How AWS secures its infrastructure with Sonaris

David Vance, a senior analyst from ESG Global, offers an explanation, and it has to do with MadPot, the network of honeypots AWS has built into the system.

“Since Sonaris leverages a tremendous amount of threat intelligence gathered from AWS’ threat sensor framework, called MadPot, I believe it can be an effective front-line tool to defend against many different types of AWS attacks going forward,” he said.

This makes sense considering the first-hand threat intelligence AWS commands from its vast infrastructure and how that, coupled with some external telemetry, can be factoring into Sonaris’ ability to sniff out unauthorized attempts at access.

“Once unauthorized traffic is detected, Sonaris connects to AWS services like Amazon GuardDuty, AWS WAF and AWS Shield to automatically and preemptively block malicious access to customer resources and data hosted on AWS,” Vance added, furthering AWS’ case for a fully rounded capability. “It can also detect and alert if customer accounts are accessed by unauthorized users using compromised IAM access keys.”

A new revenue stream?

Despite a strong commercial potential, interestingly, Sonaris has not been packaged into a public facing offering.

Betz said AWS has no plans to turn Sonaris into a commercial offering, though.