What do you need to know following the announcement of the integration of Vectra’s Attack Signal Intelligence into Amazon Security Lake?
AWS (Amazon Web Services) Security Lake allows customers to build a security data lake from an integrated cloud and on-premises data sources as well as from their private applications. With support for the Open Cybersecurity Schema Framework (OCSF) standard, Amazon Security Lake reduces the complexity and costs for customers and makes their security solutions data accessible to address various security use cases, such as threat detection, investigation, and incident response. Amazon Security Lake also helps organizations aggregate, manage, and derive value from log and event data in the cloud and on-premises to give security teams greater visibility across their organizations.
One of the key customer challenges we have identified is the problem of “more”: more attacks, more methods, more rules, and more tools. The answer to more is not more; what customers need are solutions that are simpler and more tightly integrated. The only thing people want more of is the best Attack Signal Intelligence™ on the planet to detect and respond to cyberattacks in real time.
We use the Open Cybersecurity Schema Framework (OCSF) for integration, which sets the standard for a security finding and simplifies all aspects of a company’s security workflows. Vectra’s AWS coverage can be added to Amazon Security Lake in a matter of minutes.
By integrating into Amazon Security Lake and using the OSCF standard, Vectra’s Attack Signal Intelligence is delivered in a format that aligns perfectly with every other signal your company has. This means that your day-to-day operations will be more efficient and effective instead of having to handle more integration points and more methodologies.
Once our automated installation process starts to monitor your environment for malicious CloudTrail activity, and once anything malicious is detected, security findings are returned immediately to the Amazon Security Lake to be investigated and responded to.
OCSF sets a robust, scalable framework for communicating any security data. Vectra’s Attack Signal Intelligence is unique in that our security-led AI (Artificial Intelligence) often attributes malicious activity occurring in an AWS account to an actor in a completely different AWS account, region, or even back through single sign on through an Identity Provider.
This attribution technology is critical for analysts to gain a clear understanding of what the expected behavior of any actor might be.
Integrating our Attack Signal Intelligence with open-source OCSF communications into the Amazon Security Lake provides customers with a consolidated and simplified approach to threat detection, investigation, and response. Amazon customers can simply add Vectra’s solution in minutes and see a fast time-to-value.
“Amazon Security Lake ingests data from many sources to help customers investigate and respond to security threats. The native integration provides Security Lake users with the power of Vectra's Attack Signal Intelligence™ powered by AI. Best-of-breed data integration is a key to developing and delivering best security use cases."