AWS unveils Mithra to identify and mitigate malicious domains across its massive system

When a company is the size of Amazon, a lot of bad actors will come after it and its customers, which makes defending the network a monster job. Over the years Amazon has developed a number of strategies, from machine learning and monitoring tools to good old-fashioned phone calling to identify and reduce risks to their network.

The company on Monday revealed an internal umbrella platform for the first time that has been in place for several years, called Mithra, which it built to handle Amazon scale. The main piece of technology underlying the solution is a massive graph database with 3.5 billion nodes and 48 billion edges, according to C.J. Moses, Amazon’s chief information security officer (CISO). (Mithra runs on internal systems inside Amazon as opposed to being a service that customers pay for directly.)

Moses says in simple terms that Mithra is basically a big funnel. “We have to go from lots of data down to very small amounts of data. The further you get down that funnel, the more you’re able to then have humans become engaged to be able to make the final decisions on what needs to be done,” Moses told TechCrunch.

Moses says when you combine Mithra with Sonaris, the company’s network observation platform, it provides a “pretty good defensive net around our AWS and Amazon environments.”

Amazon scale is unique.The company deals with a quarter of all internet traffic every day, according to Moses, and it “observes up to 200 trillion DNS requests in a single AWS Region alone. Mithra detects an average of 182,000 new malicious domains daily.”

The company has been using a combination of AI, ML, algorithms, monitoring and other tooling, but as it grows and scales, it realized it needed to have a single platform dedicated to monitoring the system for malicious domains and snuffing them out whenever possible. That’s where Mithra comes in.