Amazon Web Services (AWS) is dedicated to enhancing the security of its enterprise customers by leveraging innovative internal tools such as Sonaris, MadPot, and Mithra. These tools are designed to provide automated cybersecurity defenses that proactively identify and mitigate threats, minimizing the burden on AWS customers.
During a recent interview with TechTarget Editorial, Chris Betz, the Chief Information Security Officer (CISO) at AWS, shed light on the functionality of these internal tools. Sonaris, for instance, scans extensive network traffic to detect malicious scanning and unauthorized connections to AWS infrastructure. Furthermore, MadPot serves as a honeypot system that gathers threat intelligence across AWS services and features automated response capabilities. Notably, MadPot played a crucial role in identifying the infrastructure used by the cybercriminal group Anonymous Sudan, aiding the U.S. Department of Justice in their investigation.
Working in conjunction with Sonaris and MadPot, Mithra acts as a neural network graph model that analyzes domains, detecting an average of 182,000 new malicious domains daily. Betz emphasized the synergy between these internal tools, emphasizing the comprehensive coverage they provide in identifying and defending against a wide range of threats targeted at AWS customers.
The integration of these tools enables AWS to offer automated defenses that operate transparently to customers, without requiring manual intervention. Betz highlighted the importance of actively defending customers against threats and reiterated their goal of safeguarding customers without the need for them to be directly involved in threat mitigation.
Additionally, Betz outlined the alignment between these internal tools and other AWS security offerings, emphasizing the seamless integration and comprehensive protection provided to customers. GuardDuty, another tool that leverages threat intelligence collected by Sonaris, MadPot, and Mithra, operates within customers’ accounts to provide real-time insights and alerts on potential security threats.
In situations where direct customer involvement is necessary, AWS employs a proactive approach to communicate threat intelligence and assist customers in addressing security issues promptly. By collaborating with customer administrators and security contacts, AWS aims to facilitate timely responses to sophisticated threats and ensure the continuous security of customer environments.
Overall, AWS’s proactive cybersecurity strategy, driven by the innovative use of internal tools like Sonaris, MadPot, and Mithra, underscores their commitment to enhancing the security posture of enterprise customers. Through automated defenses and threat intelligence sharing, AWS strives to empower customers to operate securely in the cloud environment while proactively defending against evolving cyber threats.