Threat Intelligence in Cloud Security

☁️ 🛡️ Cloud security is only as strong as the intelligence behind it. Many organizations rely on third-party threat feeds to protect their AWS workloads—but that approach often comes with blind spots, gaps in visibility, and the burden of self-management. What if you could tap directly into Amazon’s own threat intelligence to strengthen your defenses? AWS Network Firewall now integrates with Amazon threat intelligence, enabling you to detect and block active threats with greater precision—without the overhead of maintaining custom rules or external feeds. This shift empowers security teams to: ✔ Enhance visibility across AWS workloads ✔ Respond faster to emerging threats ✔ Streamline firewall management at scale Explore how this built-in protection can improve your security posture: 👉 https://lnkd.in/g_nzvSzz How is your team approaching threat detection in the cloud? Let’s compare notes. ⬇

Recently, AWS disclosed information about the in-house threat intelligence technologies employed to automatically protect its infrastructure against various cyber threats. This intelligence is also made available to customers in security tools like AWS Shield, AWS WAF, and Amazon GuardDuty. Here are 3 recent examples: ▶ MadPot: A network of sensors that mimic potential targets to attract and observe threat actors. MadPot processes over 100 million potential threat interactions daily, identifying about 500,000 as malicious. The system then analyzes this data to gain insights into threat actors' tactics and techniques, helping AWS to detect, monitor, and disrupt cyber threats. https://lnkd.in/dScjE929 ▶ Mithra: A massive internal neural network graph model, with 3.5 billion nodes and 48 billion edges, that assigns reputation scores to domain names, helping identify malicious domains that AWS customers interact with. It processes up to 200 trillion DNS requests per day in a single AWS Region and detects an average of 182,000 new malicious domains daily. Notably, Mithra can predict malicious domains days, weeks, or even months before they appear on third-party threat intelligence feeds. This capability enhances AWS security services like GuardDuty, reduces false positives in threat detection, and provides valuable context for security investigations, allowing AWS to offer more accurate and timely protection against emerging threats. https://lnkd.in/deMdSnh5 ▶ Sonaris: A network telemetry analyzer, that identifies and blocks malicious attempts to connect to multiple customer accounts in search of vulnerabilities. In 12 months, Sonaris demonstrated its effectiveness by denying over 24 billion attempts to enumerate S3 buckets and preventing nearly 2.6 trillion attempts to discover vulnerable services running on customers' Amazon EC2 virtual servers. https://lnkd.in/dU5Vxs-D Follow me for similar posts about AWS and cyber security. #aws #cybersecurity #waf #cloudfront

Yesterday, I worked on an exciting project, deploying a multi-platform honeypot (T-Pot) on an Azure VM to collect real-world threat intelligence. Aim of the Project: This project aimed to deploy an internet-facing honeypot to collect real-world threat intelligence, analyze attack patterns, and identify active threats targeting exposed cloud-based systems. Key Findings: 🔹 46,000+ attack attempts were recorded within 14.5 hours of deployment. 🔹 SSH, SMB, SIP, and RDP were the most attacked services. 🔹 Common brute-force login attempts used weak credentials like "admin", "123456", "root". 🔹 Most attack traffic came from cloud-hosted services (OVH, Google Cloud, DigitalOcean). The full report details all attack patterns, sources, and potential security recommendations. Below is the detailed documentation of the entire process, including setup, configuration, and analysis. If you're interested in deploying a honeypot, this documentation may be helpful! #Cybersecurity #ThreatIntelligence #Honeypots #CloudSecurity #Azure #Infosec

Ever wondered how Amazon generates threat intelligence? Today at #AWSreInvent, Will Bowditch and Saleem Muhammad discussed some of the tools AWS uses to detect and act on millions of potential threats every day, before they become real security issues for customers. After pointing to the scale of protection on AWS (exabytes of data are analyzed every 60 seconds, and thousands of DDoS attacks are mitigated daily), they highlighted three internal intelligence tools: 🌟 Madpot, our sophisticated global honeypot system designed to discover and monitor threat activities, and disrupt them whenever possible. 🌟 Sonaris, an active defense tool that analyzes potentially harmful network traffic so that we can quickly and automatically restrict threat actors who are hunting for exploitable vulnerabilities.  🌟 Mithra, our internal neural network graph model that uses algorithms to detect and predict malicious domains with remarkable accuracy days, weeks, and sometimes even months before they show up on threat intel feeds from third parties. ➡️ Watch the session: https://lnkd.in/gnRdMjWd Learn more about these tools on the AWS Security Blog: 🔗 How AWS threat intelligence deters threat actors: https://lnkd.in/gHJgppM7 🔗 How AWS uses active defense to help protect customers from security threats: https://lnkd.in/gZqMKpBT 🔗 How AWS tracks the cloud’s biggest security threats and helps shut them down: https://lnkd.in/gjJkDhfi #AWS #threatintelligence