The New Sumo Logic AWS Security Quick Start

Security is a top concern for any enterprise to move their applications and workloads to the public cloud. AWS offers a broad selection of native security tools and as our Continuous Intelligence Report noted, AWS customers are using several of these to improve the security of their AWS environment. However, it can be overwhelming to know where to start and how to deploy best practices for detecting security misconfigurations caused by human errors and attacks from external sources.

Sumo Logic Cloud SIEM is introducing a new AWS Quick Start solution with best practices, built-in content, queries, and dashboards to help customers to detect, investigate and respond to security threats and vulnerabilities. The Sumo Logic AWS Quick Start solution helps customers get started instantly with a decade of best practices that we have learned with 2000+ customers.

For instance, customers use our AWS CloudTrail app to track user activity, the GuardDuty app for monitoring threat detection and the GuardDuty Benchmark app to understand how customer’s security posture compares with the global benchmarks that we gather from hundreds of Sumo Logic customers. The VPC Flow Logs and the AWS WAF apps are used to monitor traffic patterns and the Threat Intel app for AWS is used to help detect threats in your environment with Sumo Logic Threat Intelligence, whereas the AWS apps for PCI and CIS Foundations are used to simplify audits and maintain compliance.

Given that most customers use multiple security apps, we have created an AWS Security Quick Start solution that allows customers to automate:

1. The collection of security events from AWS security services
2. The installation and configuration of over 11 Sumo Logic apps designed for AWS security

Once configured as described below, the automation takes less than 10 minutes.

Customers can also roll-back the collection and Sumo Logic app installation if so desired.

How to get started?

The Security Quick Start solution uses CloudFormation templates that create and/or configure the necessary AWS monitoring resources needed for collection, and make API calls to the Sumo Logic API to install the apps for a given AWS account and region.

Create the CloudFormation Stack

1. To begin, first download our AWS CloudFormation from this URL and follow the steps to Starting the Create Stack wizard in the AWS Management Console.
2. Then create the CloudFormation stack with the template file using these instructions in the AWS documentation.
3. Once you are prompted to specify stack parameters, you will then enter the required details for the template that includes the Stack name and various details for Sumo Logic such as the deployment name, organization ID, S3 bucket prefix and access keys. You can also specify if you would like to delete all Sumo Logic resources when the stack is deleted.
   
4. You can then specify which AWS security apps you want to configure for collection and installation. By default, all apps will be installed.
   
5. In the advanced section, the configuration for each app is already filled in. You can choose to modify as needed and then proceed to Create the stack.
   

Installed Resources

Once the stack has been successfully created, multiple nested stacks will be created along with the Main stack as shown below:

Collectors and sources will be installed automatically using the cloud formation template in Sumo Logic as shown below:

Sumo Logic Apps will be installed in a parent folder under your personal folders with the date and time:

Uninstall Resources

If you have chosen to delete Sumo Logic Resources when stack is deleted then you can delete all the resources attached with your stack by simply deleting the stack by selecting the parent stack created for Quick Start in the CloudFormation section of the AWS Management Console and clicking the Delete button.

Get Started in Minutes!

To get started, check out the Sumo Logic Quick Start help doc. If you don’t yet have a Sumo Logic account, you can sign up for a free trial today.