Sumo Logic’s proactive security analytics helps customers gain critical, real-time visbility into their AWS and on-premises infrastructure. Guaranteed query performance combined with purpose built applications, pre built searches, dashboards and reports help you demonstrate compliance in real-time while reducing the cost and time associated with audits. By correlating logs across various data sources you can reduce false-positives and run detailed root-cause analysis.
Join this webinar to learn how:
•InsideView is leveraging AWS CloudTrail and Sumo Logic to meet security and compliance requirements
•Pattern recognition and Anomaly Detection can uncover compliance events in real-time
•You can automatically adapt to changing compliance needs
•AWS and Sumo Logic can help you reduce audit costs and cycles
8. User Monitoring
Geo Location of All Users
Main users in the AWS account
Admin users activities over time
Recent Activity by Administrative Users
Launched and terminated instances
by user
Operations
Requested AWS services over time
API calls by AWS region
Elastic IP address operations
Created and deleted resources over
time
Network and Security
Authorization failures over time
Created and Deleted Network Security Events
Network and Security Events Over Time
Recent Security Group and Network ACL Changes
Network ACL with All Allowed Ingress/Egress
CloudTrail Use Cases
10. InsideView is a market intelligence
platform that aggregates, curates and
delivers inside information and intelligence
about customer’s target market
Multiple Accounts in AWS
Legacy infrastructure on-prem
Plan to load-balance workloads
Sumo Logic tied to key production account
Use AWS CloudTrail to gather compliance logs
Believe in the value of Sumo Logic and AWS integration
11. Sumo Logic Confidential
Challenges
• Visibility across hybrid infrastructure
• Querying across cloud and on-prem sources to demonstrate ISO 27000 series compliance
• Analyzing compliance logs generated by AWS CloudTrail
• Monitoring and auditing access to widespread resources
• Did not want costly and complex on-premise analytics solutions
• Wanted a comprehensive solution that could cover current and future compliance needs
12. Sumo Logic Confidential
Results with Sumo Logic
• Simplified querying across hybrid infrastructure for end-to-end infrastructure monitoring
• Leverage the Sumo Logic Application for AWS CloudTrail to monitor compliance logs
• The Application simplifies real-time monitoring with pre-built searches, dashboards and reports
• AWS CloudTrail gathers compliance log data for every command generated and Sumo Logic analyzes in
real-time
• Role-based access grants teams and individuals appropriate permissions which aids in meeting
compliance
• Sumo Logic helps audit access to resources and the associated user actions that is helping meet ISO
27000 requirements
• Sumo was far less complex and costly as compared to the leading competitive solution
• Looking to use Sumo Logic for other compliance needs in the future
13. SaaS infrastructure, fully operational within hours
Guaranteed 5X plus elastic index bursting and SLA’s on query performance
Reduce compliance audit costs by 30% , diminish complexity associated
with security and compliance audits
Future proof your investment with applications that adapt to changing
compliance
Built-in Machine Learning with Anomaly Detection and LogReduce
Secure by Design service complies with all major regulations
One service does it all – works with on-prem and cloud data sources to
provide security, operations and business insights
Advantage
The
Why Machine data insights are critical for organizations
1.Customer challenges:
Massive Explosion of data types and sources ( apps, cloud, on-prem, IOT) is resulting in:
-Fragmented infrastructures (cloud/on-prem) and gaining end to end visibility across these environments is becoming challenging
--Complex application environments and plethora of devices is adding to the chaos as IT is loosing visibility and control
- This results in Amplified availability, security and compliance challenges
2. Sumo Logic is a cloud based machine data intelligence service that helps organizations get comprehensive visibility across all infrastructures, applications, networks etc. and helps you transform these challenges into business advantages:
Powerful analytics engine helps you get meaningful insights such as availability, performance, security and customer insights through search, pattern recognition , brilliant visualization and proactive machine learning features.
We are different! We are a service. We are in the cloud.
Because we are a SaaS service, we can overcome the limitations of traditional solutions and offer unique differentiators such as:
We can ingest data from any source including on-prem and any cloud source, so you get a single solution to query across your entire infrastructure
Sumo Logic offers guaranteed 5X plus elastic index bursting to help customers meet seasonal and unexpected surges on-demand, without investing in expensive hardware.
Sumo Logic offers Service Level Agreements (SLAs) on query performance
Also notice what is missing in this picture. The machines monitoring the machines!. We are an effortless service offering industry –leading Mean time to value. The service can be set up within minutes and requires no additional investment
We run on AWS, the most reliable cloud platform. We leverage the performance and security features the platform offers and have build additional capabilities on top of it. We are secure by design - SOC 2 Type II, HIPAA, FIPS 140, US-EU Safe Harbor , encryption at rest and in transit
We are also a AWS advanced technology partner and a big data competency partner
ANIMATION ON SLIDE –
Sumo Logic Enterprise Security Analytics helps enterprises strengthen their security and compliance posture by transforming separate, reactive, and manual processes to integrated, proactive and automated ones. Our next-gen analytics engine is powered by 3 key differentiated capabilities
1.LogReduce
Sifting through hundreds of thousands of security logs to identify a specific issue is an extremely challenging undertaking. Sumo Logic drastically simplifies querying by correlating logs across various data sources to reduce false-positives and the patent-pending LogReduce technology reduces hundreds of thousands of pages of results into a handful of meaningful patterns so you focus on events that matter. LogReduce™ helps to reduce the mean time to resolution by 50 percent or more.
2.Anomaly Detection
Leveraging machine learning, Anomaly Detection extends beyond the human limitation of pre-defined rules and reports to unearth the “unknown unknowns” within enterprise data sets in real-time. Traditional solutions, which are more static in their approach, cannot address the dynamic security threats that organizations face today. Users can annotate and add contextual information to express future event detection and response time
3.Enterprise Applications
Help customers started with the service within minutes. Real-time, infrastructure monitoring with purpose built compliance apps, pre built searches, dashboards and reports make compliance adherence and audits a breeze. And because Sumo Logic is a cloud-based service, it routinely updates the compliance applications to meet current regulations so customers can automatically adapt to changing compliance needs with minimal effort.
We deliver seamless experiences to all AWS customers via pre –built integrations and application for key AWS services such as CloudFront, S3, CloudTrail and ELB. The real-time dashboards are built with customer feedback to help monitor your AWS infrastructure for availability, security , compliance and
customer insights effortlessly
Lets dig into our application for AWS CloudTrail. This is a popular application used by most of our customers that run part or their entire infrastructure in AWS.
Our customers tell us :
They use AWS CloudTrail because its a great tool for collecting all compliance logs into the S3 bucket
They need a solution that can help them then audit, monitor these logs for security, compliance and governance purposes
Our application allows customers get insights around user access monitoring, network and security infrasture and operations visibility.
Our customers are able to demonstrate compliance in real-time with purpose built dashboards, searches and reports.
Let take a look at how it all works (demo)
The Sumo Logic differentiators include:
Security-as-a-service, fully operational within hours with pre-built views, reports and dashboards
On-demand elastic scale to meet planned and unexpected spikes
End- to-end infrastructure monitoring , source no bar
Simplify and automate PCI audit processes and reduce audit cost and duration
No need to worry about changing compliance – we adapt our app and do the work so you don’t have to
On average traditional SIEMs can handle 3,000 EPS which is the equivalent of 100 - 200 GB / Day
Enable high –speed forensic investigations, reduce MTTI of security incidents by up to 40%