Amazon Internet Providers unveiled the Amazon Safety Lake, a standards-based information lake for safety information, at this week’s AWS re:Invent 2022 convention. The brand new cybersecurity service will enable organizations to combination logs and occasion information from a number of sources and analyze them to rapidly detect and reply to threats.
Safety information is normally scattered throughout a corporation’s surroundings, as functions, firewalls, and identification suppliers preserve their very own logs and occasion information. They’re additionally typically in disparate information codecs, making it tough for safety groups to combination them. Creating processes to normalize information throughout a number of sources may be expensive and time-consuming to construct, and managing the information lifecycle is complicated.
Many organizations are turning to safety information lakes to handle safety information from a number of information sources and to combine with different safety instruments. These information lakes assist centralize and retailer limitless quantities of knowledge to energy investigations, analytics, risk detection, and compliance initiatives. It additionally makes it attainable to mix the group’s personal information with enriched information from different sources for deeper context.
With Amazon Safety Lake, organizations will be capable of retailer, analyze, and perceive the information collected from each cloud and on-premises infrastructure, the corporate stated. As a result of Amazon Safety Lake helps the Open Cybersecurity Schema Framework (OCSF), an open specification for safety telemetry information, it may possibly ingest information from a lot of third-party suppliers. Having the information obtainable in OCSF format means safety groups can use the analytics instrument of their option to uncover malicious exercise.
“After prospects select their information sources, Amazon Safety Lake routinely aggregates and normalizes information from AWS, combines it with third-party sources that help OCSF (an open normal), and optimizes it right into a format that’s straightforward to retailer and question,” AWS stated in an announcement.
Amazon Safety Lake aggregates information from AWS providers, similar to CloudTrail, Lambda, AWS Safety Hub, GuardDuty, and AWS Firewall Supervisor, in addition to from firewalls and endpoint safety merchandise from different corporations. A number of dozen corporations have introduced integrations with Amazon Safety Lake, together with Cisco, CrowdStrike, Palo Alto Networks, Barracuda, Lacework, Development Micro, and Laminar. Safety groups can analyze the information utilizing Amazon’s personal safety providers similar to Amazon Athena, Amazon OpenSearch, and Amazon SageMaker, in addition to third-party suppliers similar to IBM, Splunk, Sumo Logic, Securonix, and SentinelOne.
The info lakes are constructed utilizing Amazon Easy Storage Service (S3) and AWS Lake Formation, the corporate stated.
