The service automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account. Credit: Imaginima / Getty Images Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account, the company said in a statement. “Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources and stored in a variety of formats,” Jon Ramsey, vice president for Security Services at AWS said in a statement. “Amazon Security Lake lets customers of all sizes securely set up a security data lake with just a few clicks to aggregate logs and event data from dozens of sources, normalize it to conform with the Open Cybersecurity Schema Framework (OCSF) standard, and make it more broadly usable so customers can take action quickly using their security tools of choice.”Launched at the AWS re:Invent 2022, Amazon Security Lake is currently available in US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland), and will be expanded to other regions soon. “Security analysts and engineers can use Amazon Security Lake to aggregate, manage, and optimize large volumes of disparate log and event data to enable faster threat detection, investigation, and incident response to effectively address potential issues quickly, while continuing to utilize their preferred analytics tools,” the company said. FINRA, Salesforce, and Tinder have already started using the service, according to AWS. Security Lake automatically builds data lakeAmazon Security Lake automatically builds a data lake for the enterprise and manages the complete lifecycle. It aggregates, normalizes and stores data, helping enterprises respond to security events faster with their preferred tools, the company said. The security data lake is created in just a few clicks in the customer-selected region, according to the release. The new service builds security data lakes using Amazon Simple Storage Service (S3) and AWS Lake formation. “After customers choose their data sources, Amazon Security Lake automatically aggregates and normalizes data from AWS, combines it with third-party sources that support OCSF (an open standard), and optimizes it into a format that is easy to store and query,” AWS said. The service enables enterprises to use Amazon’s security solutions such as Amazon Athena, Amazon OpenSearch, and Amazon SageMaker as well as third-party solution providers such as IBM, Splunk and Sumo Logic. It also supports over 50 different data sources including AWS, Cisco, CrowdStrike, and Palo Alto Networks.“As a result, Amazon Security Lake helps customers improve their overall security posture, provide greater visibility for security teams to identify and understand events, and reduce the time to resolve security issues,” the company said. Security Lake supports OCSF Amazon Security Lake conforms all the data to the OCSF and combines it with third-party sources that support OCSF and optimizes it into a format that is easy to store and query, AWS said. OCSF is a collaborative, open source effort by AWS and its partners in the cybersecurity industry that aims to provide a standard schema for the data generated by cybersecurity tooling. The public source code for OCSF is hosted on GitHub. A standardized schema can fasten the process of integrating data from different vendors into a single format. The Security Lake service converts the ingested data to OCSF format. Related content news FBI probes into Pennsylvanian water utility hack by pro-Iran group Federal and state investigations are underway for the recent pro-Iran hack into a Pennsylvania-based water utility targeting Israel-made equipment. By Shweta Sharma Nov 29, 2023 4 mins Cyberattacks Utilities Industry feature 3 ways to fix old, unsafe code that lingers from open-source and legacy programs Code vulnerability is not only a risk of open-source code, with many legacy systems still in use — whether out of necessity or lack of visibility — the truth is that cybersecurity teams will inevitably need to address the problem. By Maria Korolov Nov 29, 2023 9 mins Security Practices Vulnerabilities Security news Amazon’s AWS Control Tower aims to help secure your data’s borders As digital compliance tasks and data sovereignty rules get ever more complicated, Amazon wants automation to help. By Jon Gold Nov 28, 2023 3 mins Regulation Cloud Security news North Korean hackers mix code from proven malware campaigns to avoid detection Threat actors are combining RustBucket loader with KandyKorn payload to effect an evasive and persistent RAT attack. By Shweta Sharma Nov 28, 2023 3 mins Malware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe