Claroty xDome and Amazon Security Lake

Claroty xDome is a complete cybersecurity solution for industrial environments. Highly flexible and rapid deployment options enable xDome to reveal and protect all XIoT — the extended internet of things, consisting of OT, IoT, IIoT, and BMS assets — within the network, while automatically detecting the earliest indicators of threats to operations. xDome strengthens and increases the utility of Amazon Security Lake by sending alerts detected within OT networks to Security Lake with minimal configuration. Further extending the value of these controls, Claroty maintains a vast integration ecosystem and robust API.

The xDome and Security Lake integration’s advantage lies in its ability to import Claroty xDome alerts into third-party SIEMs seamlessly. Syslog has long served as the de-facto interoperability “standard” for various tools to send event data to SIEMs. Almost every network device can output events via syslog and offering syslog as a data ingestion capability is tablestakes for all of the SIEM vendors. But even though all of these tools use syslog to communicate, the formatting within the protocol typically varies making integrations cumbersome and burdening asset owners with technical debt to maintain the integration. There’s no longer a need for specific integrations with third-party SIEMs as long as they support Amazon Security Lake and the Open Cybersecurity Schema Framework (OCSF) format. With the data formatted using OCSF consumers of the integration can rely on a more complete and capable integration