SentinelOne to support Amazon Security Lake to power cloud investigations

At  AWS re:Invent 2022, SentinelOne has announced SentinelOne Singularity Cloud works with Amazon Security Lake from Amazon Web Services (AWS) to support hunting, threat investigations, and forensics on cloud logs within the SentinelOne Singularity XDR Platform. Amazon Security Lake is a new service that automatically centralizes an organization’s security data from cloud, on-premises, and custom sources into a customer owned, purpose-built data lake. Both Singularity Cloud and Amazon Security Lake use the Open Cybersecurity Schema Framework (OCSF) to simplify how logs are ingested, searched, and analyzed. As a result, customers can begin investigations without any effort to parse or normalize security logs.

SentinelOne’s Singularity Cloud consists of a Cloud Workload Security (CWS) solution that offers near real-time threat detection and prevention for containers, Kubernetes clusters, and virtual machines. Singularity Cloud protects against cloud threats such as ransomware, cryptomining, and fileless attacks in near real-time using patented behavioral artificial intelligence (AI) and threat intelligence. The platform’s XDR data plane, called Skylight, enables customers to ingest third-party data sources, such as those from Amazon Security Lake, to support a diverse set of use cases. Threat hunting, investigation, and forensics use cases are easier and more complete with Singularity Cloud’s detailed, natively-collected container and virtual machine (VM) telemetry. The initial data ingested into Skylight from Amazon Security Lake includes Amazon Virtual Private Cloud (Amazon VPC) flow logs, AWS CloudTrail management events, Amazon Route 53 Resolver query logs, Amazon Simple Storage Service (Amazon S3) data events, AWS Lambda function execution activity, and AWS Security Hub findings.

“By connecting Amazon Security Lake to Singularity XDR, and through implementing OCSF as our data schema, SentinelOne is unlocking new use cases for cloud-focused hunting, investigations, and forensics,” said Ely Kahn, Vice President of Cloud Products, SentinelOne. “Customers can now easily pivot from the threats that we detect and into associated AWS data to better understand the root cause and impact of the threat.”

“Amazon Security Lake simplifies how customers collect security logs and findings in a format ready for analytics,” said Rod Wallace, General Manager of Amazon Security Lake at AWS. “Customers can now make their security data accessible to AWS Partners like SentinelOne to uncover security-related insights and effectively address potential issues faster, while continuing to use their preferred analytics tools.”