What is a Security Data Lake?  Cyber Terms Explained

Featuring: Tal Mozes, CEO & Co-Founder, Mitiga 

When we talk about a Security Data Lake, Data Lake is not a very new concept. It's the concept of aggregating a lot of data from different resources into a centralized repository.

In the security world, before the Security Data Lake, is the logic that we add on top of the Security Data Lake in order to capture the right data for security reasons. Usually, people are referring to SIEMs as the place to aggregate security data. But we need to understand that the SIEM was not designed to aggregate all the data needed for security reasons, and to keep it for a long period of time.

It's optimized, mostly, to capture data, which is needed for monitoring and to keep it for a short period of time so you can investigate and triage alerts that you've found out through the SIEM. So, mostly, you will see data which is kept for either 90 days to 180 days max.

But when we're talking about nowadays, when the data size is huge and the SIEMs are not designed for that,  moving it into data lake will help you maintain the data for a longer time so you can always go back and search if you learn of a new type of incident or breach that could have happened on top of your data. It will also help you to look from a single pane of glass into multiple environments that you might have with different types of data, with a single query.

Learn about the benefits of Mitiga’s Cloud Security Data Lake, providing visibility into your complete cloud  ecosystem.