As global network infrastructure expands to include devices without traditional compute power, every organization’s attack surface becomes increasingly complex. Parallel to the increased complexity in the threat landscape is the increased scale and complexity of the signals and data necessary to produce meaningful cybersecurity insights. At its core, cybersecurity is a big data problem, requiring centralization of disparate data sources in uniform structure to enable continuous analytics.
With over 10 petabytes of continuously updated security data, SecurityScorecard is at the forefront of recognizing the big data problem facing this industry. To tackle this challenge, SecurityScorecard has joined the Open Cybersecurity Schema Framework (OCSF) standard community to ensure that our Attack Surface Intelligence data can augment security analytics being performed by organizations in the standardized framework.
SecurityScorecard's Attack Surface Intelligence gives security teams contextualized threat intelligence on demand, allowing them to query our comprehensive data collection and attribution infrastructure. With over 20 million websites crawled,100 billion security issues identified weekly, and 4 billion IPs scanned daily, organizations get the most relevant, actionable, and trusted cyber risk information about the global attack surface.
The security data collected by ASI can now enrich the log-based events consolidated in Amazon Security Lake, leveraging OCSF. Amazon Security Lake allows customers to build a security data lake from integrated cloud and on-premises data sources as well as from their private applications. With Amazon Security Lake, customers can use the security and analytics solutions of their choice to query that data in place or ingest the OCSF-compliant data to address further use cases. Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data. SecurityScorecard threat and events data can provide additional context to the log events within the customer data lake. Customers can leverage this data with analytics tools for additional analytics use cases.
Grounding in the OCSF data structure, Attack Surface Intelligence produces and enables Amazon Security Lake customers to enrich their security data lake with the following events:
- Detected Ransomware
- Detected Malware Infections
- Discovered Vulnerabilities
- Domain Attribution
- Associated Threat Actors
- SecurityScorecard Ratings
- Detected Expired Certificates
Adding real-time threat context to log events enables organizations to react to threats more efficiently and effectively. A log event that may seem benign takes on new priority for a response when coupled with real-world threat data. The data provided by ASI can shine a bright light on the proverbial needle in the haystack of cybersecurity logs.
As SecurityScorecard grows its data collection capabilities further, new event types will be added to the integration with Amazon Security Lake, providing customers with greater value over time.