Skip to main content
close search
site logo

AWS builds a lake for multivendor security data sharing

Security data is scattered and often stored in fragments from multiple sources. AWS wants to centralize that in a single data lake.

Published Dec. 2, 2022
Matt Kapko's headshot
Senior Reporter
AWS CEO Adam Selipsky
Amazon Web Services CEO Adam Selipsky delivers a keynote address during AWS re:Invent 2022 at The Venetian Las Vegas on November 29, 2022 in Las Vegas. Noah Berger / Stringer via Getty Images

Amazon Web Services this week introduced Amazon Security Lake, a purpose-built data lake designed to help organizations aggregate security-related data from multiple sources. 

The service allows customers to build a data lake to automatically collect, combine and analyze security data at petabyte scale, AWS CEO Adam Selipsky said Tuesday during his keynote at AWS re:Invent.

“Security data is usually scattered across your environment from applications, firewalls and identity providers,” he said. 

“To uncover insights like coordinated malicious activity into your business, you have to collect and aggregate all of this data, make it accessible to all of the analytics tools that you use to support threat detection, investigation and incident response — and then keep the data pipelines updated and continuously do that as events evolve,” Selipsky said.

Cloud customers confront unique and frequently incompatible formats when using security tools and services beyond what their cloud providers make available directly.

The fragmented data and logs produced by these third-party sources, despite tight integration with AWS, make it difficult for organizations to spot potential threats in a comprehensive manner.

AWS and other vendors are trying to bring order to that data chaos by creating the Open Cybersecurity Schema Framework, a universal model for data sharing across multiple sources. 

AWS said Amazon Security Lake is the first service to support OCSF, a project established by AWS and Splunk that has grown to include more than 200 contributions from 60 organizations since it was announced in August.

The framework allows AWS customers to gather security telemetry data from AWS security tools such as Security Hub and GuardDuty, but also capture and analyze data from services provided by Cisco, CrowdStrike, Palo Alto Networks and more than 50 security tools.

Organizations can funnel their data sources into the lake, including on-premises infrastructure and internal application or network infrastructure logs, Selipsky said. Amazon Security Lake can then query the data with tools from AWS or other vendors.

“We realize security is a team,” he said. “To get a clear view of all the users using one particular AWS bucket, and then to determine if any of those users have connected to a malicious site, potentially compromising your data.”

Amazon Security Lake is available in preview across seven AWS zones.

Filed Under: Strategy

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell