The tectonic shift happening within the public sector is seeing more and more federal organizations transitioning from legacy, on-premises systems to more scalable and secure cloud-based architectures. Sumo Logic’s cloud-first approach is a perfect fit for this so we’re excited to announce Sumo Logic has been prioritized by FedRAMP to work with the Joint Authorization Board (JAB) to achieve a Provisional Authority to Operate (P-ATO).
My role as a Chief Security Officer (CSO) has dramatically changed as we work to understand and adapt to COVID-19. It’s hard to believe that just a few weeks ago, my mind was focused on things such as FedRamp and the California Privacy Act (CCPA), now the majority of my time is focused on ensuring our employees safety and productivity, so they can continue to deliver products and support our customers and partners.
The first means to collect security-relevant information at Cloud SIEM Enterprise (CSE) was our Network Sensor. It was built to analyze network traffic and provide visibility beyond traditional SIEM's down to the network-level. Beyond organizing packets into flows, the sensor supports more advanced features such as decoding of common protocols, file carving, SSL certificate validation, OS fingerprinting, clustered deployment and more.
In today’s increasingly connected world, corporate security operations centers (SOCs) are more important than ever. SOC teams are on the front line of protecting the company operations and confidential data from the myriad of rapidly evolving cyber threats organizations face everyday. SOC teams are tasked with more responsibility than ever before. As a result, they are drowning in systems that don’t provide enough information or context to empower analysts to make informed decisions. As a result, SOC teams are spending too much time on analysis and validation and not enough time on problem solving.
As businesses transform their traditional business models into new digital ones, and aggressively compete for turf within the digital economy, their constant pursuit of competitive edge drives technology, process, and architectural innovations. As a result, it seems that every 18 months a technology paradigm shift comes about that enables better agility, lower cost, improved quality of service, better intelligence and more.
The main theme for this year’s RSA event focused on the human element in addressing the behaviors and activities of users and analysts. This is something that was echoed in our Cloud SIEM Enterprise announcement the previous week and we demonstrated in our booth with our truly modernized security analyst experience. Actually, when attendees spotted our Cloud SIEM Enterprise user interface they immediately requested to see a live demo and witness this new security analyst experience.
As the cloud continues to expand with no end in sight, it’s only wise to invest in it. Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service bring significant cost savings (personnel and ownership), improved performance, better reliability, freedom to scale and - above all - significant security benefits. It’s no wonder that so many businesses have already adopted all three of these models.
The tongue-in-cheek named malware detection tool, Yet Another Recursive Acronym (YARA) is described as “the pattern-matching Swiss Army knife for malware researchers (and everyone else)”. The Sumo Logic Cloud SIEM Enterprise platform is one of the first SIEM solutions to incorporate it as a built-in feature.
Running an effective security operations center (SOC) is at the heart of an enterprise’s strong cyber defense. SOC teams must continuously maintain visibility of security threats in their environment to inform and drive their response actions. Without a doubt, an organization’s response workflow is only as strong as the input that comes from their threat analysis.
Today’s SOC teams are fatigued and under pressure from overwhelming alert volume. Many SOCs were built around legacy solutions designed with SIEM technology invented years, even decades ago. With the threat landscape evolving at an unprecedented rate, SOC teams are limited by these technology restrictions and unable to keep pace with the volume and sophistication of modern attacks.