incident_management · saas · workflow

Trellix lowers cost and increases speed with Amazon Nova Micro and Nova Lite for threat investigation

Security teams face talent and budget constraints that force them to prioritize which threats to investigate, limiting coverage of new threats. With growing adoption of Trellix Wise, the cost structure of running Claude Sonnet-based investigations at scale became a concern.

How it works
Common implementation structure
How this type of workflow is generally built, generalized across documented cases — not tied to any one vendor's stack. Click any stage to read what happens there. Specific products that implement these stages appear in “Tools commonly seen” below.
Stage 1 · Security events ingested
Billions of security events collected from monitored environments are stored in Amazon OpenSearch Service.
Tools used
Trellix WiseAmazon BedrockAmazon Nova MicroAmazon Nova LiteClaude SonnetAmazon OpenSearch ServiceAmazon Bedrock Knowledge Bases
Outcome

Amazon Nova Micro delivered inferences three times faster and at nearly 100-fold lower cost; by running multiple inferences, Trellix lowered investigation costs by a factor of 30 while maximizing data coverage. The approach is now deployed in a limited pilot environment with a phased production rollout underway.

Results
Volumethree times faster
Cost replacednearly 100-fold lower cost
Source

https://aws.amazon.com/blogs/machine-learning/trellix-lowers-cost-increases-speed-and-adds-delivery-flexibility-with-cost-effective-and-performant-amazon-nova-micro-and-amazon-nova-lite-models?tag=soumet-20

How we source this →

Grounding & classification
Source type: technical build writeup
30 fields verified against source quotes.
agentic workflowanomaly detectionpredictive analyticsragknowledge basehuman review describedmetric backednamed customerproduction runtime claimedtools describedvendor confirmedworkflow describedsoftwarecost reductioncycle time reductionthroughput increasetechnical build writeupcompliance monitoringincident managementmonitor detect alertrag answering