We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
Your privacy choices
We display ads relevant to your interests on AWS sites and on other properties, including cross-context behavioral advertising. Cross-context behavioral advertising uses data from one site or app to advertise to you on a different company’s site or app.
To not allow AWS cross-context behavioral advertising based on cookies or similar technologies, select “Don't allow” and “Save privacy choices” below, or visit an AWS site with a legally-recognized decline signal enabled, such as the Global Privacy Control. If you delete your cookies or visit this site from a different browser or device, you will need to make your selection again. For more information about cookies and how we use them, please read our AWS Cookie Notice.
Konten ini tidak tersedia dalam bahasa yang dipilih. Kami terus berusaha menyediakan konten kami dalam bahasa yang dipilih. Terima kasih atas pengertian Anda.
Siemens Boosts Security Visibility Across 800+ AWS Accounts Using Amazon Security Lake
Learn how Siemens streamlines its security operations by centralizing security data using Amazon Security Lake.
0+
accounts governed centrally using Amazon Security Lake
0%
reduction in data volumes from optimized logging strategy
0%
reduction in time to identify root causes of issues
About Siemens
Siemens is a technology company focused on industry, infrastructure, transport, and healthcare. The company creates technology with purpose, adding real value for its customers.
Siemens, a large industrial manufacturing and technology company, centralized its security data to improve visibility across more than 800 Amazon Web Services (AWS) accounts. The company streamlined manual efforts by adopting Amazon Security Lake, which automatically centralizes security data in a few steps.
Opportunity | Using Amazon Security Lake to Centralize Security Data for Siemens
Siemens creates technologies that empower industry, infrastructure, transport, and healthcare. The company’s Foundational Technology division provides services for its developers to securely build and deploy software.
The Cloud Security Operations team in this division is responsible for more than 800 AWS accounts but lacked the capacity to store high-volume security logs in its centralized storage. Siemens had developed custom automations to send logs from AWS CloudTrail—which tracks user activity and API usage on AWS—and Amazon Virtual Private Cloud (Amazon VPC)—used to define and launch AWS resources in a logically isolated virtual network—to Splunk, an AWS Partner. However, these custom solutions were insufficient. The security team manually migrated other logs to Splunk based on ticketing requests. “It could take several weeks to turn requests around manually,” says Pedro Borges, senior security engineer at Siemens.
Recognizing the potential to transform its security operations, Siemens beta tested and adopted Amazon Security Lake. The company also began using Cribl, an AWS Partner, to extract and aggregate specific data fields for analysis and monitoring in Splunk.
Solution | Enhancing Visibility by Rapidly Deploying Amazon Security Lake
“After we saw how efficiently we could send data from Amazon Security Lake to Splunk using Cribl, the ball started rolling fast,” says Scott Schwartz, software engineering senior manager at Siemens. “This rapid integration of diverse data sources has given us unprecedented visibility into our security landscape.”
This efficiency created a swift transformation of Siemens’ security infrastructure. Now, the company can onboard new security logs in 1–2 days without manually migrating the data. Within 1 year, Siemens had integrated multiple high-value, high-volume data sources, including Amazon VPC Flow Logs; server access logs from Amazon Simple Storage Service (Amazon S3), an object storage service; and logs from AWS WAF, which protects web applications from common exploits.
Outcome | Elevating Cybersecurity While Reducing Data Volumes by 90 Percent
Siemens’ centralized operational data empowers its security teams to shorten its mean time to resolve. In one investigation, Siemens identified what data in Amazon S3 was impacted in an event within 10 minutes as opposed to several days. “Our team has more confidence now that we’re collecting these logs and monitoring for security use cases,” says Borges.
Siemens ingests 5–7 TB of security data daily into Amazon Security Lake, then uses Cribl to forward only the most relevant 600 GB of data to Splunk for detailed analysis, a 90 percent reduction. Siemens saved 1.3 million dollars annually while aggregating more logs.
“Using Amazon Security Lake, we have dramatically improved visibility across our entire AWS infrastructure. We can ingest multiple data sources into Splunk and run threat detections against our data in AWS, which helps us satisfy our compliance requirements,” says Schwartz. “This service will help us stay ahead of potential threats while managing the complexity of our large-scale AWS environment.”
