Among the slew of announcements at Amazon Web Services Inc.’s re:Invent conference this week are updates to the company’s cybersecurity services, including Security Lake and the open-source project Open Cybersecurity Schema Framework.
Amazon Security Lake was created to centralize customers’ security data in an era of increasing cyberattacks. The data lake is part of the company’s efforts to take the burden of defense off of businesses, according to Mark Terenzoni (pictured), general manager of security services at AWS.
“The landscape for those vendors is changing because now instead of just selling software, they’re actually selling infrastructure with their software to provide outcomes for their customers,” he said. “The dynamics of that plays very well into why we built Security Lake to take that undifferentiated heavy lifting off of the partners and the customers, gather all that data that you need, but do it in a very low-cost manner.”
Terenzoni spoke with theCUBE Research’s John Furrier for theCUBE’s “Cloud AWS re:Invent Coverage,” during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed open-source cybersecurity and building Security Lake.
Integrating OpenSearch capabilities with Security Lake
AWS launched Security Lake 18 months ago, basing it on OCSF, an open cybersecurity schema format. This week, the company announced that Security Lake would be directly integrated with OpenSearch, enabling customers to query their data in Security Lake and analyze pieces of data as needed.
“Customers have security teams. They’re really good at understanding and remediating threats [but] not really good at big data problems,” Terenzoni explained. “So, we’ve taken that burden or undifferentiated heavy lifting off of the customer’s back, organiz[ing] the data in a format that they can go run their use cases and analytics, and then partnered with a number of security vendors that rely on this data but don’t need to ingest it.”
This advancement allows organizations to analyze larger amounts of data and greatly reduces the cost of service because the all data does not have to be ingested with each query. Terenzoni also revealed that OCSF has become a Linux Foundation project, furthering the trend of open-source cybersecurity.
“With OCSF … the other side benefit is really on the data science and machine learning and analytics side,” he said. “[Users] can start to build their own content and detections because they already understand the format before they have sample data and it really reduces that whole development cycle for our partners.”
Having a robust identity management system is crucial for defending from cyberattacks, as well as having security partners on retainer, according to Terenzoni. Customers can bring important accounts and data sources into Security Lake, which will then be converted to the OCSF format.
“We have a number of capabilities also in that place to help customers really segment … their production applications and lock down the access,” Terenzoni said. “We almost think of [Security Lake] as like a middleware where … our partners feed sources into us and our partners put analytics on top of us.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s “Cloud AWS re:Invent Coverage”:
Photo: SiliconANGLE
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU