stand out in crowded marketplace
• Find mutual customers for successful AWS partnership stories
• GenAI in bad actors' hands compromises customer security
• Product engineering uses GenAI tools for better quality
• Agentic AI creates new paradigm between human/non-human identities
• Agentic AI requires dynamic, fluid access management approaches
• AI agents can generate their own bots needing access
• Zero trust principles needed at broader scale for AI
• Next twelve months: getting ahead of GenAI curve
• New AWS services launch daily in GenAI space
• Contributing to new standards like MCP and A2A protocols
• AWS Marketplace simplifies procurement and buyer discovery processes
• EDP program and migration incentives benefit ISV transactions
• AWS developer-friendly startup programs accelerate time to market
• Cloud-native approach enables predictable scaling and AWS integration
• AWS-Saviynt partnership aims for once-in-generation security impact

Participants:

• Amit Saha – Co-Founder and Chief Growth Officer, Saviynt

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Chief Architect Russell Leighton discusses how Panther's cloud platform revolutionizes security operations by treating detections as Python code and AI enabled alert vetting turning responses from hours into minutes.

Topics Include:

• Panther is a cloud security monitoring tool (cloud SIEM)
• Works at massive scale, more cost-effective than legacy systems
• Key differentiator: "detections as code" written in Python
• Brings software engineering best practices to security operations
• Enables unit testing and version control for security detections
• Recently adopted generative AI to improve security workflows
• SOC burnout is renowned due to tedious ticket processing
• AI has intelligence of security engineer, works much faster
• Example: Alert shows "Russ Leighton removed branch protection"
• Old way: Manual log analysis, checking user profiles manually
• Takes hours of squinting at detailed log data
• New AI way: Automatic vetting happens in minutes
• AI checks user profile in Okta or IDP
• Determines engineer status, assesses typical behavior patterns
• Provides risk assessment based on historical alert data
• Low risk for engineers, high risk for unusual users
• Example: HR person accessing production code is escalated
• Customer quote: Takes vetting "from hours to seconds"
• Panther customers get dedicated AWS accounts for security
• Company can't see customer data, only self-reported metrics
• AI provides summaries, risk assessments, timelines, visualizations
• Also suggests remediations like human security engineer would
• Initial concerns about putting AI in production environment
• Customer feedback exceeded expectations with feature requests
• AWS Bedrock integration addresses customer security concerns
• Uses Anthropic Claude as base LLM through Bedrock
• Customers can enable additional Bedrock guardrails independently
• AI transparency prevents hallucination concerns through explanations
• Claude's extended thinking mode shows reasoning process
• AI visualizes thinking with flowcharts explaining decision process

Participants:

• Russell Leighton – Chief Architect, Panther

Further Links:

• Website: Panther.com
• AWS Marketplace

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Security leaders from Anthropic and AWS discuss how agentic AI is transforming cybersecurity functions to autonomously handle everything from code reviews to SOC operations.

Topics Include:

• Agentic AI differs from traditional AI through autonomy and agency
• Traditional AI handles single workflow nodes, agents collapse multiple steps
• Higher model intelligence enables understanding of broader business contexts
• Agents make intelligent decisions across complex multi-step workflows processes
• Enterprise security operations are seeing workflow consolidation through GenAI
• Organizations embedding GenAI directly into customer-facing production applications
• Software-as-a-service transitioning to service-as-software through AI agents
• Securing AI requires guardrails to prevent hallucinations in applications
• New vulnerabilities appear at interaction points between system components
• Attackers target RAG systems and identity/authorization layers instead
• LLMs hallucinate non-existent packages, attackers create malicious honeypots
• Governance frameworks must be machine-readable for autonomous agent reasoning
• Amazon investing in automated reasoning to prove software correctness
• Anthropic uses Claude to write over 50% of code
• Automated code review systems integrated into CI/CD pipelines
• Security design reviews use MITRE ATT&CK framework automation
• Low-risk assessments enable developers to self-approve security reviews
• 40% reduction in application security team review workload
• Anthropic eliminated SOC, replaced entirely with Claude-based automation
• IT support roles transitioning to engineering as automation replaces frontline
• Compliance questionnaires fully automated using agentic AI workflows
• ISO 42001 framework manages AI deployment risks alongside security
• Executive risk councils evaluate AI risks using traditional enterprise processes
• AWS embeds GenAI into testing, detection, and user experience
• Finding summarization helps L1 analysts understand complex AWS environments
• Amazon encourages teams to "live in the future" with AI
• Interview candidates expected to demonstrate Claude usage during interviews
• Security remains biggest barrier to enterprise AI adoption beyond POCs
• Virtual employees predicted to arrive within next 12 months
• Model Context Protocol (MCP) creates new supply chain security risks

Participants:

• Jason Clinton – Chief Information Security Officer, Anthropic
• Gee Rittenhouse – Vice President, Security Services, AWS
• Hart Rossman – Vice President, Global Services Security, AWS
• Brian Shadpour – GM of Security and B2B Software Sales, AWS

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

Spryker’s Chief Product Officer, Elena Leonova, discusses the Spryker Business Intelligence platform and how working with AWS as a strategic advisor unlocked deeper opportunities for transformative growth.

Topics Include:

• Elena Leonova introduces Spryker as digital commerce platform
• Spryker focuses on sophisticated B2B commerce transactions
• Traditional industries: manufacturing, industrial goods, med tech
• Customers sell complex equipment like MRI machines, tractors
• Products are custom-built to order through procurement processes
• Extensive negotiation and aftermarket servicing are required
• Competitors focus on fashion, food - not complex equipment
• Spryker exclusively hosted on AWS cloud infrastructure
• AWS partnership enables new capabilities and customer innovation
• Business intelligence tools and AI capabilities now available
• Ricoh example: global manufacturer of industrial-grade printers
• Ricoh sells through dealers and distributors worldwide
• S-Diverse: new automotive software marketplace partnership platform
• Connects automotive manufacturers with embedded software producers
• Spryker Business Intelligence powered by Amazon QuickSight launched
• Commerce becoming more intelligent than traditional repeat purchases
• Complex equipment buyers don't purchase MRI machines weekly
• Platform provides insights into customer portal navigation patterns
• Combines commerce data with search, CRM, competitive intelligence
• Helps merchants identify revenue optimization signals from noise
• Business intelligence integrated directly within Spryker platform
• Customers should evaluate platform's future scalability and flexibility
• Revenue optimization requires understanding what metrics to improve
• Easy-to-use data analysis prevents information overload problems
• QuickSight's GenAI capabilities enable faster executive decision-making
• AWS partnership provided cost optimization and innovation confidence
• Elena initially viewed AWS as just hosting provider
• Building shared vision with AWS unlocked deeper collaboration
• AWS became trusted advisor for strategy and partnerships
• Generative AI enables multi-persona communication across customer types

Participants:

• Elena Leonova – Chief Product Officer, Spryker

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/