Today, New Relic is launching an integration with Amazon Security Lake, so you can collect multi-region, multi-account security data from across your microservices infrastructure and analyze that data in New Relic. By sending Amazon Security Lake logs to New Relic, you get a more complete understanding of security across your entire organization to protect your workloads and data.
Security detection for modern software systems is challenging, because systems are complex, constantly evolving, and come with multiple components and dependencies. And software systems generate a vast and ever-growing volume of data from logs, network traffic, and system events. Combing through this data is time-consuming and difficult. In addition, working across a dynamic range of technologies, diverse programming languages, different operating systems, and cloud environments makes keeping up with security threats extremely onerous.
Amazon Security Lake solves this problem by allowing you to aggregate, store, analyze, and monitor security-related data in a scalable and cost-effective manner in your own Amazon Web Services (AWS) account. You can collect and centralize logs from all of your accounts and regions in a standard Open Cybersecurity Schema Framework (OCSF) format, either storing the data in Amazon Security Lake or sending to third parties, such as New Relic. For more details, see Amazon Security Lake.
Using Amazon Security Lake with New Relic
Amazon Security Lake collects logs across multiple Virtual Private Clouds and AWS accounts. The easy one-time setup in New Relic brings AWS Security Lake logs into four dashboards developed specifically for these AWS sources:
- Amazon Virtual Private Cloud (VPC) flow logs
- Amazon CloudTrail
- AWS Security Hub
- Amazon Route 53
While New Relic already supports most of these features individually, Security Lake allows you to keep up with all of these security features across multiple accounts, and in a single data stream into New Relic. I’ll walk through use cases for each of these sources of log data in the next sections.
Amazon VPC flow logs
To ensure your VPCs are secure, sending your VPC flow logs to New Relic gives you visibility into your network activity to quickly detect issues in your network performance. The flow logs are records of network traffic to and from the different resources within your VPC. This integration helps you:
- Monitor your network traffic within and between your VPCs.
- Visualize performance metrics like bytes and packets.
- Detect unexpected deviations in network volume or health.
This screenshot shows Amazon Security Lake-VPC flow logs data displayed in a New Relic dashboard.
Amazon CloudTrail logs
CloudTrail provides insight into all account activity across your AWS infrastructure. Use the New Relic integration to:
- Detect security-related incidents.
- Monitor operational issues and inefficiencies.
- Identify and isolate unusual operation activity, IP activity, API errors, and more.
This screenshot shows Amazon Security Lake-CloudTrail logs data displayed in a New Relic dashboard.
AWS Security Hub
Security Hub gives you direct insight into the security posture of your AWS infrastructure, enabled, in part, through security alerts. By sending this data to New Relic, you’ll stay up to date with the latest security vulnerabilities, making it convenient to take decisive action when issues are detected. The monitoring for this service provides:
- A curated view of high and critical priority Security Hub issues
- An overall compliance status across all of your accounts and regions
- A real-time stream of security compliance failure logs, including how to resolve them
This screenshot shows Amazon Security Lake-Security Hub log data displayed in a New Relic dashboard.
Amazon Route 53
An effective system of DNS monitoring is critical to the reliability and security of your website, helping you detect and resolve malicious attacks on your domains and services. The Route 53 (resolver query) logs show key data about your DNS queries, helping you to:
- Visualize your resolver query traffic to help allocate resources effectively and improve your architecture.
- Monitor domains or instances where your queries are unsuccessful.
- Detect unusual activity on your Route 53 Resolver.
This screenshot shows Amazon Security Lake-Route 53 Resolver query log data displayed in a New Relic dashboard.
다음 단계
To begin exploring how to instrument Amazon Security Lake with New Relic, check out our Security Lake documentation and quickstarts.
If you’re not already using New Relic, sign up for a free account. You get100 GB/month of free data ingest, one free full-platform user, and unlimited free basic users.
이 블로그에 표현된 견해는 저자의 견해이며 반드시 New Relic의 견해를 반영하는 것은 아닙니다. 저자가 제공하는 모든 솔루션은 환경에 따라 다르며 New Relic에서 제공하는 상용 솔루션이나 지원의 일부가 아닙니다. 이 블로그 게시물과 관련된 질문 및 지원이 필요한 경우 Explorers Hub(discuss.newrelic.com)에서만 참여하십시오. 이 블로그에는 타사 사이트의 콘텐츠에 대한 링크가 포함될 수 있습니다. 이러한 링크를 제공함으로써 New Relic은 해당 사이트에서 사용할 수 있는 정보, 보기 또는 제품을 채택, 보증, 승인 또는 보증하지 않습니다.
