Intuitive monitoring, troubleshooting & security for all your apps 30 days free

Back to blog results

November 17, 2020 By Kevin Goldberg, Dan Wachdorf, Mike Lupiani, Olaf Stein, Dana Torgersen

Full VPC traffic visibility with AWS Network Firewall and Sumo Logic

We’re happy to partner with AWS on their launch of AWS Network Firewall by providing a cloud-native integration that gives customers real-time visibility into network traffic and automated correlated events surfaced by AWS. Too often, virtual private cloud (VPC) traffic is a black box leaving many security operations teams unable to connect potential threats to their broader infrastructure. This lack of visibility only serves to increase the time it takes security analysts to investigate and respond to potential threats, thereby reducing the organization’s security posture.

Our Sumo Logic Cloud SIEM solution includes a new app for AWS Network Firewall, reducing the time to detect, investigate, and remediate security issues. Sumo Logic automatically generates actionable insights enriched with user, device and network context across all of your AWS and hybrid on-premises and cloud environments. Correlating threats and events from AWS Network Firewall with events across your infrastructure, application, and security vendors allows you to quickly identify potential threats and indicators of compromise–regardless of the data source or location.

Sumo Logic provides a seamless experience with AWS Network Firewall, reducing the effort and time normally spent deploying firewalls and managing logs. Our native cloud ingestion from S3 allows users to simply enter credentials or an IAM role and the AWS Network Firewall log data is automatically ingested into Sumo Logic. From there our out-of-the-box dashboards via our AWS Network Firewall app and Cloud SIEM content rules make it easy to detect and investigate threats identified by the AWS Network Firewall logs. Our Cloud SIEM automatically correlates those threats against security events we detect from all of the security data sources the customer sends, and we generate Insights indicating potentially critical incidents that need to be investigated immediately.

Automated security operations

Sumo Logic’s Cloud SIEM solution performs automated threat detection, analysis, and correlation using threat intelligence, historical searches, and out-of-the-box security rules for many AWS services including AWS Network Firewall. By correlating security alerts from AWS Network Firewall, other AWS services and all of your security tools, Sumo Logic provides you with granular visibility for investigating threats along with context automatically enriched from your user, device, and network activity.

With our Cloud SIEM, SOC teams can automatically generate actionable insights enriched with user, device, and network context across all of your AWS and any hybrid on-premises and cloud data sources.

Threat insights

Sumo Logic's Threat Intelligence functionality–powered by CrowdStrike–works out-of-the-box with our AWS Network Firewall app, allowing you to quickly identify potential threats and indicators of compromise. This intelligence also helps you understand the security posture of sources connecting to your AWS and hybrid environments.

Rapid security response

Sumo Logic’s Cloud SIEM enables you to reduce the time to detect, investigate, and remediate security issues surfaced from your AWS Network Firewall rule events and alerts. By correlating threats and events automatically from AWS Network Firewall with events across your infrastructure, applications, and additional security tool investments – your SOC team gains the critical threat visibility and time needed to investigate root causes.

Speaking of other data sources, as an AWS-native solution, Sumo Logic easily integrates across your systems and comes with hundreds of apps that provide pre-built dashboards, queries, and alerts. You can also configure real-time alerts based on high-priority events to initiate your response investigations.

Powerful search and investigation

Sumo Logic provides security insights with foundational correlation, and deep search-based investigation along with the solution’s rich data visualization with out-of-the-box content and customizable dashboards.

The granular visibility helps deliver a unified view of all security events for managing alerts, running analytics for rapid detection of threats, deep forensic investigation, and quick incident response.

Low total cost of ownership and fast time-to-value

Achieve a low total cost of ownership and rapid time-to-value thanks to our AWS-native platform and economic licensing model.

Secure by design

Our strong commitment to data security is validated by the platform’s third-party compliance attestations and certifications, including PCI DSS 3.2.1 Service Provider Level 1 attestation of compliance, SOC 2 Type 2 Audit Report, HIPAA Security Rule Attestation of Compliance, ISO 27001 Certification, and CSA STAR Level 2 Certification.

You can learn more about AWS Network Firewall here and see Sumo Logic Cloud SIEM in action here.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic Continuous Intelligence Platform™

Build, run, and secure modern applications and cloud infrastructures.

Start free trial

Kevin Goldberg, Dan Wachdorf, Mike Lupiani, Olaf Stein, Dana Torgersen

More posts by Kevin Goldberg, Dan Wachdorf, Mike Lupiani, Olaf Stein, Dana Torgersen.

People who read this also enjoyed


Sumo Logic extends support for OpenTelemetry to AWS Lambda


Sumo Logic to accelerate modernization of security operations with proposed acquisition of DFLabs


Sumo Logic Continues to expand Public Sector Footprint