AWS re:Inforce 2024
Developing an Autonomous Framework with Security Lake Torc Robotics Tdr301

Title: AWS re:Inforce 2024 - Developing an Autonomous Framework with Security Lake & Torc Robotics (TDR301)

Insights:

  • Session Overview: The session focused on developing an autonomous framework using AWS Security Lake and Torc Robotics, highlighting the integration of Security Lake with Datadog for enhanced security and operational efficiency.
  • Security Lake Challenges: Collecting security data at scale is complex due to disparate logging options, inconsistent formats, and the need for custom code to manage new accounts and resources.
  • Lifecycle and Access Policy Management: Security Lake helps manage long-term log retention, access policies, and data lifecycle transitions, making it easier to derive value from security data.
  • Data and Analytics Layers: The foundational data layer involves log aggregation and consistency, while the analytics layer focuses on deriving insights from the logs.
  • Open Cybersecurity Schema Framework (OCSF): AWS and 18 other businesses launched OCSF to standardize security data schemas, facilitating easier data searches and investigations.
  • Security Lake Features: Security Lake centralizes logs across all resources, accounts, and regions, and supports cross-account and cross-region log collection.
  • Integration with Datadog: Torc Robotics uses Datadog on top of Security Lake for investigation and discovery, benefiting from automated log collection and streamlined security operations.
  • Customer Success: Torc Robotics shared their journey of transitioning to Security Lake, emphasizing the reduction in custom code and improved investigation speed.
  • Future Enhancements: Torc Robotics plans to integrate more log sources, automate remediation, and enrich data to reduce false positives.

Quotes:

  • "Collecting security data at scale is very, very difficult. There's multiple disparate logging options today."
  • "Security Lake helps collect logs across all resources, all accounts, and all regions in just a couple clicks."
  • "The security persona actually, over time, the dichotomy of the role has slightly changed... many customers have wanted to stop managing pipelines and custom application code while still being able to derive valuable insights."
  • "AWS and a coalition of 18 other businesses partnered together to launch the open cybersecurity schema framework."
  • "Security Lake is the managed service for all of the stuff we were doing manually."
  • "In one sitting, we were able to get Security Lake forwarding our CloudTrail, Route 53, and Security Hub logs to all of our AWS accounts into Datadog."
  • "Deleting dead code is one of our favorite things to do."
  • "Amazon Security Lake is helping Torque lower the burden for log aggregation and helping us move faster, helping our security engineers investigate incidents and security events as quickly as possible."
Developers Security Survival Guide Com321Discover Emerging Threats in Cloud Security Nis201