IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
IBM Security and AWS have a strong history of collaboration and interoperability between we’re excited to make Amazon Security Lake support available in our QRadar portfolio.
IBM QRadar SIEM customers can already integrate natively with 9 AWS services delivered via a variety of AWS data collectors such as Kinesis or Cloudwatch Events. In addition to the over 700 integrations with hybrid security products and infrastructure available across the IBM QRadar Threat Management portfolio.
When subscribed to Amazon Security Lake, customers can use it as an alternative integration method with IBM QRadar SIEM and leverage its advanced threat detection and correlation. Amazon Security Lake will provide a way for customers to consolidate CloudTrail management events, Route 53 Resolver query logs.
Additionally, many other third-party security logs and findings will be available to IBM QRadar via the Amazon Security Lake. IBM has also added support for a Unified Analyst Experience (UAX) capability for Amazon Security Lake, so historical information based in Security Lake can be for threat hunting or investigation. This functionality leverages the innovative federated search capability of STIX Shifter from the Open Cybersecurity Alliance. https://opencybersecurityalliance.org
AWS Security Lake Features
Some key ways that Security Lake helps centralize, manage, and subscribe to security-related log and event data include:
To learn more, please visit the AWS Security Lake user guide.
The security community had yet to have an agreed-upon data model for logs and alerts for years, but each vendor would typically develop their own. This was until Open Cybersecurity Schema Framework (OCSF) was introduced, developed, and supported by AWS, Splunk, IBM Security, and 15 other leading security and IT vendors, developed and released a common schema of data representation in August of 2022. Amazon Security Lake implements OCSF as a core part of the product to simplify compatibility with other solutions.
Open Cybersecurity Schema Framework is an open-source effort to create a common schema for security events across the cybersecurity ecosystem.
One of the primary challenges of cybersecurity analytics is that there is no common and agreed-upon format and data model for logs and alerts. There are *many* models that exist, including some open ones like STIX, OSSEM, and the Sigma taxonomy. The challenge to date is that none of these have become widely adopted by products for logging and event purposes, and thus they require a lot of manual work to get value from. With OCSF, we are now at a moment where we have that critical mass as well as a genuine willingness to tackle these challenges.
OCSF is a public project hosted on GitHub, with a governance committee made of participants throughout the industry, with the initial working list of categories.
Please, let me know if your team will be using these integrations. Your feedback is what fuels our continuous development.
#Featured-area-2-home#Featured-area-2
By
Olga Hout
posted