Torc Robotics Centralizes Security Logging Using Amazon Security Lake

In the rapidly evolving cloud infrastructure landscape, companies often face the growing challenge of consolidating application and security logs from diverse sources. This challenge was particularly acute for autonomous-driving company Torc Robotics (Torc) as its cloud footprint grew. The manual process of gathering and updating existing integrations for various logs across regions was both time-consuming and resource intensive. In response, Torc implemented a managed solution using Amazon Web Services (AWS).

In November 2022, AWS announced Amazon Security Lake, which automatically centralizes security data from AWS environments, software-as-a-service providers, on premises, and cloud sources into a purpose-built data lake. Torc immediately decided to adopt the service to automate its security logging process and consolidate all security logging signals into a centralized security observability solution. Thus, the company saved time, improved observability and team confidence, and provided a cloud environment with advanced security features to support the development of its autonomous-driving solutions.

Torc was established in 2005 by a group of Virginia Tech students who were passionate about autonomous-vehicle software. In 2019, Daimler Truck acquired the company with the purpose of developing level 4 autonomous class 8 trucks for long-haul freight.

Torc has used AWS services since 2021 to create an infrastructure that supports various aspects of its operations, including coding, testing, verification, simulation, machine learning, and data acquisition. “We have a large organization within AWS, hundreds of accounts across many regions, and we wanted to do more with less,” says Jason Fox, senior engineering manager at Torc. “Our goal is always to make the development team as fast, flexible, and agile as possible while keeping data and workloads secure in the AWS environment.”

Before implementing Amazon Security Lake, Torc’s small cloud-engineering team was handling scaled solutions for logging and account management tasks on a case-by-case basis, which led to cognitive strain and inconsistencies. The team needed managed services and processes to aggregate, process, and analyze security logs to use them in security investigations. Keeping integrations up to date and building new integrations for new services consumed unnecessary time and resources.

“We were solving every little issue on its own—every little piece of security signal, configuration information, or logging for every source and method across multiple regions,” says Fox. “Handling new requests was cognitively taxing, and the autonomy of teams often meant that we missed important updates or lacked visibility to protect new developments. Amazon Security Lake was the answer for automating and centralizing the collection efforts that we were building separately and managing ourselves.”

Torc chose to adopt Amazon Security Lake and had it up and running in less than 1 day. “We double-checked to see that it worked because it was too simple,” says Fox. Thus, the company has freed up valuable engineering resources from the tedious tasks of collecting and consolidating logs from diverse AWS services and accounts. “We onboarded all three regions for all accounts at once and activated the forwarding of these events to other sources,” says Matthew Green, staff engineer at Torc. Within the same day, the team collected all logs, started aggregating them, and ingested them into Datadog, an AWS partner and Torc’s current tooling for cloud security information and event management.

With automated logging in place, Torc’s team can now focus on automation of monitoring, issue response, and remediation efforts. “We automated logging for full security coverage, helping engineers troubleshoot performance easily while reducing the need for long-term management of other automated processes,” says Green. “We saved 2,080 hours of work—that’s equivalent to freeing up an entire engineer’s time for other tasks for 1 year.”

The solution also streamlined the process of onboarding new engineers. Previously, onboarding required sharing the historical context of various accounts and sources, which often took 1–2 weeks. Now, onboarding takes 1 day. “Our engineers don’t have to worry about the history of how all those different accounts and sources were consumed because it’s a managed service,” says Green. “Amazon Security Lake collects all those sources automatically for new accounts and new regions as a new engineer is onboarded, so engineers can focus on the real value that they can deliver.”

Torc’s primary goal was to save time through log consolidation, but the company has seen additional benefits in other areas using Amazon Security Lake. “Ideally, service and app developers should focus only on logging their applications without worrying about the infrastructure, and now we’ve found significant value from an observability standpoint,” says Fox, “Seeing the full picture of why a service is broken is crucial for us.”

As new log sources are becoming available in Amazon Security Lake, Torc is looking forward to adding more value to the team through further automation of log consumption and remediation processes. The company will mainly focus on increasing enrichment and incorporating additional signals to reduce false positives. It also plans to consume more AWS sources and bring in third-party software-as-a-service logs.

“I like to treat Amazon Security Lake as a bit of a black box—there’s a lot of magic going on under the hood as a managed service,” says Green, “Our goal is to get more sources so that our engineers can spend less time on cognitive load and more time enhancing services for our customers.