Since data is part of security, centralizing it makes access control and anomaly detection easier.
Through an open-source project, dubbed Open Cybersecurity Schema Framework, Amazon Security Lake enables development of a common language around security data for enhanced analytics, according to Mark Terenzoni (pictured), director of Amazon Detective and Amazon Inspector at Amazon Web Services Inc.
“It’s a communal lake where customers can bring all of their security data in one place, whether it’s generated in AWS, their on-prem, or SaaS offerings or other clouds, all in one location in a language that allows analytics and give better outcomes for our customers,” Terenzoni said. “We have 60 vendors participating in developing that language and partnering within Security Lake … we’ve made it simple to aggregate this data in a single place.”
Terenzoni spoke with theCUBE industry analysts John Furrier and Savannah Peterson at AWS re:Invent, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Amazon Security Lake seeks to be a game-changer in the security analytics space. (* Disclosure below.)
Taking security a notch higher
Not only does AWS provide Amazon Security Lake for anomaly detection, but also Amazon GuardDuty and Amazon Inspector. This enables users to analyze risks within their container workload, according to Terenzoni.
“GuardDuty for EKS runtime; it’s complimenting our existing capabilities for EKS support,” he explained. “So, today, Inspector does vulnerability assessment on EKS or container images in general. GuardDuty does detections of EKS workloads based on log data. Detective does investigation and analysis based on that log data as well.”
Through an industry open standard that reduces the complexity of transforming logs to perform security analytics, Terenzoni believes Amazon Security Lake is a game-changer that enables users to build a security data lake.
“The unique value in the data lake is that we put the information in the customer’s control; it’s in their S3 bucket. They get to decide who gets access to it,” he noted. “With Security Data Lake, they get the best of both worlds. We run the infrastructure at scale for them, put the data in their control ,and they get to decide what use case, partner and tool gives them the most value on top of their data.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of AWS re:Invent:
(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for AWS re:Invent. Amazon Web Services Inc. and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)