Enhanced cloud SIEM analytics in Sumo Logic’s enterprise machine data analytics platform aim to serve up security watchdog capabilities for both line-of-business and DevOps users.
The addition of cloud security information and event management (SIEM) analytics capabilities to Sumo Logic’s machine data analysis platform will enable security engineers and non-IT users to detect and investigate threats throughout the application lifecycle.
The cloud-native Sumo Logic machine data analytics platform automates log event data collection and transaction analysis of infrastructure and production applications. This data helps businesses identify performance, business process and user experience issues.
Jeremy Proffitt, senior site reliability engineer for LendingTree, an online loan marketplace in Charlotte, N.C., said he spends half of his workday checking application and infrastructure status on Sumo Logic machine data analytics dashboards.
“With cloud SIEM on the platform, I can bring security information from multiple places together with the operational data we’re already monitoring,” Proffitt said at last week’s Illuminate user conference in Burlingame, Calif. “The result will be earlier identification and repair of security flaws.”
Cloud SIEM topples security data silos
Traditional server-based SIEM systems and cloud SIEMs offer similar functionality around consumption of alerts and log data, analytics and reporting, but on-premises SIEMs can make it difficult to relate security events to operational events and activities across the IT environment, said Eric Ogren, security analyst for 451 Research. With on-demand cloud SIEM services available as a machine data platform, users receive security data and notifications from a multipurpose dashboard, rather than from a separate, siloed SIEM system.
Eric Ogrensenior security analyst, 451 Research
“There’s an increased awareness that visibility into operational data can point security and security analytics in a more economical and organizationally cohesive direction,” he said.
SIEM analytics and security performance analysis are expensive on premises, Ogren said. Cloud SIEM offerings remove in-house server deployment and maintenance costs and licensing fees, and they improve scalability and access to compute resources for analytics.
Cloud SIEM fills a security gap caused by the use of containers, microservices and serverless functions, which can be deployed, used and taken down before any on-premises log files or SIEM system knows about them. Ogren said he sees cloud SIEM as a more flexible platform than on premises for security oversight of these short-lived deployments.
Many SIEM vendors offer cloud versions, including Splunk, IBM, Micro Focus, LogRhythm, Securonix, Seceon and AlienVault, Ogren said.
Cloud SIEM reduces repetitive work
Sumo Logic’s cloud SIEM capabilities reduce or eliminate some repetitive manual tasks, such as query activities in application development and compliance monitoring, said Brad Segobiano, senior software engineer for call center technology provider Genesys in Daly City, Calif. About 65% of queries posed against Genesys’ Sumo Logic platform come from nonproduction environments, and 55% of those queries are spurred by developers, he said.
“Building out queries is time-consuming, but now we can use cloud-native SIEM to write one query and apply it just about anywhere and with anybody,” Segobiano said.
Sumo Logic’s cloud-native foundation facilitates cross-application queries and other activities, such as monitoring and alerts, across cloud platforms and applications. The company’s cloud SIEM service is integrated across cloud applications and platforms, as well as cloud security tools, such as AWS GuardDuty, Palo Alto Networks and Zscaler.
On the production side, Segobiano said he will use cloud SIEM to chain queries together to provide a storyline for security and do root cause analysis for outages and other scenarios.
For compliance, every host and server Genesys uses is prepackaged with the Sumo Logic platform and its compliance monitoring features, which helps the company deploy software faster, said Jarrod Sexton, Genesys’ manager of information security architecture. “We can let Sumo Logic do what it does in logging, ideation and other compliance work, and we can focus on building software,” he said.
Sumo Logic’s move into cloud SIEM follows a company survey of over 2,000 customers, in which it found one in four have implemented threat intelligence services, such as CrowdStrike and GuardDuty, and over 1,000 respondents have implemented AWS CloudTrail, a security audit service.