Amazon Web Services unveiled the Amazon Security Lake, a standards-based knowledge lake for safety knowledge, at this week’s AWS re:Invent 2022 convention. The new cybersecurity service will permit organizations to combination logs and occasion knowledge from a number of sources and analyze them to shortly detect and reply to threats.
Security knowledge is normally scattered throughout a company’s setting, as functions, firewalls, and identification suppliers preserve their very own logs and occasion knowledge. They are additionally typically in disparate knowledge codecs, making it troublesome for safety groups to combination them. Creating processes to normalize knowledge throughout a number of sources may be expensive and time-consuming to construct, and managing the information lifecycle is complicated.
Many organizations are turning to safety knowledge lakes to handle safety knowledge from a number of knowledge sources and to combine with different safety instruments. These knowledge lakes assist centralize and retailer limitless quantities of knowledge to energy investigations, analytics, risk detection, and compliance initiatives. It additionally makes it doable to mix the group’s personal knowledge with enriched knowledge from different sources for deeper context.
With Amazon Security Lake, organizations will be capable of retailer, analyze, and perceive the information collected from each cloud and on-premises infrastructure, the corporate stated. Because Amazon Security Lake helps the Open Cybersecurity Schema Framework (OCSF), an open specification for safety telemetry knowledge, it will probably ingest knowledge from numerous third-party suppliers. Having the information accessible in OCSF format means safety groups can use the analytics instrument of their option to uncover malicious exercise.
“After customers choose their data sources, Amazon Security Lake automatically aggregates and normalizes data from AWS, combines it with third-party sources that support OCSF (an open standard), and optimizes it into a format that is easy to store and query,” AWS stated in an announcement.
Amazon Security Lake aggregates knowledge from AWS companies, equivalent to CloudTrail, Lambda, AWS Security Hub, GuardDuty, and AWS Firewall Manager, in addition to from firewalls and endpoint safety merchandise from different firms. Several dozen firms have introduced integrations with Amazon Security Lake, together with Cisco, CrowdStrike, Palo Alto Networks, Barracuda, Lacework, Trend Micro, and Laminar. Security groups can analyze the information utilizing Amazon’s personal safety companies equivalent to Amazon Athena, Amazon OpenSearch, and Amazon SageMaker, in addition to third-party suppliers equivalent to IBM, Splunk, Sumo Logic, Securonix, and SentinelOne.
The knowledge lakes are constructed utilizing Amazon Simple Storage Service (S3) and AWS Lake Formation, the corporate stated.