2022 Gartner® Magic Quadrant™ SIEM
Get the reportMore
For many businesses, compliance, management and data protection in the cloud have been a major challenge due to the shared responsibility model and automation of public cloud infrastructure. Ensuring consistent security controls across hybrid environments requires new methodologies for security and auditing teams.
At the AWS Loft event in San Francisco last night, over 100 people joined industry thought leaders from Herjavec Group, Sumo Logic and Twitter for drinks, networking and thought provoking content.
What I found particularly engaging and informative was the presentation from Jim Skinner, Technical Program Manager for the Twitter platform.
Jim helped develop the infrastructure that resulted in the Oscar polling card, the World Cup polling card and other interactive experiences found within the Twitter app. He also led the security efforts that allowed Twitter to become PCI compliant.
Twitter, a $17B powerhouse that enables users to send and read short 140-character messages called “tweets” has seen tremendous growth and now boasts over 304 million monthly active users.
To support this massive social networking service, Twitter has built a massive, highly-secure private datacenter that runs hundreds of thousands of servers.
With an upcoming PCI audit, Twitter turned to Sumo Logic to help. PCI DSS requirement 10 calls out the need for logging mechanisms, to help track, alert and analyze when something goes wrong. More specifically:
“We would not have passed our PCI audit in the allotted timeframe if it were not for Sumo Logic,” said Skinner. “Trying to put logging controls into our private cloud could have put the entire infrastructure within scope. Sumo Logic helped us completely segment all of our auditing data from our private cloud environment.”
While Twitter could have certainly done this on their own – given their resources – trying to procure, deploy and configure the necessary hardware, software, routers and security policies within their datacenters would have taken a lot of time and money. Time to value was key! Another challenge would have been the sign-offs needed from IT & Security to make changes to their production environment, which one can imagine they take very seriously. This would have required a lengthy review and approval process. It was time and effort that was deemed unnecessary and might have injected risk with their upcoming PCI audit.
With Sumo Logic’s numerous security attestations, including PCI DSS 3.0 Service Provider Level 1 and SOC 2 Type II, sending log data to Sumo Logic’s cloud platform, was a no brainer, and allowed Twitter to easily address PCI requirement 10. Boxes were built with the Sumo Logic collector agent to forward data to the Sumo Logic platform.
As maturity and experience with the Sumo Logic platform increased, Twitter started programming the system to automatically look for what they cared about, and generate alerts in real-time should thresholds be exceeded or anomalies detected from baseline patterns. Sumo Logic’s usage of machine learning helped them identify key metrics they would not have found otherwise.
In summary, Twitter was able to take an approach to PCI compliance that reduced scope, time and complexity. “It allowed us to not pollute or have our main datacenter in scope,” said Skinner. “Who really wants to deal with centralized logging and managing the execution environment anyways? This is not sexy. If you want to be an agile digital business, this is not what you want your teams to be working on.”
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.Start free trial
Our mission is to create a force multiplier for SOC teams and security analysts so they can reduce the time to verdict or judgment while triaging new Insights. At Sumo Logic, we take a different approach than other SIEM solutions. We don’t just create alerts and leave the analyst to gather other artifacts to gain context. We associate and group alerts, or what we call Signals, to an Entity (IP, User, Hostname, etc...).