Nov 30, 2022
As more customers continue to scale with Amazon Web Services (AWS), the use of security and analytic solutions becomes more necessary and prevalent. These solutions generate large amounts of valuable data, however, the data can only be valuable if stored and used correctly. For this reason, many organizations are quickly creating large security data lakes to aggregate, manage, analyze, and search through all this data – giving security teams greater visibility and comprehensive security across their organizations.
As an AWS Software Partner, Orca Security integrates with Amazon Security Lake to supply cloud security data and telemetry to Amazon Security Lake with support for the Open Cybersecurity Schema Framework. With the Orca Unified Data Model and agentless technology to cover all of your AWS assets, data, identities, and workloads, organizations can supercharge their cloud security data lakes by feeding Orca’s context-rich and comprehensive cloud security data to Amazon Security Lake.
Today, AWS announced their newest service offering, Amazon Security Lake. Amazon Security Lake automatically centralizes an organization’s security data from cloud, on-premises, and custom sources into a customer owned purpose-built data lake.
Security Lake is one of the many solutions that now supports the Open Cybersecurity Schema Framework (OCSF), an open industry standard, making it easier to normalize and combine security data from AWS and dozens of enterprise security data sources. Amazon Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. Amazon Security Lake helps organizations aggregate, manage, and derive value from log and event data in the cloud and on-premises to give security teams greater visibility across their organizations.
Customers that have Amazon Security Lake configured can send Orca Security data in OCSF format to Amazon Security Lake. Amazon Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs.
Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data.
Orca Cloud Detection and Response (CDR) analyzes real-time cloud events and behaviors, providing 24×7 monitoring of cloud provider logs and threat intelligence feeds. By uniquely combining this information with Orca’s insights into existing risks found in cloud workloads and configurations, and the location of the company’s most critical assets, Orca quickly recognizes which anomalies indicate malicious intent and how dangerous they could potentially be.
Creating and pushing those contextual alerts to the Amazon Security Lake Open Cybersecurity Schema Framework (OCSF) will provide the Security Operations Center (SOC) and Incident Response (IR) teams with contextualized data on potentially malicious events; enabling security teams to rapidly accelerate investigation, triage, and response to cloud threats.