Content, Cloud Security

FAQ: What Is Amazon Security Lake? 10 Things to Know for MSPs, MSSPs and AWS Partners

LAS VEGAS, NEVADA – NOVEMBER 30: Attendees walk through an expo hall during AWS re:Invent 2021, a conference hosted by Amazon Web Services, at The Venetian Las Vegas on November 30, 2021 in Las Vegas, Nevada. (Photo by Noah Berger/Getty Images for Amazon Web Services)

Amazon Security Lake, a new cloud service that centralizes security data, surfaced at the AWS re:Invent 2022 conference. But what exactly is Amazon Security Lake, and how can the new AWS service potentially help MSP and MSSP partners to safeguard customer assets?

With those questions in mind, we've prepared this FAQ for our readers:

1. What are Amazon Security Lake's potential benefits to customers and partners?: Security analysts and engineers can use the service to "aggregate, manage, and optimize large volumes of disparate log and event data," AWS said. The service  can "enable faster threat detection, investigation, and incident response to effectively address potential issues quickly, while continuing to utilize their preferred analytics tools," AWS added.

2. What standards does Amazon Security Lake support? It converts incoming security data to the Apache Parquet format, and conforms it to the Open Cybersecurity Schema Framework (OCSF). Those standards, proponents assert:

  • Provide efficient data storage and retrieval. and
  • make it easier to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party enterprise security data sources.

3. What underlying technologies does the security lake leverage? The new service leverages Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation to automatically set up security data lake infrastructure in a customer’s AWS account.

4. Does Amazon Security Lake support third-party analytics tools?: Once ingested and normalized, customers can use their preferred security and analytics tools, AWS said. The analytics options include Amazon Athena, Amazon OpenSearch, and Amazon SageMaker, along with third-party solutions such as IBM, Splunk, or Sumo Logic, the cloud provider said.

5. Dozes Amazon Security Lake support third-party data sources? Yes. The platform supports more than 50 third-party data sources -- including solutions and services from Cisco Systems, CrowdStrike, and Palo Alto Networks, the company said.

Partners announcing support for the security lake include Barracuda, Cribl, Datadog, Lacework, Laminar, Securonix and Sumo Logic, among others.

6. Which MSSPs support Amazon Security Lake? It's too soon to say. But for some potential answers to that question, keep an eye on the AWS Security Hub Partners -- which includes a growing list of MSSP relationships.

7. What size customers can run Amazon Security Lake? The solution is designed for "customers of all sizes," according to Jon Ramsey, VP of security services at AWS.

8. Where is Amazon Security Lake available?: As of November 2o22, the cloud service is in preview in US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), and Europe (Dublin), with availability in additional AWS Regions coming soon, the company said. Exact commercial availability was not disclosed, however.

9. What are some Amazon Security Lake alternatives and rival options? In some ways, Amazon Security Lake may compete against Microsoft Azure Data Lake, Snowflake, Databricks LakehouseDelta Lake and  Apache HUDI, among others, MSSP Alert believes. Microsoft, for instance, says its Azure Data Lake "works with existing IT investments for identity, management, and security for simplified data management and governance."

10. How much does Amazon Security Lake cost?: AWS did not announce pricing for the service.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.