Amazon Web Services has announced the general availability of Amazon Security Lake, a service that automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multi-cloud environments. Amazon Security Lake converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF) open standard, making it easier for security teams to automatically collect, combine, and analyze security data from more than 80 sources, including AWS, security partners, and analytics providers. Amazon Security Lake is part of a broad set of AWS Cloud security services that build on AWS’s secure infrastructure to help make it the most flexible and secure cloud trusted by millions of customers, including some of the most security-sensitive organizations, and is supported by a broad community of security partners to help customers elevate their security in the cloud. Amazon Security Lake aggregates and optimizes large volumes of disparate log and event data to enable faster threat detection, investigation, and response so organizations can effectively address potential issues quickly, using their preferred analytics tools. To get started with Amazon Security Lake, visit https://aws.amazon.com/security-lake.
“Security has been our top priority since the very beginning, when we were designing to meet the needs of the most security-sensitive organizations,” said Jon Ramsey, vice president for Security Services at AWS. “We also know that customers need trusted partners to extend the benefits of the cloud and make sure their organizations are secure end-to-end. With more than 80 sources providing data to Amazon Security Lake, security teams can achieve greater visibility into potential security threats and how to respond to them, further protecting the workloads, applications, and data that are critical to driving business forward.”
Customers want to proactively identify, assess, and respond to potential threats and vulnerabilities. To do this, most organizations rely on log and event data from many different sources (e.g., applications, firewalls, and identity systems) running in the cloud and on premises, each using a different data format. Uncovering security-related insights, like unauthorized external data transfers or malware installations on employee devices, means organizations must aggregate and normalize security data into a consistent schema. Once the data is formatted consistently, customers can analyze it and understand the current level of vulnerability, and then correlate and monitor threats for improved observability. Customers typically use different security solutions to address specific use cases, such as incident response and security analytics. This often means they are duplicating and processing the same data multiple times because each solution has its own data stores and format. Running multiple security solutions is costly and slows down security teams’ ability to detect and respond to issues. To monitor new users, tools, and data sources, security teams must manage a complex set of data access rules and security policies to track how data is used while ensuring that employees can still access the information needed to do their jobs. Some security teams create a central repository for all of their security data in a data lake, but these systems require specialized skills and can take months to build due to the large amounts of data, which can run into petabyte scale, from different sources.
Amazon Security Lake is a purpose-built security data lake that enables customers to aggregate, normalize, and store data so they can respond to security events faster, simplify compliance monitoring and reporting, and unify security data management across hybrid and multicloud environments. The service builds the security data lake using Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation to automatically set up security data lake infrastructure in a customer’s AWS account, providing full control and ownership over security data. To help customers achieve end-to-end security, the AWS Marketplace includes thousands of security solutions. Customers can integrate powerful technology from a wide portfolio of integrated services and partner solutions that can be customized, automated, and scaled to achieve the appropriate level of security for their organizations. With just a few steps, customers can easily create a data lake that collects security data from sources like Amazon VPC Flow Logs and AWS CloudTrail, third-party sources like Splunk, CrowdStrike, Datadog, and Cribl, and their own sources of data. All security data in Amazon Security Lake conforms to the OCSF schema, making it simpler to conduct security investigations with a single, unified view. Customers can use their preferred security and analytics tools, including Amazon Athena, Amazon OpenSearch Service, and Amazon SageMaker, along with leading third-party solutions, to capture broader and deeper analytics quickly and easily.
Amazon Security Lake is generally available today in US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), and South America (São Paulo) with availability in additional AWS Regions coming soon.
Cribl makes open observability a reality for today’s tech professionals. Cribl’s vendor-agnostic observability product suite gives customers flexibility to route and process data at scale from any source to any destination within their data infrastructure. “With the explosion of data and the rapidly evolving security landscape, security teams are challenged to continuously monitor, detect, respond to, and mitigate threats,” said Clint Sharp, co-founder and CEO at Cribl. “Through our integration with Amazon Security Lake, we are excited to provide AWS customers the flexibility to ingest data from third-party sources, transform it to OCSF, then route it to Amazon Security Lake and additional OCSF-enabled tools for enhanced ability to detect and respond to threats. This integration streamlines the process of federated search-in-place queries and selective routing of crucial data to any analytics platform, making it more convenient for customers to use and faster to capture deeper insights.”
