Express Computer
Home  »  Guest Blogs  »  How Threat Intelligence Protects Organisations from Security Threats

How Threat Intelligence Protects Organisations from Security Threats

0 133

By Phil Rodrigues, Head of Security, Asia-Pacific and Japan Commercial, Amazon Web Services (AWS)

As Generative AI and digital transformation initiatives continue among a hybrid workforce in the Asia-Pacific region, I am often asked by security professionals how threat intelligence is being gathered and used to help protect sensitive workloads in the cloud. They know that threat intelligence is critical to improving their security posture, but they seek a better understanding to help ensure this intelligence converts to actionable insights that lead to meaningful impact and real business value.

Phil Rodrigues

Using cloud scale to inform threat intelligence

Threat intelligence seeks to help successfully defend against cyberattacks that might otherwise be disruptive and costly. Every day across our cloud infrastructure, we detect and successfully thwart hundreds of confirmed cyberattacks with a global network of sensors and an associated set of disruption tools. The goal is to make it more difficult and expensive for cyberattacks to be carried out against our network and infrastructure. In doing so, we also help make the internet as a whole a safer place by also working with other responsible providers to take action against threat actors operating within their infrastructure.

For example, some years ago, Amazon Web Services (AWS) created a collection of internal cybersecurity tools we call “MadPot,” which is made up of decoy sensors and disruption tools. These tools are today a key component to our threat intelligence strategy. MadPot decoy sensors mimic plausible workloads to attract potential threats, then learn their behaviour. This information is automatically ingested, correlated, and analysed to create actionable intelligence data about potentially harmful activity happening across the internet which we can see attempting to affect us. Using the intelligence data, we automatically nullify data on our networks, swiftly generate automated outbound communications to providers whose infrastructure is being abused for malicious activities, and lastly, rapidly re-invest this knowledge through automated integration with our security services.

To give a sense of scale, here is how swiftly malicious actors work to exploit potential vulnerabilities and test a company’s infrastructure: within about 90 seconds of launching a new decoy, the sensor is “discovered” by probes scanning the internet. From there, it takes only three minutes on average before attempts are made to penetrate and exploit it. This is a very short amount of time, considering these workloads aren’t advertised, or part of systems visible to the public internet. This demonstrates the eagerness and large volume of scanning taking place and the high degree of automation that threat actors employ to find their next target.

Tackling Cyber Threats Globally

Here are two examples of how MadPot has helped protect organisations against malicious actors. In 2022, a MadPot decoy was mimicking a variety of services when a threat actor attempted to exploit what it thought was a vulnerability. This allowed MadPot to gather distinguishing information, which identified the threat group called Sandworm, and also the groups’ attempt to compromise a customer. Using the intelligence, we alerted the customer, and the customer swiftly mitigated the vulnerability, preventing harm.

In another case in May this year, MadPot detected, downloaded, and analysed suspicious signals that identified a malware botnet conducting Distributed Denial of Service (DDoS) attacks to knock websites offline. Once identified, network traffic communication was blocked on the AWS network to protect customers. MadPot also traced the command-and-control server and originating domain registrar, then used automation to send takedown notices to the affected companies without human intervention. Both server hosts and the domain registrar could take down the abused systems within 72 hours. This eliminated the threat actors’ ability to distribute the DDoS malware and made it much more difficult for them to move their command-and-control infrastructure elsewhere.

Security is a Shared Responsibility

Turning global-scale threat intelligence into swift action is just one of the many steps that we take as part of our commitment to making security our top priority. As the digital economy grows, maintaining the security of the cloud and its infrastructure is foundational for innovative technologies such as edge computing and artificial intelligence.

It is imperative that organisations continue to embrace the shared responsibility model for security and work together with partners to better counter complex and mature cyberattacks. Threat intelligence is a cornerstone for businesses around the world to help protect intellectual property and enable new innovative solutions. When companies join together and share insights, it makes it more difficult for threat actors to succeed, and security as a whole improves.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image