Explore the development and implementation of a custom cloud-based Intrusion Detection System (IDS) for combating email phishing in this 19-minute conference talk from BSidesSF 2017. Learn how Uber's security team tackled the pervasive challenge of phishing by building their own email IDS in AWS, offering real-time threat response capabilities. Discover the operational benefits of this approach, including improved price, extensibility, and performance. Gain insights into key components such as attachments analysis, Lambda debug logs, Cloud Watch metrics, Elastic Search, and advanced intelligence services. Understand how this custom solution enhances phishing protection while providing user-guided actions and chat alerts, demonstrating the dual advantage of strengthening security and improving operational efficiency.