Posted On: May 30, 2023

Today, AWS announces the general availability of Amazon Security Lake. This service automatically centralizes security data from AWS environments, SaaS providers, on-premises environments, and cloud sources into a purpose-built data lake stored in your account. Security Lake makes it easier to analyze security data, gain a more comprehensive understanding of security across your entire organization, and improve the protection of your workloads, applications, and data. Security Lake automates the collection and management of your security data from multiple accounts and AWS Regions, so you can use your preferred analytics tools while retaining complete control and ownership over your security data. Security Lake has adopted the Open Cybersecurity Schema Framework (OCSF), an open standard. With OCSF support, the service normalizes and combines security data from AWS and a broad range of enterprise security data sources.

Once enabled, Security Lake automatically creates a security data lake in each selected Region and optionally rolls up your data in one or multiple Regions for central access. AWS log and security data sources are automatically collected in your Amazon Simple Storage Service (S3) bucket for existing and new accounts. They are normalized into the OCSF format, including AWS CloudTrail management events, Amazon Virtual Private Cloud (VPC) flow logs, Amazon Route 53 Resolver query logs, and security findings from over 50 solutions integrated through AWS Security Hub. You can also add data from third-party security solutions, other cloud providers, and your own custom data that supports the OCSF format. Security Lake manages the lifecycle of your data with customizable retention settings and storage costs with automated storage tiering.

For information on Security Lake Regional availability, see the Amazon Security Lake endpoints page.