is crucial to effective threat intelligence . GuardDuty generates various kinds of findings , potential security issues such as anomalous behaviours when AWS customers interact with domains , with each domain being assigned a reputation score derived from a variety of metrics that rank trustworthiness .
Maintaining a high-quality list of malicious domain names is crucial to monitoring cybercriminal behaviour so that AWS can protect customers . How does AWS accomplish the huge task of ranking ? First , imagine a graph so large , perhaps one of the largest in existence that it is impossible for a human to view and comprehend the entirety of its contents , let alone derive usable insights .
Meet Mithra . Named after a mythological rising sun , Mithra is a massive internal neural network graph model , developed by AWS , that uses algorithms for threat intelligence . With its 3.5 billion nodes and 48 billion edges , Mithra ’ s reputation scoring system is tailored to identify malicious domains that customers come in contact with , so the domains can be ranked accordingly .
From a significant number of DNS requests per day – up to 200 trillion in a single AWS Region alone – Mithra detects an average of 182,000 new malicious domains daily . By assigning a reputation score that ranks every domain name queried within AWS on a daily basis , Mithra ’ s algorithms help AWS rely less on third parties for detecting emerging threats , and instead generate better knowledge , produced more quickly than would be possible by a third party .
Mithra is not only able to detect malicious domains with accuracy and fewer false positives , but this graph is also capable of predicting malicious domains days , weeks , and sometimes even months before they show up on threat intelligence feeds from third parties . This capability means that AWS can see and act on millions of security events and potential threats every day .
Not only is this threat intelligence used to enrich security services that customers rely on , but AWS also reaches out to share critical information with customers and other organisations that AWS believes may be targeted or potentially compromised by malicious actors . Sharing threat intelligence enables recipients to assess information AWS provides , take steps to reduce their risk , and helps prevent disruptions to their business .
When customers are alerted to these kinds of issues , it is the first time they
With a global network and internal tools such as MadPot , AWS receives and analyses thousands of different kinds of event signals in real time .
become aware that they are potentially compromised . After AWS notifies organisations , they can investigate and determine the steps they need to take to protect themselves and help prevent incidents that could cause disruptions to their organisation or allow further exploitation .
These notifications also include recommendations for actions organisations can take , such as to review security logs for specific domains and block them , implement mitigations , change configurations , conduct a forensic investigation , install the latest patches , or move infrastructure behind a network firewall .
These proactive actions help organisations to get ahead of potential threats , rather than just reacting after an incident occurs . This cloud infrastructure gives a unique view of the security landscape and threats that customers face every day . •
42 www . intelligenttechchannels . com