Using an in-house tool called Sonaris, Amazon keeps an eye on its systems all the time to prevent data breaches.
AWS's public cloud architecture is used every year to protect clients from countless malicious attempts to gain access to their resources.
The detector's existence was disclosed by the cloud giant last week at its security-focused event, AWS Re:Inforce. Between May 2023 and April 2024, the system blocked over 24 billion attempts to access customer data in Amazon Simple Storage Service (Amazon S3), and around 2.6 trillion attempts to exploit vulnerable services on customers' virtual servers in Amazon Elastic Compute Cloud (EC2).
The detector is called Sonaris, a name inspired by the IT-themed TV show Halt and Catch Fire. The show featured a tool called Sonaris used for exploring computer networks.
Chris Betz, the business's Chief Information Security Officer, explained that Sonaris is an internal tool within AWS. It was designed to identify and prevent any unauthorized or potentially harmful attempts to access AWS resources. The infrastructure of AWS serves as a sensor, he continued, offering a comprehensive and wide-ranging perspective on possible dangers. This feature helps AWS protect its users and enhance internet security by allowing it to respond to hostile attempts promptly and effectively.
It's odd that Sonaris hasn't been bundled into a product that the public can access, despite having significant economic potential. But according to Betz, AWS has no intentions to make Sonaris available for purchase.
Betz says this feature easily works with their products and uses AWS infrastructure to find threats and attackers. He went on to say that they use Sonaris to safeguard their clients rather than sell it.
While rival cloud behemoths like Google Cloud and Microsoft Azure provide commercial alternatives like Google Cloud Armour and Azure DDoS protection, respectively, AWS' Sonaris is completely internal and is solely meant to protect workloads hosted on AWS for the time being.
