SOC Prime Integrates with Amazon Security Lake to Supercharge Security Operations

[post-views]
May 30, 2023 · 6 min read
SOC Prime Integrates with Amazon Security Lake to Supercharge Security Operations

Driving Cost-Efficient, Zero-Trust, and Multi-Cloud Security Backed by Collective Expertise

SOC Prime operates the world’s largest and most advanced platform for collective cyber defense that cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules compatible with over 27 SIEM, EDR, and XDR platforms. SOC Prime’s innovation, backed by the vendor-agnostic and zero-trust cybersecurity approach, and cutting-edge technology leveraging Sigma language and MITRE ATT&CK® as core pillars are recognized by the independent research companies, credited by the leading SIEM, XDR & MDR vendors, and trusted by 8,000+ organizations, including 42% of Fortune 100 and 21% of Forbes Global 2000. 

SOC Prime’s platform, which helps security teams defend against attacks easier, faster, and more efficiently driven by a community-based approach, has announced its support for Amazon Security Lake since the General Availability Launch. With organizations continuously switching to hybrid and cloud-based environments, there is a growing demand for detection content consumption for cloud-based solutions, including Amazon AWS. SOC Prime’s integration with Amazon Security Lake enables customers to maximize the ROI of their SIEM, EDR, and XDR solutions by helping them to ensure threat intelligence-based comprehensive coverage as benchmarked against MITRE ATT&CK and ultimately reduce time spent in detection engineering while maximizing its outcomes across hybrid & multi-cloud environments.

Progressive organizations striving to maximize their SOC investments on a long-term basis are choosing Amazon Web Services (AWS), offering flexible solutions at scale. SOC Prime and AWS help drive a transformational change in cyber defense, while optimizing costs and freeing up time for SecOps teams. 

Through integration with Amazon Security Lake, SOC Prime empowers security teams to gain complete threat visibility and investigate incidents rather than overwhelming volumes of alerts while saving development time with reusable rules & queries automatically convertible to Athena and OpenSearch in the recently launched Open Cybersecurity Schema Framework (OCSF) format. Leveraging SOC Prime’s Uncoder AI, Attack Detective & The Prime Hunt, and backed by Amazon Security Lake, SOC Prime enables organizations to risk-optimize their cybersecurity posture.

Uncoder AI: Unleashing the Power of AI for Advanced Detection Engineering

Uncoder AI is an Augmented Intelligence framework that fuses cyber threat intelligence, indicators of attacks, and over 10,000 Sigma rules mapped to MITRE ATT&CK® backed by collective cybersecurity expertise and generative AI engines to timely notify users of emerging threats, enable them to proactively develop and update detection algorithms, and gain aggregated context on any cyber attack. 

With Uncoder AI, security teams can save development time and migration costs by re-using threat hunting queries & rules and automatically translating them to Amazon Athena and Amazon OpenSearch in the OSCF format.

Attack Detective: Enabling Smart Data Orchestration and Automated Threat Hunting

Attack Detective intelligently and automatically queries security logs in the customer’s Amazon Security Lake account via JDBC (in Athena integration) and via API (in OpenSearch integration) to identify data sources and then scan them with threat hunting queries based on over 10,000 Sigma rules. For the most precise results, security engineers can rely on custom detection logic, leveraging private Sigma rules or IOC queries. Additionally, users can choose to manually validate the scan results by opening threat hunting queries via a link in their browser. 

The benefits of using SOC Prime’s Attack Detective with Amazon Security Lake are as follows:

  • Run an alertless SOC
    • Act smarter by focusing on what matters most
    • Investigate incidents rather than overwhelming volumes of alerts
  • Enable smart data orchestration
    • Identify missing data and reduce blind spots in your cyber defense
    • Continuously improve visibility into the latest threats, CVEs, and behaviors
  • Accelerate hunting efficiency
    • Automatically partition Amazon Security Lake to boost resource efficiency
    • Reduce costs on hunts and IOC matching
  • Improve data observability 
    • Link and correlate with EDR and on-prem SIEM data to gain a holistic view of your environment
    • Automatically calculate cost savings without moving data to the cloud 

With a privacy imperative in mind, Attack Detective gains complete data visibility based on the organization-specific logs by embracing the critical zero-trust architecture (ZTA) principle to query data in its native location. By distinguishing the data plane and control plane according to the NIST 800-207 ZTA security guidelines, users can avoid asset duplication or distribution and possible permission inconsistency for the same data across different locations, which ensures compliance with zero-trust basic tenets and is aligned with the least privilege principles according to the operative definition of ZTA.

The Prime Hunt: One UI for Platform-Agnostic Threat Hunting

The Prime Hunt is an open-source browser extension that helps SOC Analysts and Threat Hunters to convert, apply, and customize detection content across a broad SIEM, EDR, and XDR stack. 

Like other innovative SOC Prime solutions, The Prime Hunt is built on vendor-agnostic and zero-trust principles to ensure organizations can drive more value at fewer costs:  

  • Platform-agnostic. The Prime Hunt bridges the gap between multiple tools and query languages, serving as a single platform-agnostic UI for all threat hunters, no matter what SIEM or EDR they use.
  • Zero-trust. The tool natively adheres to zero-trust basic tenets by leveraging the relevant access rights and permissions for each security analytics per each SIEM or EDR platform using existing authentication and authorization mechanisms. 
  • Cost-efficient. Leveraging The Prime Hunt, security teams can extract valuable data from large datasets without increasing costs for launching additional threat hunting queries. 

SOC Prime’s Integration with Amazon Security Lake via Amazon Athena and OpenSearch Services

SOC Prime Ñ–ntegrates with Amazon Security Lake leveraging the query access to the data lake via Amazon Athena and Amazon OpenSearch services. 

Attack Detective integrates with Amazon Security Lake by querying security logs in the customer’s Amazon Security Lake account via JDBC (in Athena integration) and via API (in OpenSearch integration) to identify data sources and then scan them with a curated set of threat hunting queries.

Amazon Security Lake integration with SOC Prime’s Attack Detective and The Prime Hunt solutions via Amazon Athena

Amazon Security Lake integration with SOC Prime’s Attack Detective and The Prime Hunt solutions via Amazon Athena

The Prime Hunt integrates with Amazon Security Lake via both Amazon Athena and OpenSearch, depending on the user environment, using the web API. Once the data is available in Athena or OpenSearch, security engineers can run queries via the Prime Hunt to automatically identify accounts and assets affected by the suspected activity.

Amazon Security Lake integration with SOC Prime’s Attack Detective and The Prime Hunt solutions via Amazon OpenSearch Service

Amazon Security Lake integration with SOC Prime’s Attack Detective and The Prime Hunt solutions via Amazon OpenSearch Service

To learn more about SOC Prime’s integration with Amazon Security Lake, visit https://my.socprime.com/amazon-web-services/

Was this article helpful?

Like and share it with your peers.
Join SOC Prime's Detection as Code platform to improve visibility into threats most relevant to your business. To help you get started and drive immediate value, book a meeting now with SOC Prime experts.

Related Posts