AWS launches new cybersecurity service Amazon Security Lake

Amazon Web Services (AWS) has launched a new cybersecurity service, Amazon Security Lake, which automatically centralizes security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account, the company said in a statement. 

“Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources and stored in a variety of formats,” Jon Ramsey, vice president for Security Services at AWS said in a statement. “Amazon Security Lake lets customers of all sizes securely set up a security data lake with just a few clicks to aggregate logs and event data from dozens of sources, normalize it to conform with the Open Cybersecurity Schema Framework (OCSF) standard, and make it more broadly usable so customers can take action quickly using their security tools of choice.”

Launched at the AWS re:Invent 2022, Amazon Security Lake is currently available in US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland), and will be expanded to other regions soon. 

“Security analysts and engineers can use Amazon Security Lake to aggregate, manage, and optimize large volumes of disparate log and event data to enable faster threat detection, investigation, and incident response to effectively address potential issues quickly, while continuing to utilize their preferred analytics tools,” the company said. 

FINRA, Salesforce, and Tinder have already started using the service, according to AWS. 

Security Lake automatically builds data lake

Amazon Security Lake automatically builds a data lake for the enterprise and manages the complete lifecycle. It aggregates, normalizes and stores data, helping enterprises respond to security events faster with their preferred tools, the company said. 

The security data lake is created in just a few clicks in the customer-selected region, according to the release. The new service builds security data lakes using Amazon Simple Storage Service (S3) and AWS Lake formation. 

“After customers choose their data sources, Amazon Security Lake automatically aggregates and normalizes data from AWS, combines it with third-party sources that support OCSF (an open standard), and optimizes it into a format that is easy to store and query,” AWS said.   

The service enables enterprises to use Amazon’s security solutions such as Amazon Athena, Amazon OpenSearch, and Amazon SageMaker as well as third-party solution providers such as IBM, Splunk and Sumo Logic. It also supports over 50 different data sources including AWS, Cisco, CrowdStrike, and Palo Alto Networks.

“As a result, Amazon Security Lake helps customers improve their overall security posture, provide greater visibility for security teams to identify and understand events, and reduce the time to resolve security issues,” the company said. 

Security Lake supports OCSF 

Amazon Security Lake conforms all the data to the OCSF and combines it with third-party sources that support OCSF and optimizes it into a format that is easy to store and query, AWS said. 

OCSF is a collaborative, open source effort by AWS and its partners in the cybersecurity industry that aims to provide a standard schema for the data generated by cybersecurity tooling. The public source code for OCSF is hosted on GitHub.  

A standardized schema can fasten the process of integrating data from different vendors into a single format. The Security Lake service converts the ingested data to OCSF format.