Sumo Logic’s analytics capabilities allow security teams to find insights within their data

Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly.

Sumo Logic security analytics

These advancements, bolstered by Sumo Logic’s free data ingest licensing, empower customers to use their critical security data to close security gaps and better fuel DevSecOps.

A recent Cloud Security Alliance survey found that only 30% of respondents believe they have good collaboration between security and development teams. At the root of the problem, security teams get signals of potential threats but often need developers or operations teams to help diagnose, assess and resolve. DevSecOps practices can help solve these challenges, which require a single source of truth, contextual data, cross-team collaboration, and AI and automation to power faster decision-making.

“Many organizations are still working to adopt a ‘shift-left’ strategy to evolve to a true DevSecOps approach that breaks silos and enables teams to solve the hardest operational and security challenges faster. This is only possible when teams across development, security and operations are looking at the same data and insights, which means aligning on the atomic level of data – logs,” said Joe Kim, President and CEO of Sumo Logic.

“We’re excited to deliver new security innovations leveraging AI and deeper threat intelligence, all wrapped around our new Flex Licensing model – removing the economic and collaboration barriers by ingesting, storing and analyzing all security log events in the Sumo Logic SaaS Log Analytics Platform, so Dev, Sec and Ops teams have a single place to monitor and secure their apps and infrastructure,” added Kim.

Sumo Logic’s latest security innovations and enhancements fuel DevSecOps by:

Quickly finding insights

Sumo Logic’s advanced analytics capabilities allow security teams to find insights within their data to keep up with the rapid pace of cyber threats. Whether companies are looking to detect threats or troubleshoot issues, Sumo Logic provides the tools teams need to uncover valuable insights in real-time. New and updated capabilities include:

MITRE ATT&CK Threat Coverage Explorer: MITRE ATT&CK Threat Coverage Explorer is a new feature within Sumo Logic’s Cloud SIEM solution that helps security teams analyze its threat coverage across the organization and continuously improve its security posture. With the industry’s most comprehensive out-of-the-box rules and content, no other solution provides customers the ability to view and filter both theoretical coverage and historical events relative to adversary tactics, techniques and procedures (TTPs).

Additionally, customers can compare their own exposure against peer benchmarks across the Sumo Logic customer base, leveraging global intelligence using dynamic filters to zero in on specific areas of concern based on their security log sources and rules they’ve disabled, enabled or prototyped.

Copilot: Sumo Logic is introducing Copilot, an AI-assisted log analytics experience with pre-built natural language prompts to help early career Dev, Sec and Ops teams gain expert-level insights, uplevel query skills and drive to root cause faster. Copilot’s innovative experience ensures that users can get accurate answers without trial and error, a common pitfall in many GenAI implementations.

AI-driven Alerting: Now generally available to all customers, Sumo Logic’s patent-pending AI-driven Alerting feature enables users to harness the power of AI-driven anomaly detection and automation through playbooks. AI-driven alerts get organizations closer to their goal of self-healing and self-protecting apps by triggering playbooks that automate response to unusual or suspicious application and infrastructure signals.

Unlike other solutions, Sumo Logic’s Anomaly Detection builds ML models using several weeks of historical data while leveraging AutoML to detect seasonality and tune model parameters without user intervention. Playbooks can also be assigned to monitors with a single click, significantly streamlining the experience compared to competitive products.

Collecting all the data in one place for actionable insights:

Sumo Logic offers a single source of truth for security and operational data, ensuring consistency and reliability across an organization. By centralizing security logs and threat intelligence in one platform with a flex licensing model and easy-to-query insights, Sumo Logic eliminates data silos and cost barrier concerns over which data to collect. Sec, Dev and Ops teams can trust that the information they’re working with is accurate, up-to-date and easily accessible for better decision-making and more effective collaboration.

New capabilities include:

  • New integrated threat intelligence: By integrating an out-of-the-box threat intelligence feed and third-party feeds with security log data, Sumo Logic is strengthening security postures and providing earlier threat detection. This new feature enables the integration of multiple threat intelligence feeds across all platform features to provide broad threat intelligence.
  • New unified interface breaks down DevSecOps silos: Sumo Logic is previewing a new UI experience across its Log Analytics, Cloud SIEM and SOAR offerings. With all data and dashboards in one place, Sec and Dev teams can streamline their processes, easily query from the same source of truth, and eliminate unnecessary tools.
  • Expanded cloud infrastructure security data: Thanks to Sumo Logic’s Flex Licensing and the latest addition of open-source security policy checks, customers can now enjoy increased cost-effectiveness without sacrificing security coverage from Cloud Infrastructure Security. Customers can maintain comprehensive visibility of the overall health of their AWS environment by leveraging the new Cloud Infrastructure Overview dashboard and take action against surfaced misconfigurations and vulnerabilities faster with AI-powered remediation plans and playbooks.

“To incorporate DevSecOps practices, you need more than a tool and more alerts. You need a cultural shift. Sumo Logic’s SaaS Log Analytics Platform has taken the complexity out of DevSecOps, so our teams are aligned, working from the same data, and keeping security best practices top of mind. With Sumo Logic’s AI-driven Alerting feature, we are now able to leverage machine learning and automation to reduce false positives, focus on issues that are truly anomalies, and quickly align on how to prioritize which issues to address first,” said Maulik Shah, VP of Cloud Engineering for Tala.

“As one of the world’s fastest-growing digital banks, we use the latest cloud-native technology to deliver a world-class experience to our customers. This means aligning our Sec, Dev and Ops teams and processes for full visibility across our entire tech stack. The speed and scale of Sumo Logic’s SaaS Log Analytics Platform and AI-driven Alerting have allowed us to collaborate better and gain real-time business intelligence to maximize security while optimizing our customer journey,” said Rohan Kulkarni, Site Reliability Engineering Lead, Trust Bank Singapore.

More about

Don't miss