Given that cybersecurity resources, and more so cloud security experts, are scarce, being imaginative is of the essence.

Since the Amazon Security Lake easily centralizes security data across the enterprise and normalizes it in one place by ingesting different logs, the partnership between Amazon Web Services Inc. and Cribl Inc. makes it a reality, with its capability expected to include predictive response and remediation in the future, according to Ryan Orsi (pictured, right), worldwide head of cloud foundations partners at AWS.

“Amazon Security Lake, it’s a purpose-built data lake, specifically for cybersecurity style logging and telemetry,” Orsi said. “It can accept sources from within your AWS accounts, other environments outside AWS, on-premises, and it standardizes it into a single sort of logging format on the OCSF, or the Open Cybersecurity Schema Framework. We’re seeing partners like Cribl step up and really make that ingestion process, no matter where the logs are coming from, a whole lot easier.”

Orsi and Clint Sharp (left), co-founder and chief executive officer of Cribl, spoke with theCUBE industry analyst John Furrier at the “Cybersecurity” AWS Startup Showcase event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how the Amazon Security Lake is changing the odds in cybersecurity and how the AWS-Cribl partnership fits into the picture. (* Disclosure below.)

Through the Amazon Security Lake lens

To offer a clearer picture, the Amazon Security Lake automates security logs. As a result, visibility is driven a notch higher, and this boosts confidence in security teams for better outcomes, according to Orsi.

“Automation’s been around for a while, but with Amazon Security Lake and increased visibility across all of your security telemetry, across your environment, this provides a finer resolution onto some of the factors that maybe led to some uncomfortable feelings from certain CISOs or security teams to automate remediation or automate response,” he said.

Since customer centricity is at the heart of AWS, doing away with undesirable trade-offs in cybersecurity is top of mind, according to Orsi. As a result, the company is triggering a reinvention in the industry through the Amazon Security Lake, because it centralizes logging using a standardized format in a cost-effective manner.

“I’m speaking from personal experience in the cybersecurity industry for many, many years; this is a tough problem,” he explained. “I don’t like personally to hear that people have to make trade-offs of what logging and telemetry sources to turn on or off or how long to store those logs, and they’re up against regulatory compliance pressures, retention periods.”

The exponential growth of data is emerging as a huge stumbling block to attack mitigation based on the rigorous exercise and high cost involved. Nevertheless, the Amazon Security Lake is emerging as a game-changer, because data doesn’t have to be moved and its open-based, according to Sharp.

“I think the core problem that our customers are seeing is around data growth,” he stated. “Their data’s growing at a 25% CAGR; their budget is not. How do I retain all the data I need for the potential years back that I need to go back to do a breach investigation? How do I do that cost effectively? One of the things that we think security data lake is so exciting is because it’s open, the formats are open, the data is owned by the customers and there are multiple things that can go in and get value out of that data, including our search product.”

Cribl Stream as a differentiator

As a universal receiver that draws data from any observability source, Cribl Stream propels the centralization agenda for enhanced security, according to Sharp. As a result, it is proving to be a differentiator, because it takes the headache of having multiple data copies away.

“Our Stream product … can help lift the data out of Security Data Lake and move it into other repositories, being able to search that in place, especially since a lot of this data is completely worthless, until suddenly it’s the most valuable data set in the enterprise,” he said.

With data being at the heart of artificial intelligence, the Amazon Security Lake is a useful resource that adds value by solving numerous automation problems, enabling AI scalability. As a result, Cribl comes in handy in enabling the integration of data sources, according to Sharp.

“Cribl’s the data engine for IT and security, and our Stream product helps AWS customers get data into their security data lake from outside,” he said. “Almost all the enterprises that we’re talking to today live in a complex world full of on-premises infrastructure that they’re marrying with the cloud … Security Lake is a fantastic way for them to unify all of this data in one central place for analysis. Future data mining and AI potential in there as well.”

Cloud security is offering enterprises a stepping stone toward thinking about the future, such as planning for the AI wave. As a result, the AWS-Cribl partnership is making this a reality, thanks to the Amazon Security Lake, Orsi pointed out.

“I’d say the use cases we’re seeing emerge right now for Amazon Security Lake, specifically, are pretty exciting to watch,” he noted. “I’m really excited that Cribl’s here today, because I will say, making that process easier to ingest whatever kind of log you have out there for a holistic picture, not just threat hunting, but maybe even incident response and investigation.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity” AWS Startup Showcase event:

(* Disclosure: Cribl Inc. sponsored this segment of theCUBE. Neither Cribl nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE