Amazon’s e-commerce platforms and cloud services form a digital ecosystem requiring a strong cybersecurity framework.
Amazon, which has a vast online presence covering multiple domains and services, is at great risk of being attacked by advanced cyber threats.
For this reason, Amazon uses an innovative mixture of the latest technologies and old security measures to protect against these vulnerabilities.
Besides this, recently, AWS launched Mithra to detect malicious domains across systems.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
AWS Launches Mithra
Detecting and responding to cyberattacks in real-time using its global cloud infrastructure is what AWS does best.
MadPot, a global honeypot network, and Mithra, a massive neural network graph model with 3.5 billion nodes, are some of the AI-based tools that it uses for this purpose.
By handling trillions of DNS requests per day, they can identify an average of 182,000 new malicious domains each day, which in most cases precedes third-party feeds by months.
As such, this high-definition threat intel can be seen in Amazon GuardDuty and other services, as well as automatically protecting millions of customers’ AWS accounts against next-gen cyber threats.
In the following ways, the Mithra can be used:-
- Use a high-confidence list of malicious domains in GuardDuty for protection.
- Block malicious domains and receive threat alerts with GuardDuty.
- Reduce false positives with Mithra’s scores in third-party threat feeds.
- Mithra’s scores can be used by the AWS security analysts for additional context in investigations.
Mithra acts like a huge pipe that swallows up data since it can process 200 trillion DNS requests each day in a single Amazon Web Services region.
This platform, which utilizes machine learning, detects about 182,000 new malicious domains per day due to Amazon’s vast network, which handles 25% of global internet traffic.
Mithra has built-in responses to bad signals left by attackers without human interference, which increases its efficiency.
It also integrates with multiple AWS security services, such as WAF and Amazon GuardDuty, leading to full coverage.
Proactively protecting both customers and non-customer organizations, AWS actively uses its wealth of threat intelligence.
AWS’s affected parties are alerted to such potential compromises as vulnerabilities and misconfigured systems which AWS identifies promptly at times making them first aware of such issues.
Further details regarding the alerts include actionable recommendations like blocking specific domains, implementing security patches, or conducting forensic investigations.
That means companies can prevent attacks rather than simply reacting to events in this way.
Moreover, AWS encourages a collaborative security ecosystem that enables informed entities to share IOCs as well as attack vectors such as social engineering techniques, phishing campaigns, zero-day exploits, and remote code execution methods.
By enabling this kind of information sharing between it and other organizations in response to threats, AWS’s threat intelligence is enhanced further.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide
