Swimlane collaborates with AWS to accelerate investigation and response when threats occur
The company today also announced Swimlane Turbine is now a cloud-native platform, helping customers automate responses to security data, which results in greater visibility, reduced risk and faster response times.
With the partnership, Turbine now integrates with Amazon Security Lake, a new purpose-built security data lake from AWS that helps organizations aggregate, manage, and analyze log and event data to enable faster threat detection, investigation, and incident response. Turbine and Amazon Security Lake uniquely share Open Cybersecurity Schema Framework (OCSF) support, making the integration poised to deliver mutual business value and a seamless customer experience.
“As one of the only SOAR launch partners for Amazon Security Lake, Swimlane’s partnership with AWS uniquely enables security customers to harness the power of Turbine to accelerate automation across their security program regardless of the technology stack,” said Mike Kay, SVP of Business Development at Swimlane. “Our transition to a cloud-native architecture and alliance with AWS, the world’s most prominent hyperscaler, will enable advanced automation use cases previously unavailable to AWS customers.”
Low-code security automation meets AWS
The Swimlane and AWS partnership provides Security Lake customers with a cost-effective solution that accelerates investigation and response when threats occur in AWS environments. Applying automation to AWS data helps to expedite the adoption of new security tools, increasing the return on investment of an organization’s entire security program.
The seamless integration of Turbine and Security Lake also delivers faster time to value for customers. As an official independent software vendor (ISV) partner, AWS customers can use pre-paid credits to purchase Swimlane Turbine through the AWS Marketplace, simplifying their procurement and billing process.
Turbine and AWS Security Lake customers will be able to benefit from this integration at no additional cost. It allows them to ingest security information from AWS Security Lake and Security Hub into Turbine and action the data through low-code playbooks and case management.
The Turbine integration makes it easy for customers to get started with automating the ingestion, correlation and response actions derived from various AWS Services, including GuardDuty, Macie, CloudTrail, Route53, VPC Flow logs, and many others.
Turbine’s OCSF-compliant content removes the need for developers to create custom mapping for security alerts from new data sources. Customers can download the connector through the AWS and Swimlane Marketplaces beginning in May.
“The combination of Swimlane and AWS makes it easier and faster for us to respond to any incidents; all of our engineers are familiar with AWS,” said Jesse Baylin, Principal Security Engineer at Cylitic. “This includes being able to quickly ingest data stored within S3 Cloud Storage.”
Introducing Turbine’s cloud-native infrastructure
Turbine’s cloud-native infrastructure, built on AWS infrastructure, provides customers with a low-code security automation solution that is faster to deploy and less infrastructure to manage compared to legacy on-prem security orchestration, automation and response (SOAR) solutions. Available in May, Turbine cloud customers will benefit from key features like:
- Multi-tenant infrastructure and application with multi-region support: Multi-tenant infrastructure delivers lower cost of goods sold for service providers and managed security service providers (MSSPs) so that they improve the cost efficiency of their security offerings and maximize ROI. Being a multi-tenant application delivers account structure and account level capabilities that optimize the user experience to deliver greater control to MSSPs and enterprises.
- Scalability: Turbine’s cloud-native infrastructure provides auto-scaling that allows for rapid elasticity and resource pooling to enable automated onboarding of new customers and the ability to autoscale to support increases in workloads.
- Cloud-native computing: The infrastructure provides continuous integration and continuous delivery resulting in 99.9% availability and zero downtime (ZDT) updates.
- Serverless-like experience: Turbine remote agents allow customers to run any language function inside of the agent to achieve a serverless-like experience for security use cases, providing a brand-new developer experience that can be run in the cloud or as an edge computing service.
“Swimlane has always taken a deployment agnostic approach to software, and Turbine is no different,” said Frans Xavier, CTO and SVP of engineering at Swimlane. “Swimlane’s cloud architecture and on-premise deployments have the same capability making it the preferred model for many customers as it improves the ease with which security teams leverage all the benefits of our low-code security automation platform.”