Use AWS AppFabric to simplify observability of SaaS app data
As organizations continue to digitally transform, there is higher demand than ever for software-as-a-service (SaaS) applications that help employees communicate and collaborate. (Just think of the various apps you’ve used at work today!) Studies show that large organizations license an average of over 100 applications. Security and IT professionals want to achieve observability of all of these apps, including the ability to quickly understand who their app users are, what permissions they have, and what actions they take. This data is vital for their ability to respond quickly to any security incidents. However, SaaS application data formats are highly varied and do not adhere to a common format or schema, which makes it challenging for security teams to get data into their preferred security tool. Some organizations build point-to-point integrations with each SaaS application in order to get the data into a common format that can be used in a security tool, but it can take weeks or months to build each integration, in addition to continued maintenance costs over time. This means that security and IT teams have to spend a lot of their time on data normalization and maintenance, rather than monitoring and threat detection.
At AWS re:Invent 2023, we will present a Chalk Talk titled “BIZ307: Use AWS AppFabric to enhance your security posture at reduced cost”, where we will discuss how AWS AppFabric helps to solve these security challenges. Join this session to learn how AppFabric uses the Open Cybersecurity Schema Framework (OCSF) to normalize, enrich, and centralize SaaS audit log data. With AppFabric, security and IT teams can easily integrate data with their preferred security tool and spend more time on meaningful tasks like investigating security events and taking any mitigating actions. AWS AppFabric is a fully managed service that connects SaaS applications to work better together.
In this Chalk Talk, we will dive into the details of how AppFabric breaks down audit logs into components and maps those into OCSF attributes like categories, event classes, and activities in order to normalize SaaS data into a common schema. We’ll also show how AppFabric enriches each application’s audit log data with a user email address so that security teams can speed up incident response times, and how AppFabric automatically delivers these normalized and enriched audit logs to either Amazon Simple Storage Service (Amazon S3) or Amazon Kinesis Data Firehose.
Finally, we’ll discuss how to integrate this data into a security tool, such as Splunk or Rapid7, to build insight queries and dashboards that improve observability across SaaS application data. For example, security teams can set up event-based rules for situations such as when users get elevated admin privileges, or when settings on apps are changed to enable public sharing of content. These tools help security teams see data such as traffic by application, activity by individual actors, and timelines of activity.
To learn more, please join us at re:Invent 2023, and join the discussion. Add BIZ307 to your re:Invent schedule, and come chat with us about how AWS AppFabric can help you simplify SaaS data observability!