Get the reportMore
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
November 29, 2021
We’re excited to announce updates to Sumo Logic AWS Quick Start Integrations that enable customers to automate the integration of AWS Security Reference Architecture within Sumo Logic Cloud SIEM powered by AWS. The new integrations automate the collection, ingestion, and analysis of applications, infrastructure, security, and IoT data to derive actionable insights for security engineering teams. The updated integrations on AWS Marketplace provide a new CloudFormation template for customers to configure security data sources for their AWS organization following the Security Reference Architecture. They also establish the appropriate integration with their Sumo Logic Org, including data collection and access to Sumo Logic Cloud Security Monitoring and Analytics apps.
To enable security teams to stay ahead of evolving attack surfaces, Sumo Logic collects security events generated by AWS and other security services to provide an aggregate monitoring view of overall security and compliance posture. The Quick Start approach to deployment is designed for users who want to set up and configure the Sumo Logic console for AWS security services utilizing a more automated and repeatable process. The new integrations allow security engineers to automatically set a common architecture to tackle critical security-driven detection and investigation use cases utilizing 12 core AWS security data sources including Amazon Inspector, GuardDuty, Security Hub, CloudTrail, and CloudWatch. Sumo Logic customers with products built on AWS infrastructure can now streamline the collection of security events from AWS security services as well as manage the installation and configuration of Sumo Logic AWS-focused apps.
This new set of integrations is also designed to easily manage complex multi-account environments. The recommendations are built around a single-page architecture to drive key security event detection objectives in relation to deploying AWS accounts. This overall architectural guidance complements detailed, service-specific recommendations such as those found on the AWS security website. Customers can launch Quick Start through the AWS Marketplace, allowing all resources to be built by the CloudFormation stack created by the Management account StackSet.
Given increasingly active threat landscapes, security engineering teams have a greater need for integrated and scalable monitoring that provides meaningful real-time insights into the state of organizational security posture.
To help customers gain additional insights into the security of their infrastructure, we have rolled out four new AWS-specific Cloud Security Monitoring and Analytics apps in addition to the many security-focused apps already available in our app catalog. The four AWS-focused apps below have been developed to offer out-of-the-box queries, alerts, and dashboards in support of detecting active threats quickly.
GuardDuty focuses on protecting AWS accounts, workloads, and data with intelligent threat detection. The corresponding Sumo Logic dashboards surface the most relevant security insights from that data to yield actionable processes to tackle specific security concerns within your AWS infrastructure. This app allows you to stay ahead of changing attack surfaces in a repeatable way via Cloud Security Monitoring and Analytics dashboards that provide operational security awareness for AWS GuardDuty data sources.
AWS WAF (web application firewall) data allows you to monitor the HTTP and HTTPS requests that are forwarded to CloudFront and lets you control overall access to your content. Each dashboard within this application takes a different lens on AWS WAF data, from traffic patterns to threat intelligence, allowing you to identify the needles in the haystack that drive critical security concerns within your AWS infrastructure.
The Sumo Logic AWS Security Hub app extracts key findings from the AWS Security Hub, which is designed to centrally view and manage security alerts and automate security checks. The additional level of analysis within these dashboards surfaces the most relevant findings and takes a focused approach to improve overall security posture. Finding types and severity levels act as leading indicators for engineers to go into security incidents with the most relevant technical details to address active threats.
Install this dashboard to monitor and analyze Amazon Inspector scan results in real-time. Understand trends through the Sumo Logic integration with Amazon Inspector, which gives customers the ability to process, analyze and visualize security scan results over time. Identify anomalies and strengthen security and compliance posture. Surface critical security insights by understanding how application and infrastructure changes impact scan results help provide critical insights customers need to be successful in AWS.
Cloud-native monitoring: Sumo Logic allows you to ingest a diverse array of firewall, database, identity/access, and CDN data
Increased visibility: Track summarized overviews to get a broader sense of your production environments
Security-focused analytics: Analytics capabilities designed specifically for security engineering teams to prioritize, investigate, and respond to active security incidents
The Security Quick Start solution uses CloudFormation templates that create and/or configure the necessary AWS resources needed for collection, and make API calls to the Sumo Logic API to install the apps for a given AWS account and region. To get started, check out the Sumo Logic Quick Start help doc. If you don’t yet have a Sumo Logic account, you can sign up for a free trial today.
To get started, visit the App Catalog within your Sumo Logic instance and visit the Security category. If you don’t yet have a Sumo Logic account, you can sign up for a free trial today.
No matter where you are on your security modernization journey, Sumo Logic and AWS can help you achieve your goals. Learn more about Sumo Logic Cloud SIEM powered by AWS.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.Start free trial
Build, run, and secure modern applications and cloud infrastructures.