Defending a company the size of Amazon is a daunting task, with so many bad actors targeting the company and its customers. Over the years, Amazon has developed a variety of strategies to identify and mitigate risks to its network, from machine learning and monitoring tools to old-fashioned phone calls.
The company on Monday unveiled a comprehensive platform called “Mithra” that is built for Amazon's scale. The key technology behind the solution is a massive graph database with 3.5 billion nodes and 48 billion edges, according to Amazon CISO CJ Moses.
Simply put, Moses says, Mithra is essentially a big funnel: “You have to narrow down a lot of data to a very small amount of data. The deeper you go into the funnel, the more humans can get involved and make the final decision on what to do,” Moses told TechCrunch.
If the software has a strong signal that a domain is fraudulent, sometimes a human doesn't even need to be involved in the decision-making. At Amazon's scale, it's important to keep humans out of the loop when possible. “Once we get high confidence that a domain is fraudulent, we can take that data and move it very quickly directly into systems that protect our environment,” Moses says.
This could include using a web application firewall (WAF), Amazon GuardDuty, the company's threat detection system, or, if necessary, forwarding the domain in question to the AWS Security Services team for further investigation. Moses says that combining Mithra with the company's network monitoring platform, Sonaris, “builds a really good web of defense around your AWS and Amazon environments.”
Amazon's scale is unique: Moses says the company handles a quarter of all Internet traffic every day, “monitoring up to 200 trillion DNS requests in one AWS region alone. Mithra detects an average of 182,000 new malicious domains every day.”
Historically, the company has used a combination of AI, ML, algorithms, monitoring, and other tools, but as it grew and scaled, it realized it needed a single, dedicated platform to monitor its systems for malicious domains and eliminate them where possible. Enter Mithra.
Of course, AI plays a big role in a system this large, and the company couldn't handle such a large graph database without it. “In fact, in this case, or many cases like this, AI is the type of technology we want to use to look at these huge amounts of data and identify what might be interesting to us across that data,” Moses said. “And we can certainly train it to look for anomalies, or things that are outside the norm, or things that we might have previously considered malicious.”
AI models also help humans make better decisions: “Should I block this domain? We have a ton of data collected from Mithra, Sonaris and other threat sensors, and we synthesize that with AI to make recommendations to various systems that take defensive action,” Moses said.
The role of generative AI is to allow threat analysts who are doing threat hunting to interact with the data in plain language and get answers that help them better understand the situation. Whereas previously you would have had to run scripts, generative AI allows you to understand what's going on more quickly.
Sometimes it's not about shutting down a domain or how sophisticated the technology is, but about being able to pick up the phone and reach a fellow CISO and tell them what his team is seeing. “One of our biggest investments has been to establish a very actionable CISO network and be able to pick up the phone and reach someone at 2 a.m., even if they're not one of our customers, so it's not a cold call,” he says.
Mithra officially launched on Monday and will run on Amazon's internal systems rather than being a service that customers pay for directly.