To make security analytics easier, Amazon Web Services is introducing Amazon OpenSearch Service and Amazon Security Lake integration.
The zero-ETL interface between AWS Security Lake and Amazon OpenSearch Service is now generally available. By simplifying intricate data engineering requirements and maximizing the value of security data, this integration helps organizations to effectively search, analyze, and derive actionable insights from their security data. This novel approach to in-place query and log analysis in AWS Security Lake lowers the operational overhead of managing custom data pipelines and minimizes the requirement for duplicate data. By querying your Security Lake data directly, you can avoid the expenses associated with data migration.
Amazon OpenSearch Services Integration
Integration of Zero-ETL with Amazon OpenSearch Service
As data quantities grow exponentially, organisations are finding it harder to derive business and operational insights from their data. They find it difficult to meet the expectations of trend analysis, data transformation, and data input. Resource limitations, ineffective ETL procedures, and siloed data sources prevent organisations from making good use of their data.
Businesses desire to get insights from their data without having to deal with data duplication or relocation, or with transferring data through operationally complicated tools and procedures. In order to collect, standardize, and preserve data for business insights—which may call for specialized knowledge to derive value organizations employ specialized technologies. AWS clients are looking for a straightforward, cost-effective solution that prevents data duplication, removes data transmission expenses, and functions for all users without requiring a lot of training.
Customers may now use the well-known full text search features outside of their OpenSearch Serverless collections by directly querying external data sources with Amazon OpenSearch Service Zero-ETL connectors and ingestion capabilities. For ingesting and analyzing data from several AWS data sources, Zero-ETL in Amazon OpenSearch Service offers a scalable and economical solution, facilitates real-time data analysis, and streamlines your data integration process. In addition to lowering expenses and operational complexity, this lets you fully utilize your data to make quicker, better-informed decisions.
Amazon Security Lake
Centralise your security data automatically in a few simple steps.
AWS Security Lake: What is it?
Security information from on-premises, cloud, SaaS, and AWS environments is automatically consolidated into a custom data lake that is kept in your account by AWS Security Lake. You can gain a more thorough picture of your organization’s security data by using Security Lake. Additionally, you may strengthen the security of your data, apps, and workloads. The Open Cybersecurity Schema Framework (OCSF) is an open standard that AWS Security Lake has embraced. The service integrates and normalizes security data from several enterprise security data sources, including AWS, with the help of OCSF.
Amazon Security Lake’s advantages
Utilize the analytics tools of your choice
While maintaining total control and ownership over your security data, analyze it using the analytics tools of your choice.
Concentrate data visibility
Organise your accounts’ and AWS Regions’ data visibility from both on-premises and cloud sources.
Simplify your data administration
By standardising your security data to an open standard, you can streamline your data administration at scale.
Manage and optimize your security information
Manage and optimise your security data for better query and storage performance.
Use cases
Rapidly examine security data spanning several years
Utilise your favourite security analytics tools to centralise petabytes of data from on-premises, cloud, and bespoke sources in your Amazon S3 buckets.
Make compliance reporting and monitoring easier
Centralise security data into one or more rollup regions with ease to facilitate compliance reporting and monitoring.
Increase the visibility of your security investigations to make them easier
Increase the visibility of your security personnel so they can start in-depth security investigations and react quickly to security problems.
Streamline the management of security data in hybrid situations
To improve incident response procedures and fortify security, provide incident responders with customized playbooks.
You may query and view your data in AWS Security Lake using the robust analytics features of OpenSearch Dashboards with the OpenSearch Service zero-ETL connection. In order to assist with threat-hunting and investigation scenarios, you may also analyze numerous data sources using a single tool and a single schema, the Open Cybersecurity Schema Framework (OCSF) model.
When you require quick and frequent access to a portion of your data for time-sensitive investigations and monitoring, you may optionally improve query performance by turning on extra accelerations like indexed views and dashboards in Amazon OpenSearch Service. Regardless of the log volume, these features give you full visibility into all of your data stored in AWS Security Lake to aid in security investigations, improve your comprehension of your security posture, and obtain insights that are pertinent to security.
Currently accessible
The US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Paci¬�c (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), South America (São Paulo), and Canada (Central) AWS Regions now offer Amazon OpenSearch Service zero-ETL integration with Amazon Security Lake.
In addition to storing indexes in OpenSearch Service, OpenSearch Service charges separately for the computation required (as OpenSearch Compute Units) to query your external data. See Amazon OpenSearch Service Pricing for additional details.