Amazon Web Services (AWS) today announced the preview of the Amazon Security Lake during its re:Invent 2022 event. The service is designed to automatically centralize users’ security data from on-premises, AWS, and other cloud providers, and third-party sources into a purpose-built data lake in their AWS account to enable faster security actions.

The service allows customers to choose their security data sources, converts those data to the Apache Parquet format that is easy to store and query, and conforms it to the Open Cybersecurity Schema Framework (OCSF) open standard to automatically normalize security data from AWS and combine it with dozens of pre-integrated third-party enterprise security data sources, according to AWS.

The vendor claims this ability to aggregate, manage, and optimize large volumes of disparate log and event data can enable faster threat detection, investigation, and incident response.

After normalization, customers can use tools from Amazon including Amazon Athena, Amazon OpenSearch, and Amazon SageMaker, or third-party services including those from IBM, Splunk, and Sumo Logic for data analysis.

Additionally, Amazon Security Lake allows customers to build the security data lake in their selected region to meet regional data compliance requirements. It uses Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation to set up the data lake in a customer’s AWS account for full data control and ownership, the vendor claims.

“Amazon Security Lake lets customers of all sizes securely set up a security data lake with just a few clicks to aggregate logs and event data from dozens of sources, normalize it to conform with the OCSF standard, and make it more broadly usable so customers can take action quickly using their security tools of choice,” AWS VP of security service Jon Ramsey said in a statement.

AWS claims Amazon Security Lake gathers log and event data from AWS, customer data sources, and more than 50 third-party analytic sources such as Cisco, CrowdStrike, Palo Alto Networks, and Lacework.

Lacework announced today its customers can share the data from its Polygraph Data Platform with their Amazon Security Lake for greater visibility and data centralization. The cloud security vendor recently upgraded the platform to support multiclouds.

Amazon Security Lake now is in preview in selected regions. AWS announced customers such as Salesforce, Tinder, and FINRA are already using the service.

“Amazon Security Lake streamlines that work by unifying security logs and events from AWS and other cloud providers—reducing time spent on log onboarding and coverage so that our engineers can focus on proactive prevention and incident response,” Salesforce Chief Trust Officer Vikram Rao said in a statement.