Siemens Handles 60,000 Cyber Threats per Second Using AWS Machine Learning

Siemens, the 170-year-old global technology leader, must keep a close eye on the ever-evolving landscape of cybercrime. The charter of the Siemens Cyber Defense Center (CDC) is to protect Siemens and its customers from viruses, malware, intellectual property theft, and other forms of cybercrime. It's no small job: Worldwide, an average of 200,000 new malware samples were collected daily in 2017, a 300 percent increase over the previous year.

"On AWS, our AI-driven cybersecurity platform easily exceeds the strongest published benchmarks in the world."

-Jan Pospisil, Senior Data Scientist, Siemens Cyber Defense Center

  • About Siemens
  • Siemens AG is a global electrification, automation, and digitalization leader. The company provides solutions for power generation and transmission, medical imaging, laboratory diagnostics, and industrial infrastructure and drive systems.

  • Benefits of AWS
    • Cybersecurity solution exceeds published benchmarks
    • Evaluates 60,000 threats per second
    • Forensic analysis doesn’t slow system performance
    • Solution is managed by 12 employees
  • AWS Services Used

More Than Humans Can Handle

Because the magnitude of this problem far exceeds the capacity of human teams to solve it, CDC used Amazon Web Services (AWS) to build a next-generation data analytics platform to address the problem.

"Our goal was to use cloud-based artificial intelligence to process these huge amounts of data and make immediate decisions about how best to counter any detected threats," says Jan Pospisil, a senior data scientist at CDC. "Given the objective of an AI-enabled, high-speed, fully automated, and highly scalable platform, the decision to use AWS was easy."

Countering the Threat with AWS Machine Learning

The CDC uses Amazon SageMaker to label and prepare data, choose and train machine-learning algorithms, make predictions, and act. The solution also uses AWS Glue, a fully managed extract, transform, and load (ETL) service, and AWS Lambda, a serverless service that runs code in response to events.

With a data lake based on Amazon Simple Storage Service (Amazon S3) capable of collecting 6 TB of log data per day, security staff can perform forensic analysis on years' worth of data without compromising the performance or availability of the Siemens security incident and event management (SIEM) solution. The serverless AWS cyber threat-analytics platform handles 60,000 potentially critical events per second but is developed and managed by a team of fewer than one dozen people.

"Naturally, I can't share exactly what our threat-detection rate is and how much we have reduced our false-alarm rate," says Pospisil. "But I can say that, on AWS, our AI-driven cybersecurity platform easily exceeds the strongest published benchmarks in the world."

Learn More

Learn more about Machine Learning on AWS.