AWS re:Inforce 2024
Use Generative Ai and Amazon Security Lake to Enhance Threat Analysis Tdr320

Title: AWS re:Inforce 2024 - Use generative AI and Amazon Security Lake to enhance threat analysis (TDR320)

Insights:

  • Introduction and Objectives: The session focuses on leveraging generative AI and Amazon Security Lake to enhance threat analysis. Key objectives include understanding the importance of data, challenges in collecting security data, and how Amazon Security Lake can assist.
  • Challenges in Data Collection: Many IT professionals struggle with collecting data across various infrastructures, including AWS, other cloud providers, on-premise, and hybrid environments. The complexity and cost of storing verbose logs for extended periods are significant challenges.
  • Amazon Security Lake: Introduced to centralize, aggregate, and normalize log information using the Open Cybersecurity Schema Framework (OCSF). It simplifies the process of managing logs from various sources, including AWS, SaaS applications, and custom log sources.
  • Lifecycle Management: Security Lake allows users to define storage and retention policies, automating the indexing and transformation of data into OCSF format, reducing the need for manual ETL processes.
  • Integration and Automation: Security Lake integrates with native AWS sources and partner tools, automating the ingestion and transformation of logs without additional costs for ingestion or storage.
  • Generative AI Applications: Customers can leverage generative AI tools like Amazon SageMaker and Amazon Bedrock to build applications for threat analysis, such as virtual security assistants and interactive dashboards using natural language processing.
  • Demo Highlights: The demo showcased building dashboards in Amazon QuickSight using generative AI, highlighting the ease of creating visualizations and reports from Security Lake data.

Quotes:

  • "Collecting security data is still a challenge for customers and organizations."
  • "A large majority, 52% of organizations in this survey want to keep or they have a desire to keep that data online for longer periods of time so that they can act on that data."
  • "Proprietary nature of those logs led to another complexity where security teams were doing a lot of transformation and or applying ETL."
  • "Amazon Security Lake helps customers easily centralize, aggregate, and normalize all the log information in the OCSF or open cybersecurity schema framework."
  • "Security Lake also automatically indexes and queues this data and transforms all that data in an OCSF or open schema format."
  • "Customers can use AWS analytic tools like OpenSearch, QuickSights, Athena, et cetera, to query that log information."
  • "You can leverage Gen AI tools like Amazon SageMaker and or Amazon Bedrock to apply foundational models on top of that normalized and standardized data."
  • "Rather than writing a SQL query to look for an IP address, you could ask natural language questions on that application that's being built on Bedrock."
  • "Security Lake helps one by automating and bringing that data easily."
  • "The data is all normalized in OCSF, so hence it's easier for any RAG and or generative AI tooling to actually use that data and easily interpret natural language processing on top of that."
Use Aws Waf to Help Avoid Cost Prohibitive Traffic in Llm Apps Nis221Users and Their Data Modern Access and Audit Patterns on Aws Iam301