Jackie McGuire is a Senior Market Strategy Manager at Cribl, focused on the security mark... Read Moreet. Prior to joining Cribl, Jackie was a Research Analyst with S&P Global, writing, speaking, and providing thought leadership on information security and Web3. Jackie has also worked as a data scientist in cybersecurity, developing behavior analysis and anomaly detection models, been co-founder, CEO, and CFO for several startups, and before her work in technology, was a licensed securities broker and SEC Registered Investment Advisor. Read Less
We’re excited to announce that Cribl integrates with Amazon Security Lake from Amazon Web Services (AWS). Now generally available, Amazon Security Lake allows customers to build secure data storage from integrated cloud and on-premises data sources, as well as their private applications, using the Open Cybersecurity Schema Framework (OCSF). OCSF is a new industry standard initiative for the normalization of security telemetry announced in August 2022. AWS Partners and customers can use Cribl to ingest data from any third-party source, seamlessly convert it into OCSF, and route it to Amazon Security Lake.
To protect their organizations, security professionals need to move at the speed of technology. Monitoring, detecting, and responding to threats in a rapidly evolving landscape requires teams to quickly analyze telemetry and log data across multiple tools, technologies, and vendors. As if this challenge weren’t enough, teams must balance the need to collect enough data to effectively secure their organizations with the cost of storing and searching that data.
According to Cribl’s State of Security Data Management 2022 Report, nearly two thirds of survey respondents are managing over 30 data sources. And each data source has its own formats, fields, and syntax. Incompatible or unsupported formats from one tool to the next leave many customers struggling to leverage insights from their data. Forget that noise.
Amazon Security Lake helps organizations aggregate, manage, and derive value from log and event data in the cloud and on-premises, giving security teams greater visibility across their organizations and reducing the complexity and costs for customers to access and manage their security data. Customers can use the security and analytics solutions of their choice to simply query data in place or ingest the OCSF-compliant data for threat detection, investigation, and incident response.
While Amazon Security Lake natively supports the OCSF standard for Amazon’s own products, Cribl is the only launch partner actively helping customers get data from any 3rd party source and transform it to OCSF complete with the partitioning and format (parquet) required. Customers then have the choice and control to route it to Amazon Security Lake, and any additional OCSF-enabled tools.
“The integration between Cribl and Amazon Security Lake is essential in accelerating data onboarding from third-party sources and providing customers with a comprehensive overview of their organization. With Cribl, customers have the ability to format and shape their data, allowing them to utilize Amazon Security Lake or send it to any analytics tool. As customers evaluate Amazon Security Lake, they rely on Cribl to search, route, optimize, and transform data efficiently.”
– Rod Wallace, General Manager for Amazon Security Lake
Centralizing data from on-premise and cloud sources in a storage solution purpose-built for quickly normalizing, managing, and searching data is critical for protecting the modern enterprise, delivering improved protection of workloads, applications, and data, and driving visibility across the organization.
With Cribl, AWS customers gain the freedom to choose from any of the OCSF-enabled tools and services that meet their needs without having to reformat their data on their own through the following capabilities:
Cribl and Amazon Security Lake Architecture
“With the explosion of data and the rapidly changing security climate, security teams struggle to continuously monitor, detect, respond to, and mitigate threats,” said Abby Strong, SVP of Customer Experience and Marketing at Cribl. “Together with Amazon Security Lake, we’re excited to give AWS customers the freedom to ingest data from anywhere and then route it to Amazon Security Lake or any of the OCSF-enabled tools that meet their needs. Cribl makes it easy to get data in and search it to gain insights directly from an Amazon Security Lake.”
Here are some examples of how this integration helps you take back control over your security data:
Learn how Cribl can help you with your AWS use case with a custom demo.
Leverage our AWS-validated open source Cribl Packs and our Amazon Security Lake destination tile to get started quickly. Use Cribl’s no-code intuitive UI to transform any event into OCSF-compliant formats and send them to the best destination, or multiple destinations to deliver your desired security, compliance, and analytics outcomes.
Here are the Cribl Packs that are being mapped to OCSF today: