New Global Intelligence Service for AWS CloudTrail Provides SecOps Teams Benchmarks to Identify Harmful Configuration Changes, Prioritize Remediation Efforts, and Optimize Security Posture
REDWOOD CITY, Calif. – Nov. 26, 2019 – Sumo Logic, a leader in continuous intelligence, today continues to follow-through with their strategy to extend the power of continuous intelligence across different use cases with the introduction of Global Intelligence Service for AWS CloudTrail. This latest offering provides security teams with valuable real-time security intelligence to scale detection, prioritization, investigation, and workflow to prevent potentially harmful service configurations that could lead to a costly data breach.
As more businesses move to the cloud, IT and security teams are seeing a significant influx of data from new sources such as virtual machines (Amazon Elastic Compute Cloud), identity access management tools and virtual storage services (Amazon Simple Storage Service). At the same time, they’re challenged with getting real-time visibility into this tsunami of data while operating in today’s modern cloud architecture.
With recent high-profile data breaches determined to be caused by a misconfiguration, many companies are looking for ways to identify configuration issues that could be used by hackers and cybercriminals to steal valuable data. According to Sumo Logic research, companies are already using cloud native security services such as AWS CloudTrail (60%) and VPC Flow Logs (34%) for audit and reporting purposes. However, the challenge facing many security teams today is the time, resources, and knowledge necessary to extract insights from data generated from these services, as well as how to use these insights to support their ongoing security efforts.
Benchmark, Prioritize, and Optimize with AWS CloudTrail Data
The new Sumo Logic Global Intelligence Service for AWS CloudTrail uses baseline algorithms derived from industry best practices, frameworks, and vulnerability scans to analyze event activity and create benchmarks and insights based on potentially risky AWS configurations across population cohorts. With this real-time intelligence, Sumo Logic helps customers address the following questions:
- How does my company’s attack surface compare to peers?
Benchmark: Sumo Logic provides teams with visibility into volume of individual AWS resources, variety of those resources, and velocity of change within those resources to identify how their attack surface is similar to or differs from others using AWS.
- Which service configuration changes are normal and which ones are harmful?
Prioritize: Sumo Logic provides teams insights and benchmarks to help them visualize and detect harmful configurations that can potentially cause data breaches. With this real-time intelligence, teams can focus on configurations that can be used as a potential point of breach entry and efficiently allocate resources to quickly perform remediation efforts.
- What can my company do now to prevent future attacks?
Optimize: Sumo Logic helps customers continuously optimize their security posture by providing security teams with recommendations on how to reduce their attack surface area (i.e. remove unused resources), proactively reconfigure their EC2, IAM, and S3 services based on baseline configurations, and which AWS accounts, users, and machines need to be added to watchlists.
“As more companies go through their digital transformation and cloud journeys, it is important for them to review their security posture and controls to ensure the security of customer-facing digital services, as well as sensitive customer data,” said Bruno Kurtic, co-founding vice president, product and strategy, Sumo Logic. “The security insights provided by our new Global Intelligence Service for AWS CloudTrail will be a valuable resource for already stretched security teams to proactively identify configuration issues and quickly address them before they turn into incidents and impact their business.”
Extending the power of Continuous Intelligence
This solution is the second offering from the company’s Global Intelligence Service, an operational and security benchmarking service that leverages machine learning and statistical analysis to uncover global key performance and risk indicators that allow organizations to measure themselves against the world’s leading adopters of new technologies, modern architectures, and cloud infrastructures. The first offering, Global Intelligence Service for Amazon GuardDuty, announced at re:Inforce 2019, is being used by leading companies to further strengthen cloud security posture, improve threat detection, and enhance regulatory compliance.
“The insights and benchmarks from Sumo Logic’s Global Intelligence Service for Amazon GuardDuty help us be proactive in securing our applications and infrastructure in AWS environments,” said Joe Tutokey, director, security operations, Rakuten Rewards. “We continuously review our security posture with Sumo Logic over our entire infrastructure starting in the CDN layer to edge systems protected by a web application firewall.”
The Sumo Logic Global Intelligence Service is part of the company’s Global Intelligence solution, a design to extend machine learning and insights to new teams and use cases. The other offerings include the Sumo Logic Continuous Intelligence Report, Sumo Community Insights, and Sumo Data Science Insights.
Global Intelligence Service for AWS CloudTrail is currently in closed beta and expected to be in the Sumo Logic App catalog early 2020.
- Watch how companies are using Sumo Logic to optimize their cloud security posture
- Learn how to quickly leverage and centralize visibility into the security of AWS environment
- Read our blog introducing Global Intelligence Service
- Download the 4th Annual Sumo Logic Continuous Intelligence Report
- Sign up for a free trial of Sumo Logic
About Sumo Logic
Sumo Logic is a leader in continuous intelligence, a new category of software, which enables organizations of all sizes address the data challenges and opportunities presented by digital transformation, modern applications, and cloud computing. The Sumo Logic Continuous Intelligence Platform™ automates the collection, ingestion, and analysis of application, infrastructure, security, and IoT data to derive actionable insights within seconds. More than 2,000 customers around the world rely on Sumo Logic to build, run, and secure their modern applications and cloud infrastructures. Only Sumo Logic delivers its platform as a true, multi-tenant SaaS architecture, across multiple use-cases, enabling businesses to thrive in the Intelligence Economy.
Founded in 2010, Sumo Logic is a privately held company based in Redwood City, California, and is backed by Accel Partners, Battery Ventures, DFJ Growth, Franklin Templeton, Greylock Partners, IVP, Sapphire Ventures, Sequoia Capital, Sutter Hill Ventures, and Tiger Global Management. For more information, visit www.sumologic.com.
Sumo Logic is a trademark or registered trademark of Sumo Logic in the United States and in foreign countries. All other company and product names may be trademarks or registered trademarks of their respective owners.
Any information regarding offerings, updates, functionality, or other modifications, including release dates, is subject to change without notice. The development, release, and timing of any offering, update, functionality, or modification described herein remains at the sole discretion of Sumo Logic, and should not be relied upon in making a purchase decision, nor as a representation, warranty, or commitment to deliver specific offerings, updates, functionalities, or modifications in the future.
PAN Communications for Sumo Logic