Amazon Web Services (AWS) has announced that Amazon Security Lake is hitting general availability this week. The new service enables organizations to create a specialized data lake to aggregate, normalize, and store security data.
Security teams often face difficulties in gathering scattered security data within an organization. This is primarily because identity providers, firewalls, and applications each maintain their own event data and logs. It’s time-consuming and costly to create processes to normalize data across multiple sources.
With Amazon Security Lake, customers can store, analyze, and understand the security data coming from both on-premises and cloud infrastructure. The service converts security data into the Open Cybersecurity Schema Framework (OCSF) standard. It should help security engineers quickly identify, investigate and respond to security incidents.
“Security Lake centralizes security data from Amazon Web Services (AWS) environments, software as a service (SaaS) providers, on-premises, and cloud sources into a purpose-built data lake that is stored in your AWS account. With Open Cybersecurity Schema Framework (OCSF) support, the service normalizes and combines security data from AWS and a broad range of security data sources,” Amazon Web Services explained.
Amazon Security Lake is designed to help organizations improve their overall security posture. The service also helps to streamline the compliance monitoring and reporting process as well as unify security data management across hybrid environments.
Additionally, Amazon Security Lake aggregates data from different AWS services, like GuardDuty, CloudTrail, AWS Firewall Manager, AWS Security Hub, and Lambda. The service also integrates with various third-party solutions, including SentinelOne, Splunk, Cribl, Aqua Security, Claroty, and Confluent.
AWS has introduced support for the latest version of OCSF in Amazon Security Lake. The service normalizes CloudTrail management events into the Authentication, Account Change, and API Activity OCSF event classes. The company has also updated resource names and schema mapping to improve the usability of log data.
If you’re interested, you can sign up for a 15-day free trial to test the Amazon Security Lake solution. The service is currently available for customers in several AWS Regions located in the US, Asia Pacific, Europe, and South America.