Amazon Web Services, Inc. (AWS) has rolled out is new “Amazon Security Lake,” a service that automatically centralizes an organization’s security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account so customers can act on security data faster.
The service manages data throughout its lifecycle with customizable data retention settings, converts incoming security data to the efficient Apache Parquet format, and conforms it to the Open Cybersecurity Schema Framework (OCSF) open standard to make it easier to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party enterprise security data sources. Security analysts and engineers can use Amazon Security Lake to aggregate, manage, and optimize large volumes of disparate log and event data to enable faster threat detection, investigation, and incident response to effectively address potential issues quickly, while continuing to utilize their preferred analytics tools.
After setup and connections to selected data sources, the service automatically builds a security data lake in a customer-selected region, which can help customers meet regional data compliance requirements. After customers choose their data sources, Amazon Security Lake automatically aggregates and normalizes data from AWS, combines it with third-party sources that support OCSF (an open standard), and optimizes it into a format that is easy to store and query.
“Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources and stored in a variety of formats,” said Jon Ramsey, vice president for Security Services at AWS. “Customers tell us they want to take action on this data faster to improve their security posture, but the process of collecting, normalizing, storing, and managing this data is complex and time consuming,”
Amazon Security Lake is available in preview today in US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Dublin), with availability in additional AWS Regions anticipated soon.
A purpose-built security data lake helps organizations aggregate, manage, and analyze log and event data to enable faster threat detection, investigation, and incident response.