CDSA

AWS Announces General Availability of Amazon Security Lake

Amazon Security Lake automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multicloud environments.

Amazon Security Lake converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF) open standard, making it easier for security teams to automatically collect, combine, and analyze security data from more than 80 sources, including AWS, security partners, and analytics providers. Amazon Security Lake is part of a broad set of AWS Cloud security services that build on AWS’s secure infrastructure to help make it the most flexible and secure cloud trusted by millions of customers, including some of the most security-sensitive organizations, and is supported by a broad community of security partners to help customers elevate their security in the cloud.

Amazon Security Lake aggregates and optimizes large volumes of disparate log and event data to enable faster threat detection, investigation, and response so organizations can effectively address potential issues quickly, using their preferred analytics tools.

“Security has been our top priority since the very beginning, when we were designing to meet the needs of the most security-sensitive organizations,” said Jon Ramsey, vice president for Security Services at AWS. “We also know that customers need trusted partners to extend the benefits of the cloud and make sure their organizations are secure end-to-end. With more than 80 sources providing data to Amazon Security Lake, security teams can achieve greater visibility into potential security threats and how to respond to them, further protecting the workloads, applications, and data that are critical to driving business forward.”

Customers want to proactively identify, assess, and respond to potential threats and vulnerabilities. To do this, most organizations rely on log and event data from many different sources (e.g., applications, firewalls, and identity systems) running in the cloud and on premises, each using a different data format. Uncovering security-related insights, like unauthorized external data transfers or malware installations on employee devices, means organizations must aggregate and normalize security data into a consistent schema.

Once the data is formatted consistently, customers can analyze it and understand the current level of vulnerability, and then correlate and monitor threats for improved observability. Customers typically use different security solutions to address specific use cases, such as incident response and security analytics.

This often means they are duplicating and processing the same data multiple times because each solution has its own data stores and format. Running multiple security solutions is costly and slows down security teams’ ability to detect and respond to issues. To monitor new users, tools, and data sources, security teams must manage a complex set of data access rules and security policies to track how data is used while ensuring that employees can still access the information needed to do their jobs. Some security teams create a central repository for all of their security data in a data lake, but these systems require specialized skills and can take months to build due to the large amounts of data, which can run into petabyte scale, from different sources.

Amazon Security Lake is a purpose-built security data lake that enables customers to aggregate, normalize, and store data so they can respond to security events faster, simplify compliance monitoring and reporting, and unify security data management across hybrid and multicloud environments. The service builds the security data lake using Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation to automatically set up security data lake infrastructure in a customer’s AWS account, providing full control and ownership over security data. To help customers achieve end-to-end security, the AWS Marketplace includes thousands of security solutions.

Customers can integrate powerful technology from a wide portfolio of integrated services and partner solutions that can be customized, automated, and scaled to achieve the appropriate level of security for their organizations. With just a few steps, customers can easily create a data lake that collects security data from sources like Amazon VPC Flow Logs and AWS CloudTrail, third-party sources like Splunk, CrowdStrike, Datadog, and Cribl, and their own sources of data.

All security data in Amazon Security Lake conforms to the OCSF schema, making it simpler to conduct security investigations with a single, unified view.

Customers can use their preferred security and analytics tools, including Amazon Athena, Amazon OpenSearch Service, and Amazon SageMaker, along with leading third-party solutions, to capture broader and deeper analytics quickly and easily.

Amazon Security Lake is generally available today in US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), and South America (São Paulo) with availability in additional AWS Regions coming soon.