During re:Invent 2022, Amazon Cloud announced the launch of Amazon Security Lake, a service that automatically centralizes a customer's security data in the cloud and locally into a purpose-built data lake within the customer's Amazon Cloud account to facilitate rapid action on security data. Amazon Security Lake implements data lifecycle management through customizable data backup retention Settings; This service converts incoming security data into an efficient Apache Parquet format; And bring data into line with the Open Cybersecurity Schema Framework (OCSF), make it easier to automatically standardise security data from Amazon Cloud, and integrate it with dozens of pre-integrated third-party enterprise security data sources. Security analysts and engineers can use Amazon Security Lake to aggregate, manage, and optimize large volumes of disparate logs and event data for faster threat detection, investigation, and incident response, and to efficiently and quickly resolve potential issues while continuing to use their familiar analytical tools. For more information about Amazon Security Lake, visit aws.amazon.com/security-lake.
Customers expect to have higher visibility into the security activities of the entire enterprise, be able to proactively identify potential threats and vulnerabilities, assess security alarms and respond accordingly, and prevent the recurrence of security events. To do this, most enterprises rely on log and event data from different sources, such as applications, firewalls, identity systems, and so on, which may run in the cloud or locally within the enterprise, each using unique and incompatible data formats. In order to gain security-related insights, such as detecting unauthorized external data transfers of sensitive information or identifying malware installed on employee devices, companies must first aggregate and normalize all data into a consistent format. Once the data format is consistent, customers can analyze and understand the current vulnerability level, and then correlate and monitor threats to improve the visibility of the data. Customers typically use different security solutions for specific scenarios such as incident response and security analysis. Because each solution has its own data store and format, this means that customers need to copy and process the same data multiple times. This is not only time consuming but also costly, reducing the ability of security teams to detect and respond to problems. As customers add new users, tools, and data sources, the security team must also spend time managing a complex set of data access rules and security policies to track data usage and ensure that workers have the information they need to do their jobs. Some security teams create a central repository for all security data in a data lake, but building these systems requires specialized skills and can take up to months, as log data from different data sources can be petabytes in size.
Amazon Security Lake is a purpose-built secure data lake that customers can create in just a few clicks, using their familiar analysis tools to aggregate, normalize, and store data for faster response to security events. After the customer completes the setup and connects to the selected data source, Amazon Security Lake automatically builds a secure data lake in the customer's selected Amazon Cloud Technology area, making it easier for the customer to meet regional data compliance requirements. Amazon Security Lake automatically aggregates and normalizes data from Amazon Cloud based on the data source of the customer's choice, combines it with third-party data sources that support OCSF (Open Network Security Architecture Framework, an open industry standard), and optimizes the data into a format that is easy to store and query. Amazon Security Lake automatically orchestrates end-to-end processes from data lake creation and data aggregation to data specification and integration. The Service uses Amazon Simple Storage Service (Amazon S3) and Amazon Lake Formation to build a secure data lake. Customers can automatically configure the secure data lake infrastructure in their Amazon Cloud Technology accounts. Let customers own their data and have complete control. Once the data is ingested and normalized, customers can use familiar security and analytics tools, including Amazon Athena, Amazon OpenSearch, and Amazon SageMaker, And leading third-party solutions (e.g. IBM, Splunk, Sumo Logic) that quickly and easily capture a wide range of data and conduct in-depth analysis, Data can be sourced from Amazon Cloud Technologies, more than 50 third parties (such as Cisco, CrowdStrike, Palo Alto Networks), and customer local data sources. Amazon Security Lake will ultimately help customers improve their overall security posture, provide greater visibility for security teams to identify and understand security incidents, and reduce the time it takes to handle security issues.
"Customers need to act quickly to secure their data and networks, and they must be able to quickly detect and respond to security risks," said Jon Ramsey, vice president of security services at Amazon Cloud Technologies. But the data they need to analyze often spans multiple data sources and is stored in different formats. Customers want to process this data faster and improve security, but the process of collecting, regulating, storing, and managing this data is complex and time-consuming. Amazon Security Lake enables customers of all sizes to build a secure data lake with just a few clicks, aggregating log and event data from dozens of data sources, normalizing it to OCSF standards, and making a wider range available so customers can take quick action with their security tools. With Amazon Security Lake and our strong network of security partner members and solutions, customers can gain superior visibility and control."
Amazon Security Lake is now available as a preview in the Eastern United States (Northern Virginia), Eastern United States (Ohio), Western United States (Oregon), Asia-Pacific (Sydney), Asia-Pacific (Tokyo), Europe (Frankfurt), and Europe (Dublin) regions, Additional Amazon Cloud tech regions will be available soon.
The Financial Industry Regulatory Authority (FINRA) is a government-mandated non-profit organization that regulates brokerages in the United States to protect investors and strengthen market integrity. "Every investor needs fair financial markets. By maintaining market integrity, FINRA enables investors and companies to participate in the securities market with confidence. To do this successfully, we use a number of top-of-the-line security tools to secure our Amazon Cloud technology environment and secure our market data." "Amazon Security Lake makes it easier for us to collect all of our security data in OCSF format, saving security engineers a lot of time and effort to gain insight from log and event data," said Eric Pickersgill, Chief Information Security Officer at FINRA.
Salesforce is the global leader in customer relationship management systems that help companies of all sizes and industries transform digitally, creating a 360-degree view of their customers. "Salesforce has integrated security into everything we do. As we scale to support our global customer base growth, our detection and response teams need to analyze petabytes of security logs to capture malicious activity and protect our customers' data." "By unifying Security logs and event information from Amazon Cloud and other cloud providers, Amazon Security Lake simplifies the work of our security team and reduces log load and log override times," said Vikram Rao, Salesforce's chief Trust Officer. Allows our engineers to focus on proactive prevention and incident response."