AWS launches data lake to help you spot your next big security threat

aws reinvent 2022
(Image credit: Future / Mike Moore)

Amazon Web Services (AWS) has revealed a new security-focused data lake service aimed at helping users get more out of their security information.

The new Amazon Security Lake service looks to centralize all of an organization’s security data from across a number of different sources, whether from the cloud or on-premise, in one place, in order to drill down precisely into security threats.

Announced at AWS re:Invent 2022, Amazon Security Lake is built on Amazon S3, and can be created, “in just a few clicks”, and will make it easy for security teams to automatically collect, combine, and analyze security data at petabyte scale.

Amazon Security Lake

“Security data is usually scattered across your environment from applications, firewalls and identity providers,” AWS CEO Adam Selipsky said during his opening re:Invent keynote.

“To uncover insights like coordinated malicious activity into your business, you have to collect and aggregate all of this data, make it accessible to all of the analytics tools that you use to support threat detection, investigation and incident response — and then keep the data pipelines updated and continuously do that as events evolve. What this adds up to is that what you really want is a tool that makes it easy to store, to analyze, to understand trends and to generate insights from security data.”

The launch could signify a major step forward for AWS’ security prowess, with the new platform bringing together a number of its existing data analytics and management services.

Once created, users will be able to bring in data from the likes of GuardDuty, CloudTrail and Lambda,  giving users the opportunity to run queries using Amazon Athena, OpenSearch and SageMaker.

Security Lake conforms to the AWS-headed Open Cybersecurity Schema Framework, meaning it can bring together data from a number of the world’s largest tech firms, as well as integrate up to 50 third-party partner analytics systems.

“Customers must be able to quickly detect and respond to security risks so they can take swift action to secure data and networks, but the data they need for analysis is often spread across multiple sources and stored in a variety of formats,” said Jon Ramsey, vice president for Security Services at AWS.

“Amazon Security Lake lets customers of all sizes securely set up a security data lake with just a few clicks to aggregate logs and event data from dozens of sources, normalize it to conform with the OCSF standard, and make it more broadly usable so customers can take action quickly using their security tools of choice.”

Amazon Security Lake is available now in preview across US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Dublin), with availability in additional AWS Regions coming soon.

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.