AWS launches Mithra to identify and mitigate malicious domains across its massive system

Date:

Share post:


When a company is the size of Amazon, a lot of bad actors will come after it and its customers, which makes defending the network a monster job. Over the years Amazon has developed a number of strategies, from machine learning and monitoring tools to good old-fashioned phone calling to identify and reduce risks to their network.

The company on Monday announced an umbrella platform, called Mithra, built to handle Amazon scale. The main piece of technology underlying the solution is a massive graph database with 3.5 billion nodes and 48 billion edges, according to C.J. Moses, Amazon’s chief information security officer (CISO).

Moses says in simple terms that Mithra is basically a big funnel. “We have to go from lots of data down to very small amounts of data. The further you get down that funnel, the more you’re able to then have humans become engaged to be able to make the final decisions on what needs to be done,” Moses told TechCrunch.

In some cases, where the software has a strong signal that a domain is bad, humans don’t even need to be involved in the decision making; at Amazon’s scale, taking humans out of the loop when it can is important. “If you get down to where you have strong assurance that a domain is bad, we’re able to take that data and very quickly transition it straight into the systems that protect our environments,” Moses said.

That could involve the web application firewall (WAF), Amazon GuardDuty, the company’s threat detection system or even forwarding the domain in question to the AWS security service team for further review when required. Moses says when you combine Mithra with Sonaris, the company’s network observation platform, it provides a “pretty good defensive net around our AWS and Amazon environments.”

Amazon scale is unique.The company deals with a quarter of all internet traffic every day, according to Moses, and it “observes up to 200 trillion DNS requests in a single AWS Region alone. Mithra detects an average of 182,000 new malicious domains daily.”

The company has been using a combination of AI, ML, algorithms, monitoring and other tooling, but as it grows and scales, it realized it needed to have a single platform dedicated to monitoring the system for malicious domains and snuffing them out whenever possible. That’s where Mithra comes in.

AI plays a big role in a system this large, of course, and the company wouldn’t be able to deal with such a large graph database without AI. “The reality is that AI, in this particular case, or in many cases like this, is exactly the type of technology that you want to use in order to look at large scale amounts of data and identify throughout that data, the things that should be interesting to us,” Moses said. “And we can obviously train the AI to look for the aberrations, to look for the things that are outside of the norm, or those things that we’ve previously seen as malicious.”

The AI models can also help humans make better decisions. “Are we going to block this domain or not? Here’s a preponderance of the data that’s been assembled from Mithra, from Sonaris, from other threat sensors that we have, and then use that AI to coalesce it together into recommendations to the different systems that take the defensive measures,” Moses said.

Generative AI has a role to play because it enables the threat analysts, who are doing the threat hunting, to interact with the data in plain language and get back answers to help understand the situation better. Previously they would have had to run scripts, but generative AI provides a faster way to see what’s happening.

Sometimes, it’s not about shutting down domains, or how sophisticated the tech is, but just being able to pick up the phone and call a fellow CISO about what his team is seeing. “Some of our biggest investment is in making sure we have a very viable CISO network so we can pick up the phone and call someone at 2 a.m. and not have it be a cold call, even if they’re not customers of ours,” he said.

Mithra launched officially on Monday, and it runs on internal systems inside Amazon as opposed to being a service that customers pay for directly.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

‘Wolfs’ sequel canceled because director ‘no longer trusted’ Apple

It may be hard to remember, but George Clooney and Brad Pitt co-starred in a movie, “Wolfs,”...

DOJ tells Google to sell Chrome

Welcome back to Week in Review. This week, we’re exploring the DOJ telling Google to sell off...

Tesla says it has reached a ‘conditional’ settlement in Rivian trade secrets lawsuit

Tesla and Rivian may have resolved a lawsuit in which Tesla accused Rivian of poaching employees and...

The rise and fall of the ‘Scattered Spider’ hackers

After evading capture for more than two years following a hacking spree that targeted some of the...

Trump’s tariff threats don’t scare this Mexican fintech

Mexico’s economic development — turbocharged by the amount of nearshoring in recent years — has made it...

Meet three incoming EU lawmakers in charge of key tech policy areas

The European Union looks to have clinched political agreement on the team of 26 commissioners who will...

OpenAI accidentally deleted potential evidence in NY Times copyright lawsuit (updated)

Lawyers for The New York Times and Daily News, which are suing OpenAI for allegedly scraping their...

Sequoia marks up its 2020 fund by 25%

Sequoia says no exits, no problem. The Silicon Valley titan of venture marked up the value of its...