CrowdStrike is a global cybersecurity leader with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk—endpoints and cloud workloads, identity, and data. “Stopping breaches requires organizations to break down the silos that exist across their security and technology stack,” said Daniel Bernard, chief business officer at CrowdStrike. “We have noticed a growing trend among customers who correlate CrowdStrike Falcon telemetry with other security data. As a member of OCSF and a long-time AWS Partner, CrowdStrike enables enriched telemetry from the CrowdStrike Falcon platform to Amazon Security Lake. This delivers superior visibility and protection against modern threats, empowering security teams to leverage this information in their security solutions.”
Datadog is a monitoring and security platform for cloud applications. “By providing security teams with in-depth contextual insights and advanced analytics, we can enhance their ability to address and reduce false positives,” said Pierre Betouin, senior vice president of Security Products at Datadog. “The integration between Amazon Security Lake and Datadog platform enables teams to route critical customer logs, including AWS, on-premises, and SAAS logs, to the Datadog Cloud SIEM. This integration provides users with contextual information that helps reduce false positives and enables rapid threat detection and prioritization.”
Jumia is a leading e-commerce platform in Africa, offering customers across the continent a wide range of products and services through its marketplace. “We find Amazon Security Lake to be an indispensable asset that improves our overall security posture and are excited the service is now generally available,” said Pedro Fangueiro, CISO at Jumia. “Amazon Security Lake significantly streamlines our security operations, allowing our teams to efficiently tackle security monitoring use cases, ultimately fortifying our workloads, applications, and data. Amazon Security Lake helps us reduce administrative overhead in critical environments, enabling us to focus on tasks with the highest value to our business.”
Novozymes is a global biotechnology company specializing in the research, development, and production of industrial enzymes, microorganisms, and bio-pharmaceutical ingredients to help businesses grow sustainably, safeguard the planet’s resources, and improve the quality of life for people around the world. “Managing and analyzing security logs and findings for CloudTrail, VPC, Route53, and AWS Security Hub across our hybrid enterprise posed a significant challenge,” said Jacob Kofod, Cloud Architect for Novozymes. “We started using Amazon Security Lake to help us normalize the security logs and findings, and enables us to swiftly and accurately feed this information to a SIEM with minimal operational overhead. Amazon Security Lake will help Novozymes spend more time on more impactful work like safeguarding the planet’s resources.”
SentinelOne provides AI-powered cybersecurity to prevent threats, reduce risk, and safeguard organizations by providing protection across cloud, endpoints, identity, and data. “Traditional threat hunting and investigations are often challenging and time consuming. The diverse telemetry and log events required for analysis are scattered across various sources, formats, and tools, creating silos that hinder efficiency and effectiveness,” said Jane Wong, senior vice president of Product Management at SentinelOne. “Through our integration with Amazon Security Lake and leveraging the OCSF schema, customers can now ingest, query, and analyze normalized telemetry within SentinelOne’s Singularity Platform. This streamlined process greatly reduces complexity and enhances efficiency in threat investigations, enabling a unified data source that automatically correlates events, empowering automated correlations of events to reconstruction threats from inception to resolution.”
Splunk is a leading technology company specializing in cybersecurity and observability solutions dedicated to fostering a safer and more resilient digital world. “Splunk is honored to be an AWS launch partner for Amazon Security Lake and a valued member of the Steering Committee for the OCSF project, which aims to establish an open schema for data normalization within the cybersecurity community,” said Mike Horn, senior vice president and general manager of Security at Splunk. “The integration between Splunk and Amazon Security Lake enables customers to store their data in one unified format, OCSF. This integration not only enhances their ability to accelerate threat detection and investigation of AWS data, but also helps them ensure their compliance with data retention and regulatory requirements.”
Volkswagen Financial Services is a division of Volkswagen AG represented across the world through many different companies in the business segments of banking, leasing, insurance and services, mobility and payment. “Amazon Security Lake makes it easy to centralize all of our security-related log and findings data into a single data lake, providing us with a comprehensive overview,” said Crispin Weißfuß, head of AWS Managed Platform Services at Volkswagen Financial Services. “This has made it easier for us to address a variety of security monitoring use cases and improve the protection of our workloads, applications, and data.”
Wiz is a cybersecurity startup with a mission to help organizations create secure cloud environments that accelerate their business. “Obtaining deeper insights from security data is imperative for organizations to effectively prioritize critical issues,” said Yinon Costica, vice president of Product and co-founder at Wiz. “Through our integration with Amazon Security Lake, we not only provide those critical insights, but also improve cloud security data sharing, enabling customers to better correlate and leverage issues internally. This integration breaks down security product silos, allowing customers to prioritize security issues, query security analytics, and gain greater visibility into their overall security posture.