Trellix, a multinational cybersecurity company headquartered in California, USA, has expanded its support for Amazon Security Lake, a service that consolidates security data from the cloud, on-premises, and custom sources. This would give clients centralized visibility and prompt resolution of security concerns. In addition to better protecting AWS clients’ workloads, applications, and data, this service is meant to make the delivery of Trellix XDR solutions more superficial and efficient.
Amazon Security Lake is a service that automatically centralizes an organization’s security data from across their AWS environments, leading SaaS providers, on-premises, and cloud sources into a purpose-built data lake, allowing customers to act on security data faster and simplifying security data management across hybrid and multi-cloud environments.
Expanded support for Amazon Security Lake by the cybersecurity company makes it possible for AWS clients to integrate their security data lake into the Trellix XDR security operations platform in accordance with the Open Cybersecurity Schema Framework (OCSF).
Additionally, Trellix users may merge data from hundreds of sources with Amazon Security Lake data using the OCSF schema. Therefore, users of both AWS and Trellix can easily integrate Trellix’s machine learning (ML), threat intelligence, and predictive analytics into their security infrastructures to improve attack detection and response times.
Read also: Nigeria Allocates N2.6 Billion For Aviation Security
ASL and Trellix users can save security data on other sources in ASL
Senior VP of Global Channels and Commercials of Trellix Britt Norwood said, “The amount of data available to any enterprise today is staggering. Without a centralized method of managing and storing such data, it is difficult for customers to get the insights necessary to keep data secure. By partnering with Amazon Security Lake, we can provide our clients with better, more consolidated insight into their security situation and speed up the process of fixing any problems that arise”.
General Manager for Amazon Security Lake at AWS Rod Wallace stated, “With security at the forefront, we are relentlessly focused on innovating to deliver new ways to help customers secure their entire enterprise.” Customers who leverage both Amazon Security Lake and Trellix can save security data from AWS, Trellix, and other sources in Amazon Security Lake before sending it on to Trellix for in-depth analysis and incident response.
“Working with Trellix and AWS has made it easy for us to manage analysis supporting our Hive-IQ platform,” stated Laura Nolan, Executive Vice President of TeamWorx Security. “We are continually impressed with how Trellix and AWS deliver new and innovative ways to help us stay secure within cloud environments.”
Customers may easily integrate Trellix’s ML-based threat intelligence and predictive analytics into their own systems to get insights for more rapid threat mitigation. To facilitate the collection, combination, and analysis of security data from over 80 sources, including AWS, Amazon Security Lake transforms the incoming security data to OCSF standards.
What to know about OCSF
The Open Cybersecurity Schema Framework (OCSF) is a collaborative, open-source initiative led by AWS and prominent cybersecurity industry partners. OCSF establishes versioning requirements for common security events, offers a standard schema for common security events, and contains a self-governance procedure for security log producers and consumers. OCSF’s public source code is available on GitHub.
Security Lake translates logs and events from natively supported AWS services to the OCSF model automatically. After converting the data to OCSF, Security Lake stores it in an Amazon Simple Storage Service (Amazon S3) bucket (one bucket per AWS Region) in your AWS account. Custom-written logs and events to Security Lake must comply with the OCSF schema and an Apache Parquet format. Subscribers may use logs and events as generic Parquet records or use the OCSF schema event class to understand the information in a record better.