February 15, 2024

Revolutionizing SecDataOps with AWS Security Lake: Insights from a Startup

Revolutionizing SecDataOps with AWS Security Lake: Insights from a Startup

The evolution of security systems has ushered in a transformative era; from traditional SIEMs to the more dynamic and versatile security data lakes. This pivotal shift enhances the flexibility and depth of security data analysis, empowering organizations to achieve unparalleled insights.

Are you leveraging these cutting-edge tools to their fullest potential? How far along are you in embracing this innovative approach to security data management? At HTCD, our exploration of AWS Security Lake has been a revelation, offering significant enhancements in how we handle and extract value from our security data.

By integrating direct querying capabilities with Amazon Athena and AWS Lake Formation tables, we’ve unlocked a realm of possibilities for in-depth data analysis and actionable insights.

Here’s a glimpse into our journey and the invaluable lessons we’ve learned along the way:

  1. Foundation in SQL and AWS Security Lake: Our journey commenced with a solid grasp of SQL queries, a critical skill that facilitated our navigation through AWS Security Lake’s expansive capabilities.
  2. Deciphering the OCSF Data Structure: We delved into the Open Cybersecurity Schema Framework (OCSF), mastering its data format to craft effective queries and fully harness the data at our disposal.
  3. The Critical ‘Limit’ in Queries: A beginner’s oversight in omitting ‘limit’ from our queries led to significant data processing and unexpected costs, highlighting the importance of precision in query construction.
  4. Partitions for Performance and Cost Efficiency: Identifying and applying the right partitions results in an exponential reduction in query times and data scanned. The lesser the data scanned, the lower your S3 Read costs are. For example, applying the partition WHERE eventday BETWEEN ‘20240201’ AND ‘20240214’ reduces run time from 14.5 seconds to 4.6 seconds, and data scanned from 1.81GB to 291MB.
  5. Enhanced Queries via OCSF: Embracing the OCSF format refined our querying process, streamlining data retrieval and analysis through its structured approach.
  6. Unix Milliseconds Time Conversion: Tackling time-related queries necessitated converting Unix milliseconds into a user-friendly format, a challenge we overcame through SQL conversions.
  7. Strategic Use of ‘Unnest’: Identifying the appropriate instances for ‘unnest’ in our queries was a hurdle we cleared by intimately understanding our data structure.
  8. Mastering Security Lake Specifics: Navigating the nuances of querying data from various AWS services required precise knowledge of AWS endpoints and service names, enriching our expertise with each challenge.

Our journey with AWS Security Lake and Athena has been transformative, elevating our understanding from basic SQL to advanced data structuring and querying techniques. These insights have been instrumental in enhancing HTCD’s platform, enabling us to deliver precise, AI-driven answers to your queries without the need for manual SQL coding.

HTCD is committed to simplifying data analysis, ensuring you can easily access detailed information through our advanced query capabilities and AI-driven assistance. We’re excited about the future and our ongoing mission to demystify data management, making it more accessible and effective for everyone.

Join Our Community:

We’re eager to hear from you! Share your experiences, questions, or opinions, and let’s foster a vibrant SecOps community together. Follow us on LinkedIn, X, and Facebook to stay updated on the latest from HTCD and dive deeper into the world of seamless data management. Together, let’s revolutionize the way we handle security data, one query at a time.

Orika Orrie

LinkedIn logo
Co-Founder & VP, Operations

Related Articles

Back to blog