Sumo Logic Application for AWS CloudTrail

Cloud is opaque

One of the biggest adoption barriers of SaaS, PaaS, and IaaS is the opaqueness and lack of visibility into changes and activities that affect cloud infrastructure. While running an on-premise infrastructure, you have the ability to audit activity ; for example, you can easily tell who is starting and stopping VMs in virtualization clusters, see who is creating and deleting users, and watch who is making firewall configuration changes. This lack of visibility has been one of the main roadblocks to adoption, even though the benefits have been compelling enough for many enterprises to adopt the Cloud.

This information is critical to securing infrastructure, applications, and data. It’s critical to proving and maintaining compliance, critical to understanding utilization and cost, and finally, it’s critical for maintaining excellence in operations.

Not all Clouds are opaque any longer

Today, the world’s biggest cloud provider, Amazon Web Services (AWS), announced a new product that, in combination with Sumo Logic, changes the game for cloud infrastructure audit visibility. AWS CloudTrail is the raw log data feed that will tell you exactly who is doing what, on which sets of infrastructure, at what time, from which IP addresses, and more. Sumo Logic is integrated with AWS CloudTrail and collects this audit data in real-time and enables SOC and NOC style visibility and analytics.

Here are few examples of what AWS CloudTrail data contains:

• Network acl changes.

• Creation and deletion of network interfaces.

• Authorized Ingress/Egress across network segments and ports.

• Changes to privileges, passwords and user profiles.

• Deletion and creation of security groups.

• Starting and terminating instances.

• And much more.

Sumo Logic Application for AWS CloudTrail

Cloud data comes to life with our Sumo Logic Application for AWS CloudTrail, helping our customers across security and compliance, operational visibility, and cost containment. Sumo Logic Application for AWS CloudTrail delivers:

• Seamless integration with AWS CloudTrail data feed.

• SOC-style, real-time Dashboards in order to monitor access and activity.

• Forensic analysis to understand the “who, what, when, where, and how” of events and logs.

• Alerts when important activities and events occur.

• Correlation of AWS CloudTrail data with other security data sets, such as intrusion detection system data, operating system events, application data, and more.

This integration delivers improved security posture and better compliance with internal and external regulations that protect your brand. It also improves operational analytics that can improve SLAs and customer satisfaction. Finally, it provides deep visibility into the utilization of AWS resources that can help improve efficiency and reduce cost.

The integration is simple: AWS CloudTrail deposits data in near-real time into your S3 account, and Sumo Logic collects it as soon as it is deposited using an S3 Source. Sumo Logic also provides a set of pre-built Dashboards and searches to analyze the CloudTrail Data.

Additional Resources

• How to Read, Search, and Analyze AWS CloudTrail Logs