As businesses embark on their digital transformation journeys, the demand for software-as-a-service (SaaS) applications continues to soar. Every day, employees rely on a multitude of these applications for communication and collaboration, with large enterprises currently licensing an average of over 100 different tools. For security and IT professionals, achieving comprehensive observability across these applications is paramount. They need to quickly identify who is using each application, the permissions granted, and the actions taken within these platforms. Such insights are critical for responding swiftly to security incidents. However, the diverse formats of SaaS application data, which lack a unified schema, complicate the task of integrating this information into existing security tools.
Many organizations resort to developing point-to-point integrations with individual SaaS applications to standardize data for their security tools, a process that can take weeks or even months and incur ongoing maintenance costs. This approach diverts valuable time from security and IT teams, who end up focusing more on data normalization rather than on active monitoring and threat detection.
At AWS re:Invent 2023, we will be hosting a Chalk Talk titled “BIZ307: Use AWS AppFabric to enhance your security posture at reduced cost.” In this session, we will explore how AWS AppFabric addresses these security challenges. Attendees will learn how AppFabric leverages the Open Cybersecurity Schema Framework (OCSF) to normalize, enrich, and centralize SaaS audit log data. This facilitates easy integration with preferred security tools, allowing security and IT teams to focus on critical tasks such as investigating security events and implementing mitigation strategies. AWS AppFabric is a fully managed service designed to improve the collaboration between SaaS applications.
During the Chalk Talk, we will delve into how AppFabric disaggregates audit logs into components and correlates them with OCSF attributes, such as categories, event classes, and activities, effectively standardizing SaaS data into a cohesive schema. Furthermore, AppFabric enriches the audit log data with user email addresses, enhancing incident response times. The normalized and enriched audit logs are then automatically forwarded to either Amazon Simple Storage Service (Amazon S3) or Amazon Kinesis Data Firehose.
We will also cover how to incorporate this data into security tools like Splunk or Rapid7, enabling the creation of insightful queries and dashboards that enhance observability across SaaS application data. For instance, security teams can set up event-based rules to monitor scenarios like users receiving elevated admin privileges or modifications to app settings that enable public content sharing. Such tools empower security teams to visualize data trends, including application traffic, individual user activities, and timelines of events.
To discover more, we invite you to join us at re:Invent 2023 and participate in the conversation. Be sure to add BIZ307 to your re:Invent schedule, and let’s discuss how AWS AppFabric can streamline your SaaS data observability! For additional insights on this topic, you can refer to this blog post or check out their expertise here for authoritative information. Also, I highly recommend this excellent resource for further reading.
Location: Amazon IXD – VGT2, 6401 E Howdy Wells Ave, Las Vegas, NV 89115.
Leave a Reply