AWS today announced Amazon Security Lake, a new purpose-built data lake for security-related data. It can aggregate data from cloud and on-premises infrastructure, firewalls and endpoint security solutions. It helps enterprises centralize all of their security data in a single data lake, using a standards-based format, and manage the life cycle of this data.
Security Lake will obviously aggregate data from AWS’s own services, be those CloudTrail or Lambda, as well as its own security tools like AWS Security Hub, GuardDuty or the AWS Firewall Manager. But what’s important here is that the company is also supporting the new Open Cybersecurity Schema Framework (OCSF), for which it recently announced support. This framework provides an open specification for security telemetry data. With this, it’ll be able to ingest data from the likes of Cisco, CrowdStrike and Palo Alto networks, too.
“Security data is usually scattered across your environment from applications, firewalls and identity providers,” AWS CEO Adam Selipsky said today. “To uncover insights like coordinated malicious activity into your business, you have to collect and aggregate all of this data, make it accessible to all of the analytics tools that you use to support threat detection, investigation and incident response — and then keep the data pipelines updated and continuously do that as events evolve. What this adds up to is that what you really want is a tool that makes it easy to store, to analyze, to understand trends and to generate insights from security data.”
That tool, of course, is Security Lake. The service will automatically partition and convert incoming data to the OCSF format and make it available through partners like IBM, Splunk and Sumo Logic, for example.
The new service is now available in preview in several AWS zones: U.S. East (Ohio), U.S. East (North Virginia), U.S. West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt) and Europe (Ireland).