SOC Prime’s Integration Highlights with Amazon Security Lake

Insights into Proactive Threat Detection & Automated Threat Hunting in the Era of Security Data Lakes

On May 30, 2023, SOC Prime, provider of the foremost platform for collective cyber defense, announced its support for Amazon Security Lake. For a one-year period since the integration release, SOC Prime has helped organizations supercharge threat detection and enhance hunting capabilities, unleashing the power of Amazon Security Lake. 

With the constantly expanding attack surface, increasing environmental complexity, and exponential rise in attack volumes, Security Data Lakes offer future-proof solutions for organizations looking to redefine their threat detection strategies and capabilities. Amazon Security Lake, in combination with SOC Prime’s complete product suite for AI-powered Detection Engineering, Automated Threat Hunting, and Detection Stack Validation, helps organizations that rely on joint solutions effectively navigate modern-day security data challenges. 

Organizations committed to maximizing the ROI of their security toolset and accelerating the effectiveness of their SOC are increasingly turning to Amazon Web Services (AWS) for its scalable and flexible solutions. SOC Prime and AWS drive the transformative change in cyber defense, optimizing costs and allowing SecOps teams to focus their time and efforts more strategically. This collaboration marks a major step in streamlining threat detection and hunting operations across hybrid and multi-cloud environments. 

Through integration with Amazon Security Lake, SOC Prime enables security teams to gain complete threat visibility and investigate incidents rather than never-ending streams of alerts while saving hours on engineering tasks and maximizing security investments with reusable rules and queries automatically convertible to Athena and OpenSearch in the Open Cybersecurity Schema Framework (OCSF) format. Currently, SOC Prime Platform supports the latest version of Amazon Security Lake 2.0 along with OCSF 1.1. Still, we continue to provide support for clients leveraging previous versions of Amazon Security Lake 1.0 and OCSF 1.0. 

SOC Prime’s Attack Detective solutions smartly and automatically queries security logs in the customer’s Amazon Security Lake account via Amazon Athena and Amazon OpenSearch to identify data sources and run real-time scanning based on over 12,000 Sigma rules. For optimal precision, security engineers can make the most of custom detection logic, incorporating behavior-based Sigma rules or IOC-based queries. Customers can also choose to manually validate the scan outcomes by accessing prioritized threat hunting queries through a browser link.

Using Attack Detective, customers can analyze their security data while retaining complete control and ownership over that data. Built on Zero-Trust Architecture (ZTA), Attack Detective segregates the data plane and control plane for the customers’ Data Lake, SEIM, or EDR instances. By conducting the automated detection stack validation, the solution queries data in its native location while ensuring that the customers’ data remains stored in their environment. Linking and correlating organization-specific logs with on-prem SIEM and EDR data ensures complete threat visibility without the need for data migration to the cloud, which adds to essential cost savings and compliance with zero-trust principles. 

Uncoder AI, acting as an advanced AI co-pilot for Detection Engineering, enables security teams to reduce content development timelines and migration expenses while advancing cyber defense at scale. Uncoder AI fuses cyber threat intelligence, indicators of attacks, and thousands of relevant detection algorithms mapped to MITRE ATT&CK® backed by joint industry expertise and AI. The solution helps organizations proactively develop and update detection algorithms while automatically translating them to Amazon Athena and Amazon OpenSearch in the OSCF format.

Uncoder AI, paired with The Prime Hunt, an open-source browser extension for SOC Analysts and Threat Hunters, bridges the gap between multiple tools and query languages, ensuring organizations can drive more value from their security tools regardless of the solution in use. Security professionals might customize SIEM-native rules and queries right from their browser, seamlessly stream them to Uncoder to enhance the detection code, and automatically translate it to the relevant format, then save the updates to a custom repository in a matter of clicks. 

On May 2, 2024, SOC Prime hosted a joint partner webinar providing a deep dive and practical insights into how SOC Prime’s cutting-edge technology, coupled with the power of Amazon Security Lake, helps organizations elevate their threat detection and hunting capabilities at scale. Check out this link to access the webinar recording, along with a hands-on demo showcasing how to jointly apply Amazon Security Lake and SOC Prime.