[New Service]AWS Announces Amazon Security Lake : A new Data Lake Service#reinvent

2022.11.30

Hello Everyone!

AWS announced a new data lake service known as Amazon Security Lake at the Keynote Session of re:Invent 2022. Now available in Preview.

Overview of Security Lake

Amazon Security Lake is a data lake service that aggregates security data into a purpose-built data lake automatically and analyzes it. Security Lake has adopted an open standard known as the Open Cybersecurity Schema Framework (OCSF).  This open standard helps in normalizing and combining security data from various sources.

 

 

Refer to the following blog for the official announcement about Amazon Security Lake.

 

Refer to the following blog to know how to configure Security Lake.

Data Sources

The source of security data can be cloud, on-premises and other custom sources.  The below slide shows various AWS and Partner Sources from which data can be collected.

AWS Sources for Security Lake are as follows:

  • Amazon VPC,
  • AWS CloudTrail
  • Amazon Route 53
  • Security Hub - It includes findings from over 50 solutions.
  • AWS Lambda

The security data sources and logs are collected into Amazon S3.

Analytics

The listed AWS and Partner services from the below image can be used for analyzing the centralized data of Security Lake.

AWS Analytical Services are as follows :

  • Amazon Athena
  • Amazon OpenSearch
  • Amazon SageMaker.

Summary

Security Lake makes it easier for collecting and analyzing security data. The Security Lake during the Preview period is available only in US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Ireland).

Reference : 

Amazon Security Lake (AWS Document)

Amazon Security Lake (Web Page)