Did you know that ignorance is bliss? When I was in school, I didn’t think about cybersecurity at all, and had a devil-may-care approach to internet browsing. But since my first day at Plixer a few years ago, I’ve become much more aware of keeping my personal devices and information safe. As a result, I want to know every process that’s running on my computer and every host it’s connecting to.
But then some days a traffic report will look like this:
Why is everyone connecting to amazonaws.com? And what is Amazon AWS anyway? It seems that many people are unfamiliar with this ubiquitous domain.
Connecting to amazonaws.com isn’t bad—necessarily
AWS stands for Amazon Web Services. Over one million customers around the world use AWS as a content delivery network (CDN). This means that when you access certain organizations’ content online, you’re accessing it from Amazon’s data centers rather than a data center owned by that organization. It’s beneficial for everyone; the organization doesn’t have to spend resources on hosting content themselves, and you get to enjoy faster download speed. Part of the reason for the latter is that AWS has data centers distributed globally, so you can download from the one physically nearest to you.
Take for example one of AWS’s prominent customers, Netflix. When I remember their introduction of streaming in 2007, I remember waiting for a lot of buffering. Do you hate when your movie is continually interrupted as much as I do? It was one of the worst things about an otherwise great service.
But in 2009, Netflix started to switch over to AWS. It makes perfect sense—Netflix has customers all over the world. By using a CDN, they don’t have to take on the massive cost of building global data centers, and their customers have a good experience no matter where they live. Now I seldom have to wait for buffering.
What does this mean for network traffic analysis?
Although the users, organizations, and providers are all happy about this solution, there’s still one group for whom CDNs can be a thorn in the side: IT professionals. It’s not helpful to see users connecting to amazonaws.com. They could be accessing all kinds of inappropriate content.
Say you’re in charge of making sure nobody violates company policy. Well, most offices ban Netflix, but your report might show everyone connecting to amazonaws.com, as in the above image. For all you know, every single one of those instances could be connections to Netflix. But you can’t know because they’re hidden behind a CDN domain.
Luckily, our network traffic analyzer, Scrutinizer, can ingest metadata that reveals the URLs. With this visibility, IT professionals can determine whether anyone was goofing around or even connecting to a malicious domain:
If you would like to learn more about CDNs and gaining visibility into those connections, check out our related blog on Akamai traffic.