Sumo Logic, a leading cloud-native, machine data analytics platform that delivers continuous intelligence, announced at AWS re:Inforce 2019 the Sumo Logic Global Intelligence Service for Amazon GuardDuty to deliver virtually real-time actionable insights that allow customers to benchmark themselves against other adopters of Amazon Web Services (AWS) cloud infrastructure to further strengthen cloud security posture, improve threat detection, and enhance regulatory compliance.
“In today’s hyper-connected world, organizations are facing rapidly evolving business requirements that demand them to completely rethink their architecture, IT environments and application stacks that comprise the backbone of their businesses,” said Bruno Kurtic, founding Vice President of Product and Strategy, Sumo Logic.
“As a multi-tenant, cloud-native machine data analytics platform, Sumo Logic is uniquely positioned to deliver rich context into not only how our customers’ applications and infrastructure stack are performing and behaving, but also how that behavior and performance differs from best-in-class organizations.
“This level of insight helps customers identify unusual patterns, outlier events and key performance and risk indicators that impact application performance and availability, as well as critical threats that could adversely affect an organization’s environment, or worse, their customers.”
The Sumo Logic Global Intelligence Service for Amazon GuardDuty analyzes globally active threats detected by the Amazon GuardDuty service to provide crucial insights and context into how an organization’s overall threat profile differs from industry peers and identifies rare or critical threats operating in the organization’s environment.
For instance, Sumo Logic can detect and highlight threats that rarely occur globally but are actively operating inside a customer’s environment such as attempted communication with XorDDos malware or other threats that might otherwise be hidden underneath a mountain of more common events.
“As a global consultancy, there are hundreds if not thousands of potential security threats and events that pass through our organization on any given day, making it a challenge to not only track, but prioritize how to handle these events,” said Philip Duldig, senior security analyst at ThoughtWorks.
“As an early adopter of Sumo Logic’s Global Intelligence Service for Amazon GuardDuty, the biggest value we’ve experienced is the ability to get actionable insights to prioritize and benchmark rare or non-frequent security events from our AWS workloads so we can optimize our security posture. I also love that I can compare global benchmarking data with my local data, to see how we are stacking up.”
The Sumo Logic Global Intelligence Service highlights critical differences between a customer’s overall threat profile and forward-thinking leaders that could be a result of misconfiguration, active intrusion or simply a lack of understanding or focus on specific attack vectors.
With powerful data insights into how a security program is performing, AWS customers can easily identify abnormal activity directly in the Sumo Logic platform and take immediate action to resolve those security issues before they impact their business.
“With the rise of DevSecOps and an ever-expanding global threat landscape, it’s more important than ever before for organizations to constantly monitor their environments and workloads for malicious activity,” said Dan Plastina, Vice President, Security Services, Amazon Web Services, Inc.
“The Sumo Logic platform can complement Amazon GuardDuty’s existing threat insights, making it even easier for security teams to detect threats and improve their cloud security posture.”
Using the Sumo Logic Global Intelligence Service for Amazon GuardDuty, customers can gain deep insight into their threat vectors to:
- Benchmark: Provides additional insights into various threat vectors and attacks to benchmark against what is normal for these attacks, how many users have seen similar attacks, and what is most and least common across AWS users
- Prioritize: Get the right priority around security events based on rare events
- Optimize: Take action to improve security postures by triaging and prioritizing efforts toward specific alerts and security best practices
The Sumo Logic Global Intelligence Service is an operational and security benchmarking service that leverages machine learning and statistical analysis to uncover global key performance indicators (KPIs) and key risk indicators (KRIs).
These global KPI and KRI benchmarks allow organizations to measure their technology choice, performance, and behavior against the world’s leading adopters of new technologies, modern architectures and cloud infrastructures.
“We developed the Sumo Logic Global Intelligence Service benchmark to help our customers accelerate the adoption of modern technologies such as cloud services and new application components that power their digital initiatives and differentiate them from the competition,” said Kurtic.
“This not only sets a standard for our customers, but it also provides a clear line of sight into how to improve their current processes and programs to remain competitive in the digital era.
“That’s why we’re committed to broadening the breadth and depth of the Global Intelligence Service and look forward to providing benchmarking insights to every part of our customers’ development, operations and security management lifecycles.”