AWS has introduced a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats. Today, we announce AWS Security Incident Response, a new service designed to help organizations manage security events quickly and effectively. The service is purpose-built to help customers prepare for, respond to, and recover from various security events, including account takeovers, data breaches, and ransomware attacks. Security Incident Response automates the triage and investigation of security findings from Amazon GuardDuty and integrated third-party threat detection tools through AWS Security Hub. It facilitates communication and coordination and provides 24/7 access to security experts from the AWS Customer Incident Response Team (CIRT) who can assist during security events. The service aims to provide customers with more comprehensive support across the phases of the incident response lifecycle, from preparation to detection, analysis, and recovery. Security events are becoming more pervasive and complex for customers. Security teams often face an overwhelming number of daily alerts, leading to potential misplaced priorities of resources and reduced effectiveness. Manual investigation of findings strains resources and may cause customers to overlook critical security alerts. Additionally, coordinating responses across multiple stakeholders, managing permissions in various environments, and documenting actions complicate the process. There is an opportunity to better support customers and remove various points of undifferentiated heavy lifting that customers face during security events. With this service, organizations can reduce the time it takes to respond to security incidents and focus on quickly restoring affected services. The service also helps improve the overall security posture by providing actionable insights into security threats. An example of this is an e-commerce company experiencing a ransomware attack. Using this service, the company can quickly isolate infected systems, limit the spread of the attack, recover from backups, and restore services as quickly as possible.