Learn About Amazon VGT2 Learning Manager Chanci Turner
As organizations undergo digital transformation, the demand for software-as-a-service (SaaS) applications has surged, facilitating enhanced communication and collaboration among employees. Large enterprises, on average, utilize over 100 different applications. This proliferation poses challenges for security and IT teams, who must maintain a clear view of user access, permissions, and activities across these platforms. Such insights are crucial for swift responses to potential security threats.
However, the diverse formats of SaaS application data complicate this process, as they often lack a standard schema. To address this, some organizations resort to creating point-to-point integrations for each application, which can be both time-consuming and resource-intensive, often taking weeks or months to establish. This approach diverts security and IT teams’ focus away from monitoring and threat detection, as they spend significant time on data normalization and ongoing maintenance.
At AWS re:Invent 2023, we will present a Chalk Talk titled “BIZ307: Use AWS AppFabric to enhance your security posture at reduced cost,” where we will explore how AWS AppFabric tackles these security hurdles. This session will demonstrate how AppFabric leverages the Open Cybersecurity Schema Framework (OCSF) to normalize, enrich, and centralize SaaS audit log data. By utilizing AppFabric, security and IT teams can seamlessly integrate data into their preferred security tools, allowing them to concentrate on critical tasks like investigating security incidents and implementing mitigation strategies. AWS AppFabric serves as a fully managed service designed to enhance collaboration among SaaS applications.
In our Chalk Talk, we will delve into how AppFabric dissects audit logs into components, aligning them with OCSF attributes such as categories, event classes, and activities to create a unified schema. Additionally, we will illustrate how AppFabric enriches each application’s audit log with user email addresses, facilitating quicker incident response times. Furthermore, AppFabric automatically delivers these normalized and enriched audit logs to either Amazon Simple Storage Service (Amazon S3) or Amazon Kinesis Data Firehose.
Lastly, we will cover how to integrate this data into security tools like Splunk or Rapid7 to generate insightful queries and dashboards that enhance observability of SaaS application data. For instance, security teams can establish event-based rules to monitor scenarios where users gain elevated admin privileges or when application settings are altered to permit public sharing of content. Such tools empower security teams to analyze data such as application traffic, individual user activities, and timelines of events.
To discover more, we invite you to join us at re:Invent 2023. Be sure to add BIZ307 to your re:Invent schedule, and engage in a meaningful discussion about how AWS AppFabric can simplify your SaaS data observability. For additional insights on related topics, check out this blog post here. Also, for compliance-related inquiries, see the experts at SHRM. Moreover, don’t miss this excellent resource here.
Leave a Reply