Amazon Security Lake


Published 6 Apr, 2023

Data is every enterprise’s most valuable asset, customers want greater visibility into security activity across their entire organizations to proactively identify potential threats and vulnerabilities, assess security alerts, respond accordingly, and help prevent future security events. To do this, most organizations rely on log and event data from many different sources (e.g., applications, firewalls, and identity systems) running in the cloud and on premises, each using a unique and often incompatible data format.

The new security-focused data lake solution from Amazon Web Services (AWS), unveiled at re:Invent 2022, aims to give consumers more value from their security data. It is a purpose-built data lake for security-related data, a service that automatically centralizes an organization’s security data from cloud and on-premises sources into a purpose-built data lake in a customer’s AWS account so customers can act on security data faster.

Amazon Security Lake manages data throughout its lifecycle with customizable data retention settings, converts incoming security data to the efficient Apache Parquet format, and conforms it to the Open Cybersecurity Schema Framework (OCSF) which aims to eliminate the time-consuming normalization effort and to accelerate the incident triage process across various security products and services, making it easier to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party enterprise security data sources. (OCSF.). It can combine data from the world’s top technology companies and connect with up to 50 partner analytics systems.

With the help of Amazon Security Lake, based on Amazon S3 and by combining a variety of AWS’s existing data analytics and management services, security teams will find it simple to automatically gather, aggregate, and analyze security data at petabyte size. The platform integrates with CloudTrail, Lambda, and GuardDuty to allow customers to import their data. The data can be analyzed further with tools such as Amazon Athena or SageMaker. 

Security analysts and engineers can use Amazon Security Lake to aggregate, manage, and optimize large volumes of disparate log and event data to enable faster threat detection, investigation, and incident response to effectively address potential issues quickly, while continuing to utilize their preferred analytics tools.

·        Analyze multiple years of security data quickly – It centralize years of cloud, on-premises, and custom data in your Amazon S3 buckets and use your preferred tools for security analytics.

·        Support on-demand analysis of petabyte-scale data – Build a data lake to support security investigations and rapid incident response scenarios. 

·        Examine your data with custom analytics – Give your security teams broader visibility to investigate and respond to suspicious activities using your custom analytics models. 

·        Use your preferred tools with centralized data – Streamline the process of accessing data for teams across your organization using their preferred analytics tools, without duplicating data. 

Tinder is the world’s most popular app for meeting new people. Available in 190 countries and more than 40 languages, it’s been downloaded more than 530 million times and led to more than 75 billion matches. “Because our users entrust Tinder with their information, the security of our application and the privacy of our customers’ data is our top priority. Ensuring that we maintain a robust, transparent, and accountable security program is core to our commitment to our customers,” said Jonathan Walker, DevSecOps manager II at Tinder. “Amazon Security Lake has drastically reduced time and money in our efforts to query security events at scale across regions, sources, and events. This has allowed our team to shift our focus away from data engineering to analyzing security events within the cloud.”

Overall, with Amazon Security Lake, customers can create a security data lake. Then, in just a few clicks, gather data from various sources and normalize it to OCSF standards, enabling customers to quickly take action with their preferred security tool. Amazon Security Lake is available in preview today in US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland), with availability in additional AWS Regions coming soon.