New Blog --> Crushing False Positives: Supercharging SOC Efficiency with Smarter Threat Intel
New Blog --> Crushing False Positives: Supercharging SOC Efficiency with Smarter Threat Intel
Start Free Trial

ChaosSearch Blog

6 MIN READ

Amazon Security Lake & ChaosSearch deliver security analytics with industry-leading cost & unlimited retention

Streamline Security Analytics with Amazon Security Lake & ChaosSearch
6:11

Amazon Security Lake is a new service from Amazon Web Services (AWS) that is designed to help organizations improve their security posture by automating the collection, normalization, and consolidation of security-related log and event data from integrated AWS services and third-party services (Source Partners). By centralizing all the security data in a single location, organizations can gain greater visibility and identify potential threats more quickly.

Security Lake automatically orchestrates the end-to-end process from data lake creation and data aggregation to normalization and integration. The new service builds the security data lake using Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation to automatically set up security data lake infrastructure in a customer’s AWS account, providing full control and ownership over the normalized security data.

For normalization purposes, Security Lake leverages the Open Cybersecurity Schema Framework (OCSF) schema, an open data standard developed by the Open Cybersecurity Alliance, aimed to standardize the way security data is collected, analyzed, and shared across different cybersecurity tools and platforms. After ingesting data, customers can derive value from data in Amazon Security Lake via analytics either through Amazon Athena or Subscriber Partners, third-party partners of Security Lake.

 

ChaosSearch Becomes Security Lake Subscriber Partner

ChaosSearch has become an Amazon Security Lake Subscriber Partner to allow customers to analyze all their data straight from their Amazon S3 via Elasticsearch API/OpenSearch Dashboards or Trino API/Superset without retention limits with an industry-leading price.

 

ChaosSearch and Amazon Security Lake Architecture

 

ChaosSearch's unique architecture brings several advantages for customers:

 

S3-native means unlimited retention at a fraction of the cost

ChaosSearch connects to the customer’s Amazon S3 and uses it as the only storage for the solution. It means that customers can break free from retention limits and enjoy immediate access to all their data for querying and analysis. Unlike traditional solutions that require data to be reloaded (or re-hydrated) from cold or warm tiers, due to the complexity and cost of holding the entire dataset active, ChaosSearch keeps all the data "hot" and ready for immediate querying. And that with industry-leading price (with 50-80% savings at scale), including a consumption-based model where you pay for only the compute / workers you use (so your ingest volumes don’t break the bank).

 

Analytical Flexibility with Native Search and Relational (SQL) access

ChaosSearch provides the flexibility to access and query data through search and SQL either via API (Elasticsearch API & Presto/Trino API) or in the ChaosSearch console (with OpenSearch Dashboards & Superset embedded). This allows customers to efficiently hunt or build dashboards with OpenSearch Dashboards or analyze data across streams with native relational join support via Superset (e.g. for dynamic threat hunting based on the latest threat intelligence at query time), allowing users to use the tool they want to both proactively hunt for vulnerabilities or meet their compliance reporting needs.

 

OpenSearch Dashboards in ChaosSearch

 

Efficiency & Flexibility Expand the Possibilities of Security Lake

ChaosSearch was built for scale. It provides efficient indexing, with minimal cost to make tens of TB/day per stream available for querying in near real-time (1 minute time to glass); as well as generic flexible data normalization, with native nested JSON support via JSON Flex. This allows you to expand the possibilities of Amazon Security Lake. On the one hand, it allows you to analyze all your security logs alongside application logs & any other telemetry data, so you can have an end-to-end view of a potential threat’s footprint. On the other hand, besides leveraging the power of OCSF schema, it also allows customers to analyze unmapped fields as they’re created, regardless of their flat structures or nested arrays, so you can have a fast time-to-value across security logs as new data is indexed.

 

Fully-managed service built with security-first principles

ChaosSearch is provided as a fully managed solution, so customers don't need to invest time or money in managing the tool, and can focus on what really matters - proactively analyzing their security data to protect the organization from potential threats. Its unique Amazon S3-native stateless & serverless architecture was built from the ground up with security-first principles, with all data staying in customers’ S3, granular RBAC with SSO integration for full control over access, and superior cost-effectiveness without retention limits so customers can have the full picture in one centralized location. Customers can centralize all their log & event data & explore them as they need without the cost, retention or analytical limitations of traditional tools so that security teams can face the ever-challenging threat & compliance environment.

 

Better together

Overall, consolidating and analyzing logs from multiple cybersecurity tools and services can be a complex and challenging task for many organizations. To effectively manage this process and make the most of your security data, combining Amazon Security Lake with ChaosSearch can streamline the security operations by standardizing the way that security data is collected and reducing the time and effort required to process and analyze. As a result, organizations can improve their ability to identify potential threats and enhance collaboration and communication around security issues, all at a fraction of the cost of alternative solutions at scale.

 

Ready to Get Started?

Start a free trial of ChaosSearch and connect to your Amazon Security Lake and start exploring your security data in just a few minutes.

For more information and details about the integration, please check the Integration Guide.

About the Author, Sandro Lima

Sandro Lima is an Alliances Solutions Architect at ChaosSearch. In this role, he works closely with the hyperscalers cloud service providers and ISV partners to build joint solutions and help customers solve their main challenges around data analytics. Experienced in a wide range of IT technologies, he has a particular focus to cloud computing and data analytics. Whenever away from the keyboard, Sandro is having fun with the family or training for triathlon races. More posts by Sandro Lima