Amazon, CrowdStrike leaders say private threat intel can quickly bring cybercriminals to justice

SAN FRANCISCO — Threat intelligence flowing from private companies to cybersecurity authorities and law enforcement agencies is critical to the disruption of malicious activities and the arrests of cybercriminals, security leaders at Amazon and CrowdStrike said Monday during the RSAC 2025 Conference. 

When the private sector and governments interact well, actively participating and sharing resources to advance the common goal of keeping bad things from happening to good people, the positive outcomes are clear, said CJ Moses, Amazon’s chief information security officer. 

Cybersecurity companies and the industry at large have learned how difficult and time consuming it is for the FBI and Department of Justice to disrupt cybercriminal activities and bring a case against those involved. Moses explained that by proactively sharing intelligence, technology companies can hand off nearly finished cases to authorities, reducing investigative workloads and speeding up justice.

“We’ll work together in order to be able to put a bow on a case and hand it to the FBI and DOJ, such that they don’t have to expend a great amount of resources in order to go forward and try to figure things out that we already know,” Moses said.

Technology and cybersecurity companies are uniquely positioned to see and share information that’s either unavailable or at diminished scale to governments. “We’re on the front lines. We get to see that stuff, and therefore we have the expertise, or need to have the expertise, in order to defend,” Moses said. 

The data that powers threat intelligence is inverted, in that large technology companies have more signals and information to pull from than governments, said Adam Meyers, senior vice president of counter adversary operations at CrowdStrike. 

“The data is no longer just passing by the air,” Meyers said. “The data is stored in servers around the globe that we all have visibility into you,” and that puts the onus on private companies to share what they know — without neglecting privacy concerns — by pointing law enforcement agencies in the right direction.

“We see over 6 trillion events per day. In some cases, we’re seeing 55 million events per second at peak,” Meyers said. “When you think about what the volume of that data is, that’s something that only happens at a molecular or cellular level.”

Threat intelligence is bolstered and made more actionable when private companies collaborate and surface their unique insights in a more collected fashion.

“Every organization out there — to include law enforcement, to include all of the other public sector organizations — they’re all kind of looking through a straw at these threats,” Meyers said. 

Steve Kelly, chief trust officer at the Institute for Security and Technology, said it’s critical that organizations that know something and have the capability to do something take action.

“Sometimes just knowing what the puzzle looks like can help you to put it together,” he said. “Those hacks or shortcuts that can help investigators develop a path that’s not going to take 18 months, but maybe is much shorter than that, can be very helpful.”

Amazon is especially insistent on sharing information with people and organizations that can do something about it. “That’s the most important part, from our perspective: sharing the information with those that have a means by which to do something about it,” Moses said. 

The ultimate goal of threat intelligence is not to only temporarily disrupt malicious activity, but find, arrest and convict cybercriminals for their offenses.

“In the end, there’s always a human behind the keyboard somewhere, and humans have motivations,” Moses said. “You have to be in a position to understand those motivations to better inform how you can thwart them.” 

“If your only means of thwarting them is taking them off the air, they’re going to find another way to come back on the air,” he added. “If you can take them, humans, off the air and put them in jail, all the better, because that will actually disrupt their activities.”