Amazon Web Services Inc. announced the preview of a new purpose-built cybersecurity service today at AWS re:Invent that automatically centralizes an organization’s security data from cloud and on-premises sources into a data lake in order to ease security data management.

The new service, called Amazon Security Lake, manages security data throughout its lifecycle from multiple sources and converts all incoming data and conforms it to a new standards-based format, the Open Cybersecurity Schema Framework, which allows for the ingestion from a multitude of sources and normalization of security data.

By normalizing the data, it can be immediately available for query, without the need for any post-processing, enabling it to be combined with data from any number of other pre-integrated data sources at large volumes in real time. In this manner, Security Lake can aggregate, manage and optimize large volumes of separate log and event data sources to allow for faster threat detection and incident response.

“Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources and stored in a variety of formats,” said Jon Ramsey, vice president for security services at AWS.

Security Lake is capable of ingesting and normalizing data from across Amazon’s already broad stable of cloud and security products, including Amazon S3, AWS Lambda, AWS Security Hub, AWS Firewall Manager and more. It is also able to draw from over 50 third-party sources and a number of partners are sending data directly in OCSF format to Security Lake including Cisco Security, CrowdStrike and Palo Alto Networks.

The new service allows customers to set up easily by building on Amazon Simple Storage Service, Amazon S3, and AWS Lake Formation to automatically set up a security data lake on an AWS account with just a few clicks. Once set up, it will automatically ingest and normalize data and provide a management console and full control over security data.

Once the data is flowing, ingested and normalized, customers can choose their preferred security and analytics tools, including Amazon Athena, Amazon OpenSearch, and Amazon SageMaker, or any number of third-party solutions from IBM, Splunk, Datadog and Sumo Logic. All of these solutions allow cybersecurity engineers to rapidly access the data in real-time to address a variety of security use cases for threat detection, investigation and incident response.

“Amazon Security Lake lets customers of all sizes securely set up a security data lake with just a few clicks to aggregate logs and event data from dozens of sources, normalize it to conform with the OCSF standard, and make it more broadly usable so customers can take action quickly using their security tools of choice,” added Ramsey.

Just like any other data lake, administrators can configure access levels for subscribers consuming the data stored in the lake, such as data sources for data access and querying data stored. Customers can also specify the rollup region that the Security Lake is available in for multiple AWS accounts across AWS Organizations for complying with data residency.

The preview release of Security Lake is now available in a number of regions including US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt) and Europe (Dublin). Amazon said that additional AWS regions are coming soon.

Images: Unsplash, Amazon