AWS Announces General Availability of Amazon Security Lake
SEATTLE, May 31, 2023 — Amazon Web Services, Inc. (AWS) has announced the general availability of Amazon Security Lake, a service that automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake, so customers can act on security data faster and simplify security data management across hybrid and multicloud environments.
Amazon Security Lake converts and conforms incoming security data to the Open Cybersecurity Schema Framework (OCSF) open standard, making it easier for security teams to automatically collect, combine, and analyze security data from more than 80 sources, including AWS, security partners, and analytics providers. Amazon Security Lake is part of a broad set of AWS Cloud security services that build on AWS’s secure infrastructure to help make it the most flexible and secure cloud trusted by millions of customers, including some of the most security-sensitive organizations, and is supported by a broad community of security partners to help customers elevate their security in the cloud. Amazon Security Lake aggregates and optimizes large volumes of disparate log and event data to enable faster threat detection, investigation, and response so organizations can effectively address potential issues quickly, using their preferred analytics tools.
“Security has been our top priority since the very beginning, when we were designing to meet the needs of the most security-sensitive organizations,” said Jon Ramsey, vice president for Security Services at AWS. “We also know that customers need trusted partners to extend the benefits of the cloud and make sure their organizations are secure end-to-end. With more than 80 sources providing data to Amazon Security Lake, security teams can achieve greater visibility into potential security threats and how to respond to them, further protecting the workloads, applications, and data that are critical to driving business forward.”
Customers want to proactively identify, assess, and respond to potential threats and vulnerabilities. To do this, most organizations rely on log and event data from many different sources (e.g., applications, firewalls, and identity systems) running in the cloud and on premises, each using a different data format. Uncovering security-related insights, like unauthorized external data transfers or malware installations on employee devices, means organizations must aggregate and normalize security data into a consistent schema. Once the data is formatted consistently, customers can analyze it and understand the current level of vulnerability, and then correlate and monitor threats for improved observability.
Customers typically use different security solutions to address specific use cases, such as incident response and security analytics. This often means they are duplicating and processing the same data multiple times because each solution has its own data stores and format. Running multiple security solutions is costly and slows down security teams’ ability to detect and respond to issues. To monitor new users, tools, and data sources, security teams must manage a complex set of data access rules and security policies to track how data is used while ensuring that employees can still access the information needed to do their jobs. Some security teams create a central repository for all of their security data in a data lake, but these systems require specialized skills and can take months to build due to the large amounts of data, which can run into petabyte scale, from different sources.
Amazon Security Lake is a purpose-built security data lake that enables customers to aggregate, normalize, and store data so they can respond to security events faster, simplify compliance monitoring and reporting, and unify security data management across hybrid and multicloud environments. The service builds the security data lake using Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation to automatically set up security data lake infrastructure in a customer’s AWS account, providing full control and ownership over security data.
Amazon Security Lake is generally available today in US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), and South America (São Paulo) with availability in additional AWS Regions coming soon.
Splunk is a leading technology company specializing in cybersecurity and observability solutions dedicated to fostering a safer and more resilient digital world. “Splunk is honored to be an AWS launch partner for Amazon Security Lake and a valued member of the Steering Committee for the OCSF project, which aims to establish an open schema for data normalization within the cybersecurity community,” said Mike Horn, senior vice president and general manager of Security at Splunk. “The integration between Splunk and Amazon Security Lake enables customers to store their data in one unified format, OCSF. This integration not only enhances their ability to accelerate threat detection and investigation of AWS data, but also helps them ensure their compliance with data retention and regulatory requirements.”
Since 2006, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud. AWS has been continually expanding its services to support virtually any workload, and it now has more than 200 fully featured services for compute, storage, databases, networking, analytics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 99 Availability Zones within 31 geographic regions, with announced plans for 15 more Availability Zones and five more AWS Regions in Canada, Israel, Malaysia, New Zealand, and Thailand. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs.