Today at Sumo Logic’s annual user conference, Illuminate, we are announcing a new cloud SIEM solution to address fundamental challenges legacy security analytics tools have failed to solve.
Traditional security information and event management (SIEM) solutions (and most all of the “next-generation” follow-ons) iteratively developed mature solutions that aggregated data for central monitoring, correlated and prioritized events, and provided reporting for largely on-premise infrastructures.
While most of the recent innovation in the SIEM product category has focused on integrating adjacent functions (UBA, SOAR, packet layer insight, etc.), the essential core functions of the traditional SIEM solution have not adapted to modernizing IT and have created a massive gap in the defense.
Rethinking Old SIEM Models
Digital transformation, cloud migration and modern application architectures have undermined the core threat assessment functions of the SIEM model demanding a complete re-think in four key areas:
- Democratize Security – cloud and new application architectures often leave specialized security analysts in the security operations center (SOC) unable to interpret, or in many cases gather, unfamiliar context needed to resolve threats. Data, analytics and workflow must be collaborative across the organization spanning development, DevOps, DevSecOps and security.
- Integrate Cloud and App Stacks – modern applications built using microservices, modular service chaining, and containers multiply attack vectors and sources of context. Data ingest and security content must cover the expanding attack surface areas of modern IT, including cloud infrastructure and tools, SaaS, and modern application architectures.
- Accelerate Investigation Workflow – modern application architectures are often driven by digital transformation initiatives in which company assets and intellectual property are exposed to the internet in production use cases. The sheer volume of data, and the resulting threat detection and investigation backlogs, can be staggering relative to traditional internal security models. Human and machine collaboration must accelerate workflows by orders of magnitude to keep pace in modern IT.
- Bridge DevSecOps and the SOC – as DevOps teams automate and shift left many security functions in application instrumentation, testing and deployment, they generate vulnerability and threat insight often not known or understood by the security operations teams tasked with the broad defense of deployed applications. Workflows must close the loop between upstream application build/deploy security and downstream detection and monitoring logic once the application is running in production.
The Sumo Logic Advantage
Sumo Logic has unique perspectives on these problems derived from deep experience with customers at all stages of cloud and application evolution, particularly with leading-edge environments.
That’s why today, we are excited to announce an entirely new and first of its kind cloud SIEM solution built specifically for today’s modern workflows, including DevSecOps.
Why the Sumo Logic Cloud SIEM Solution?
In thinking through the problem of how to re-architect the SIEM model for modern IT, the obvious place to start was in the cloud (elastic scale multi-tenant SaaS delivery only, no lift and shift pretenders allowed!) and for the cloud (analytics and workflow designed for emerging unsolved use cases, no sticking in the comfort zone of recycled out of the box rules!).
From there, we designed fresh approaches to three key aspects of the workflow:
- Data Ingest – broad cloud and application ecosystem data ingest, parsing and visualization; innovative indexing to accelerate search and context chaining; new approaches to problems of data normalization (e.g. forced, and sometimes inevitably incorrect, bucketing of data).
- Correlation and Prioritization – correlation content focused on cloud and application layer detection, including upstream DevSecOps workflows; analytics and context tracking combining security, IT ops, and DevSecOps.
- Investigation – rapid sub-second deep search with context chaining, event compression/organization, and workflow tracking/learning/sharing.
Security teams are under pressure to quickly assimilate a vast number of new data sources, use cases and threats and furthermore, DevSecOps and IT ops teams are under pressure to understand and build security into their workflows.
Our cloud SIEM solution will be a step toward helping both teams close the loop and help each other achieve their respective goals.
Future Innovations to Come
Beyond that first step, our aspiration is to pioneer a new model of security analytics for modern IT in the context of a platform that combines operational, security and business analytics in shared workflows and synergy.
Want to Learn More?
The cloud SIEM solution is now in a private, closed beta. Be sure to check back on the Sumo Logic website for future details on general availability.
For more information on Sumo Logic’s current security analytics offerings, download the Security Analytics solution brief.
- Download the 2018 ‘State of Modern Applications and DevSecOps in the Cloud’ report and/or read the press release for more detailed insights
- Download the ‘2018 Global Security Trends in the Cloud’ report
- Read the Sumo Logic platform release to learn more about our latest platform enhancements and innovations
- Sign up for Sumo Logic for free