What is Amazon Security Lake?
Amazon Security Lake is a centralized security data lake that automatically collects, normalizes, and stores log and event data from AWS services, SaaS providers, and on-premises sources. The service uses the Open Cybersecurity Schema Framework (OCSF) to bring data from different sources into a unified format.
Security Lake is built on Amazon S3 and uses AWS Lake Formation for access control. Security teams can access the normalized data with any analytics tools without having to build custom data pipelines.
Core Features
- OCSF Normalization: Automatic conversion of all security data into the open OCSF format
- Native AWS Integration: Automatic collection of CloudTrail, VPC Flow Logs, Route 53, and Security Hub data
- Third-Party Sources: Integration with over 80 security vendors including CrowdStrike, Palo Alto, and Splunk
- Subscriber Model: Controlled data access for analytics tools and SIEM systems
- Multi-Account and Multi-Region: Centralization across AWS Organizations
Typical Use Cases
Security Operations Center (SOC): Security teams analyze all security data in one central location. OCSF normalization eliminates the need to manually correlate different log formats.
Threat Hunting: Security analysts search historical security data using Athena or other query tools. The unified data structure significantly accelerates investigations.
Compliance Reporting: Regulated organizations use Security Lake as a central source for audit trails and compliance evidence across all AWS accounts.
Benefits
- Unified data format eliminates silos between security tools
- Automatic collection without manual pipeline development
- Cost-effective long-term storage on S3
- Open format avoids vendor lock-in for analytics tools
Integration with innFactory
As an AWS Reseller, innFactory supports you with Amazon Security Lake: architecture design for multi-account setups, third-party source integration, analytics pipeline development, and compliance reporting.
Typical Use Cases
Frequently Asked Questions
What is Amazon Security Lake?
Amazon Security Lake is a managed service that automatically collects security data from AWS environments, SaaS providers, and on-premises sources into a central data lake in Open Cybersecurity Schema Framework (OCSF) format.
What is the OCSF format?
The Open Cybersecurity Schema Framework (OCSF) is an open standard for normalizing security data. Security Lake automatically converts data from various sources into this unified format for easier analysis.
Which data sources are supported?
Security Lake natively collects data from CloudTrail, VPC Flow Logs, Route 53 Resolver Logs, Security Hub, and S3 Access Logs. Third-party integrations support additional sources like firewalls, endpoint security, and identity providers.