Orca Security Integration with New Amazon Security Lake

Orca’s comprehensive agentless Cloud Security Platform for AWS integrates with Amazon Security Lake by sending Cloud Detection and Response (CDR) events using an Open Source Schema Framework

How AWS and Orca Security Address New Cloud Security Challenges?

As more customers continue to scale with Amazon Web Services (AWS), the use of security and analytic solutions becomes more necessary and prevalent. These solutions generate large amounts of valuable data, however, the data can only be valuable if stored and used correctly. For this reason, many organizations are quickly creating large security data lakes to aggregate, manage, analyze, and search through all this data – giving security teams greater visibility and comprehensive security across their organizations.

As the AWS Global Security Partner of the Year, Orca Security integrates with Amazon Security Lake to supply cloud security data and telemetry to Amazon Security Lake with support for the Open Cybersecurity Schema Framework. With the Orca Unified Data Model and agentless technology to cover all of your AWS assets, data, identities, and workloads, organizations can supercharge their cloud security data lakes by feeding Orca’s context-rich and comprehensive cloud security data to Amazon Security Lake.

Remove long and painful data normalization efforts
Increased data intelligence for faster and smarter decisions
Instantly become aware of prioritized anomalies and detections that may have been overlooked or missed.
Accelerate investigation, triage, and response to cloud threats.
Seamlessly aggregate, manage, and derive value from all this data.

More About Amazon Security Lake

Orca is proud to support the general availability of the newly released service offering from AWS, Amazon Security Lake. Amazon Security Lake automatically centralizes an organization’s security data from cloud, on-premises, and custom sources into a customer owned purpose-built data lake.

Security Lake is one of the many solutions that now supports the Open Cybersecurity Schema Framework (OCSF), an open industry standard, making it easier to normalize and combine security data from AWS and dozens of enterprise security data sources. Amazon Security Lake reduces the complexity and costs for customers to make their security solutions data accessible to address a variety of security use cases such as threat detection, investigation, and incident response. Amazon Security Lake helps organizations aggregate, manage, and derive value from log and event data in the cloud and on-premises to give security teams greater visibility across their organizations.

Customers that have Amazon Security Lake configured can send Orca Security data in OCSF format to Amazon Security Lake. Amazon Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs.

Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data.

Why is this Important for Orca Customers?

Orca Cloud Detection and Response (CDR) analyzes real-time cloud events and behaviors, providing 24×7 monitoring of cloud provider logs and threat intelligence feeds. By uniquely combining this information with Orca’s insights into existing risks found in cloud workloads and configurations, and the location of the company’s most critical assets, Orca quickly recognizes which anomalies indicate malicious intent and how dangerous they could potentially be.

Creating and pushing those contextual alerts to the Amazon Security Lake Open Cybersecurity Schema Framework (OCSF) will provide the Security Operations Center (SOC) and Incident Response (IR) teams with contextualized data on potentially malicious events; enabling security teams to rapidly accelerate investigation, triage, and response to cloud threats.