Amazon Web Services this week introduced Amazon Security Lake, a purpose-built data lake designed to help organizations aggregate security-related data from multiple sources.
The service allows customers to build a data lake to automatically collect, combine and analyze security data at petabyte scale, AWS CEO Adam Selipsky said Tuesday during his keynote at AWS re:Invent.
“Security data is usually scattered across your environment from applications, firewalls and identity providers,” he said.
“To uncover insights like coordinated malicious activity into your business, you have to collect and aggregate all of this data, make it accessible to all of the analytics tools that you use to support threat detection, investigation and incident response — and then keep the data pipelines updated and continuously do that as events evolve,” Selipsky said.
Cloud customers confront unique and frequently incompatible formats when using security tools and services beyond what their cloud providers make available directly.
The fragmented data and logs produced by these third-party sources, despite tight integration with AWS, make it difficult for organizations to spot potential threats in a comprehensive manner.
AWS and other vendors are trying to bring order to that data chaos by creating the Open Cybersecurity Schema Framework, a universal model for data sharing across multiple sources.
AWS said Amazon Security Lake is the first service to support OCSF, a project established by AWS and Splunk that has grown to include more than 200 contributions from 60 organizations since it was announced in August.
The framework allows AWS customers to gather security telemetry data from AWS security tools such as Security Hub and GuardDuty, but also capture and analyze data from services provided by Cisco, CrowdStrike, Palo Alto Networks and more than 50 security tools.
Organizations can funnel their data sources into the lake, including on-premises infrastructure and internal application or network infrastructure logs, Selipsky said. Amazon Security Lake can then query the data with tools from AWS or other vendors.
“We realize security is a team,” he said. “To get a clear view of all the users using one particular AWS bucket, and then to determine if any of those users have connected to a malicious site, potentially compromising your data.”
Amazon Security Lake is available in preview across seven AWS zones.