A global fitness franchise strengthens security by expanding their Sumo Logic implementation to include Cloud SIEM Enterprise
The fitness company sought security information and event management (SIEM) options to protect its operations along with the personal data of more than one million members around the world. By securely monitoring the threats across its entire infrastructure, the company had the potential to dramatically shorten the amount of time necessary to detect and correct vulnerabilities.
The company augmented its existing machine data management application to incorporate Sumo Logic’s Cloud SIEM Enterprise solution. Working with the vendor, the fitness company soon learned how to fully exploit its newly-enabled, highly tuned user interface and streamlined security operations (SecOps) workflows to revolutionize how it thwarted potential hazards.
Sumo Logic’s cloud-native SIEM made it possible for the fitness company to eliminate its burden of manually correlating security-oriented output from a set of dissimilar tools. Instead, the company could now concentrate on perfecting lightweight and agile operations and uncovering previously hidden risks – all without necessitating a dedicated Security Operations Center (SOC).
Founded in 2010, the fitness company has rapidly expanded to greater than 1,200 locations in all 50 states plus more than 23 countries worldwide. Today, the company serves more than one million members and generates in excess of $1 billion in annual revenues. Its mission is to help people lead longer and better lives through exercise, mindfulness, and by imparting valuable health-related guidance.
The fitness company provides customers with an energetic one-hour full body workout that specializes in building endurance, strength, and power – or a combination of the three. What sets this regimen apart is its focus on heart rate-based interval training. This has been proven to burn more calories after the workout has concluded than more traditional exercises. During exercise sessions, students wear heart monitors that display real-time telemetry on screens throughout the studio. To further optimize results, the company’s fitness coaches supervise these events to prevent over or undertraining.
To power its global operations, the company makes extensive use of cloud computing, running on platforms such as Amazon Web Services (AWS) for its web applications and Microsoft Azure for its software development pipeline. Although 90% of the company’s application development is carried out in the cloud, there are still vital hardware and software applications deployed on-premises.
The fitness company sports a sophisticated – and growing – information processing environment that embraces fresh approaches such as the AWS Lambda serverless architecture. The company employs lightweight, agile software development methodologies that result in application updates taking place multiple times each day. As a data-driven organization, they also generates and captures enormous amounts of metrics – approximately 50,000 data points per member during each workout. Naturally, all of this information also spawns a sizable volume of related log files.
The company initially deployed Sumo Logic to make the most of its ever-enlarging machine data collection. The rollout proceeded smoothly and was quickly ingesting significant volumes of log files per day. However, even though the initial Sumo Logic implementation was of great utility to the company’s operational staff, it soon became apparent that significant shortfalls still remained in how the company’s security operations interacted with the organization’s computing resources. Instead of utilizing a centralized view that aggregated all security-related details across the company’s technology portfolio, the security group was obligated to manually connect to each resource to ascertain what was happening across their environment. For those assets that were capable of instant notification, alerts were delivered via a non-integrated set of emails or text messages.
To surmount these formidable obstacles, they sought a modern SIEM solution. In partnership with their specialized security reseller, the company performed a thorough evaluation of multiple offerings, including Splunk, IBM QRadar, LogRhythm, Rapid7, and Sumo Logic’s cloud-native SIEM alternative. After a careful side-by-side research project that was concluded in approximately six months, they selected Sumo Logic based on a set of important factors, including its:
- Born-in-the-cloud architecture
- Automated and streamlined security operations workflows
- Innovative and forward-thinking design
- Ease of deployment
- Access to an elite team of threat hunters
With the appraisal complete, the move into production proceeded quickly – just as it had for the original Sumo Logic machine data aggregation undertaking. The company began this phase by centralizing security-related information from its multiple cloud environments as well as on-premises resources – including network monitoring and Active Directory logs. In less than two weeks, the fitness company attained its full ingestion rate and immediately began obtaining actionable intelligence from its new Sumo Logic Cloud SIEM Enterprise system.
In contrast with its earlier hodgepodge of disparate security tools and procedures, the company’s Sumo Logic Cloud SIEM Enterprise deployment supplies a far-reaching, yet consistent user experience - designed by analysts for analysts. Running lightweight, agile security operations is one of the most fundamental goals for the company’s technology leadership team: the company has no intention of building and staffing its own SOC. Sumo Logic has been an instrumental ingredient in bringing this vision to reality. All security-related matters are overseen by a single specialist. This individual is supported by an external Managed Service Provider (MSP) which is tasked with responding to most day-to-day desktop, infrastructure, and corporate user help desk requests. Other colleagues may be tapped to provide assistance towards resolving more challenging issues. Finally, experts from Sumo Logic’s Special Operations (SpecOps) team continuously monitor and hunt for threats across their enterprise, in addition to providing advice and guidance that contribute to continual improvement.
This new Sumo Logic security solution has transformed how the fitness company conducts its security procedures. Rather than forcing analysts to pore over dissimilar log files across the entire company and then attempt to piece everything together, Sumo Logic Cloud SIEM Enterprise presents all ingested data in a consistent, understandable, and correlated format that pinpoints critical threats that merit immediate investigation. One of the first discoveries made from the new SIEM system was that most threats were related to email. These included phishing, malware, viruses, as well as bad actors probing the company’s publicly facing endpoints. Other insights have been equally compelling. In one example, Sumo Logic exposed an ongoing series of callouts to domains known to be affiliated with malicious activity and traced the issue to a set of outdated software libraries. From start to finish, the entire detection, investigation, and mitigation process took less than 48 hours. Prior to Sumo Logic, it’s possible that the erroneous application traffic might never have been detected.
The inaugural Sumo Logic successes have laid the foundation for additional usage scenarios. Going forward, the company will seek supplementary opportunities to further automate its security processes. This will include ingesting more data from both existing and new sources while strengthening the use of the company’s complete Sumo Logic platform. Regardless of the exact blend of future initiatives, Sumo Logic will continue to supply training, certification, and workshops via its professional services team, along with proactive, attentive technical support.