Resource Center

Threat hunting is emerging as a must-have addition to cybersecurity strategies. By enabling organizations to find and mitigate threats before they ever touch their networks or systems, threat hunting provides the basis for a more proactive security posture – and one that delivers higher ROI on security tools and processes.

Companies generate data at an exponential rate, and the task of analyzing data to produce relevant security insights can be overwhelming. With evolving market dynamics and threat landscapes, security teams have a greater need for integrated and scalable monitoring that provides real-time and meaningful insights into the state of organizational security posture.

Organizations that want to do business with the Department of Defense are required to achieve CMMC compliance by the end of this year. Sumo Logic can serve as a tool to assist your organization in achieving CMMC compliance.

In the beginning, there was the Log – or to be a bit more precise, there were application logs. At least that's how it was in the early days of application development, when raw log data itself was more often than not the point where troubleshooting began.

Over the past decade, the way we build and deploy applications has changed dramatically. The explosion of public cloud providers enables us to deploy software without engaging in a drawn-out process to procure and set up infrastructure. Agile, DevOps, Continuous Integration, Continuous Deployment, and other changes to how we work have dramatically accelerated the speed with which we can get new applications and updates in front of our users.

Since 2010, it has been Sumo Logic’s mission to democratize machine data. Naturally, we tend to focus on the outcomes: reliable and secure applications and systems that are the engines of successful modern businesses. But to drive these outcomes, and before the spotlight-hogging analytics kick in, algorithms require data. And this is where the magic starts! Sensu has been working on championing a monitoring as code approach to building observability pipelines for a decade now.

The Sumo Logic team is pleased to introduce the general availability of Sumo Logic Cloud SIEM powered by AWS. This joint solution will empower CIOs, CISOs, security and IT leaders to solve modern and legacy security operations use cases for Enterprises of all sizes and maturity with deep and contextualized insights to reduce the time to detect and respond to threats.

I’m pleased to announce that Sumo Logic has finalized its acquisition of DFLabs S.p.A., a provider of security orchestration, automation and response (SOAR) software.

Sumo Logic is excited to host “The Modern SOC Summit” from June 8–9, 2021. This summit is a two-day virtual event hosted by Sumo Logic that is bringing together CISOs, security and operations practitioners, innovators and business leaders to debate, discuss and share best practices on modernizing security operations for the rapidly evolving threat landscape, growing adoption of cloud-native solutions and future state of security.

Application monitoring is a well-established discipline that dates back decades and remains a pillar of software management strategies today. However, as software environments and architectures have evolved, monitoring techniques have needed to evolve along with them. That’s why many teams today rely on distributed tracing to glean insights that they can’t gather from application monitoring alone. Distributed tracing provides a deeper level of visibility into complex distributed environments than application monitoring can achieve.

It's one thing to detect a cyber attack. It's another to know what the attackers are trying to do, which tactics they are using, and what their next move is likely to be. Without that additional information, it's difficult to defend effectively against an attack. You can't reliably stop an attack if you are unable to put yourself in the mindset of the attackers. This is why threat intelligence plays a critical role in modern cybersecurity operations. Threat intelligence delivers the context about attackers' motives and methods that teams need to react as effectively as possible against threats to their IT resources. Keep reading for a primer on what threat intelligence means, why it's important, and what to consider when implementing a threat intelligence strategy.

As more companies migrate workloads to the public cloud, more security operations teams face the challenge of securing those environments. Although cloud providers make accessing the logging very easy, it is not always easy to digest the mountains of data they provide. One example of this is AWS CloudTrail logging. This service is extremely robust which can lead to quite a bit of noise with basic detections.

Security operations is now a critical business function tasked with securing digital transformation initiatives, to effectively mitigate evolving attacks and expanding attack surfaces, handle complexity and tool proliferation while teams are continuing to be virtual and distributed.

Telegraf is a server-based agent for collecting all kinds of metrics for further processing. It’s a piece of software that you can install anywhere in your infrastructure and it will read metrics from specified sources – typically application logs, events, or data outputs.

In a recent experiment with my colleagues, I polled them about the following: “What would they do if the lights went out as you worked at night?” Besides identifying the funny and who-you-want-in-case-of-an-emergency responses, most of my colleagues checked to see if the problem might be broader than their own home.

When migrating to Kubernetes and re-architecting your applications into containers, logging is a critical piece to consider. The twelve-factor app methodology has a section dedicated to logging and outlines the importance of not worrying about routing and storage of your logs. As a best practice, applications running in containers should rely 100% on standard output (STDOUT). Unfortunately, getting logs from applications that do not write to STDOUT is non-trivial and has many things to consider.

It’s essential to choose the right tool for the job. I have an old, sturdy screwdriver that I use for lots of odd DIY jobs around my house, like cleaning gutters, opening paint cans, and general maintenance on my lawnmower. However, when I’m performing an upgrade on my computer, a large, rusty screwdriver isn’t the best tool to remove the screws anchoring my motherboard.

If your team falls into the majority of organizations that use NGINX – which remains the world’s most popular Web server – to host websites and Web applications, monitoring NGINX usage, performance, and transactions is critical for maintaining a positive end-user experience.