Swimlane and AWS: Accelerating Incident Response with Automation

3 Minute Read

Swimlane’s Alliances Director breaks down how joint customer, Cylitic Security, benefits from integrating Amazon Web Services and Swimlane.

The collaboration between Swimlane and Amazon Web Services (AWS) hastens the detection and response to security breaches within your environment. The integration of Swimlane and AWS is a swift and effortless process. Upon connection, you can easily automate response tasks and utilize dashboards or reporting functions to constantly oversee all aspects of your SecOps infrastructure. This enhances the speed and uniformity of addressing security notifications.

As the Alliances Director for Swimlane, I recently had the opportunity to speak with Jesse, the Principal Security Engineer at Cylitic Security, a Swimlane customer. During our conversation, Jesse shared some insights on how Swimlane’s partnership with Amazon Web Services (AWS) helps Cylitic Security streamline its SecOps and improve its overall security posture.


Cylitic Security helps companies mitigate their risk exposure to cyber risk with top-tier protection, insurance and automated security certification.  Their experts hail from the most sophisticated security teams in the public and private sectors; and all of their security analysts hold multiple certifications, including CISSP, NSA-IAM, and SANS.

Increased Flexibility and Scalability for SecOps

Jesse began by highlighting the flexibility and scalability of AWS cloud infrastructure, which allows Cylitic to easily monitor, expand or contract its resources based on the changing demands of its customers. This level of control over the cloud hardware is crucial for any organization, especially those in the security industry, where speed and agility are key factors in responding to threats.

Furthermore, since Cylitic Security manages its primary infrastructure on AWS, troubleshooting any issues is a breeze. Jesse shared that the entire team is familiar with the AWS Cloud platform, which helps everyone quickly diagnose and resolve any problems that may arise.

Lightning-Quick Response to Security Incidents

The combination of Swimlane and AWS has also proved to be a game-changer for Cylitic Security in terms of responding to security incidents. The integration is fast and easy to set up, and once connected, the platform can automatically ingest AWS GuardDuty findings, gather logs from AWS CloudTrail and CloudWatch and use other enterprise tools to enrich data. This allows the team to quickly identify threats and take the appropriate remediation action.

Swimlane’s integration with AWS Security Hub is another key benefit for Cylitic Security. It provides a comprehensive view of the security posture and alerts across AWS accounts, enabling the team to take a holistic approach to security. As Jesse puts it, “The combination of Swimlane and AWS makes it easier and faster for us to respond to any incidents, all of our engineers are familiar with AWS. This includes being able to quickly ingest data stored within S3 Cloud Storage.”

AWS, Swimlane’s Exclusive Cloud Provider

The Swimlane Turbine platform runs on AWS EC2, which gives Cylitic Security the confidence to upgrade to the latest version easily and with minimal risk. Jesse shared that he’s done multiple upgrades since joining Cylitic Security, all of which have gone smoothly.

The Swimlane and AWS partnership enables Swimlane to scale its platform’s performance alongside the needs of its customers. AWS is the exclusive cloud provider for Swimlane’s SaaS security automation offering, Swimlane Turbine. Turbine can correlate signals from the AWS environment to determine the right remediation action to automate. Actions can include blocking an IP address, quarantining or taking a snapshot of an AWS EC2 instance.

Swimlane’s partnership with AWS has been a game-changer for Cylitic Security. It has enabled the team to respond faster and more effectively to security incidents, while also providing a comprehensive view of their security posture across their AWS environment. And that’s only the beginning of this powerful integrated solution.

The Importance of Open Cybersecurity Schema Framework (OCSF) Support

The Open Cybersecurity Framework (OCSF) serves as an invaluable asset in accelerating the pace of security automation. Its true strength lies in its capacity to streamline and standardize security protocols across heterogeneous environments, ensuring a seamless and efficient approach to threat detection and response. By offering a comprehensive framework that seamlessly integrates diverse security tools and processes, OCSF empowers organizations to proactively identify vulnerabilities, mitigate risks, and respond promptly to emerging threats. The Swimlane Turbine platform further enhances this capability by fully supporting all iterations of OCSF through its proprietary Turbine Extensible Data Schema (TEDS). As data flows from AWS Security Lake into the Swimlane Turbine platform, Swimlane facilitates seamless conversion between OCSF and TEDS, ensuring fluid data interchange and bolstering the efficacy of security operations.

roi report swimlane security automation

Request a Demo

If you haven’t had the chance to explore Swimlane Turbine yet, request a demo. 

Learn More

Request a Live Demo