Sumo Logic Cloud SIEM Enterprise: Helping SOC personnel to better manage real security events
Sumo Logic, the leader in continuous intelligence, announced the availability of its new Cloud SIEM Enterprise offering, which includes a rich set of capabilities to ease the burden on security operations center (SOC) personnel.
The new capabilities help identify and prioritize high fidelity threats and automate the analyst workflow, allowing SOC personnel to better manage real security events and effectively enforce security and compliance policies.
Sumo Logic will be showcasing its Security Intelligence portfolio offerings at RSA Conference 2020.
Today’s SOC teams are fatigued and under pressure from receiving tens of thousands of alerts every day. Compounding this problem, many SOCs were built around legacy solutions designed with SIEM technology invented years, even decades ago.
According to a recent survey of IT and cybersecurity professionals by Enterprise Strategy Group (ESG), 34% of respondents said the volume of security alerts has increased over the past two years.
With this increase of volume, many of these alerts are left unnoticed, because many security analysts are still relying on legacy tools, such as on-prem SIEM technology or outsourced security, that do not provide them with actionable intelligence.
Analysts spend the bulk of their day manually investigating alerts to separate valid threats from the noise. Unfortunately, this exhaustive work is ineffective at reducing risk to the organization.
With the rapid transformation to the cloud, shifts in the threat landscape, and security operations facing human-scale limitations – it’s clear that the SOC has to change.
“ESG research shows 70% of organizations continue to anchor their security analytics and operations with traditional SIEMs,” said Jon Oltsik, Senior Principal Analyst and Fellow at ESG.
“Despite the central role SIEM plays, the research indicates that SOC teams use additional tools beyond SIEM for threat detection and response, investigations and query, threat intelligence analysis, and process automation and orchestration.
“Sumo Logic’s Cloud SIEM Enterprise, can help bridge this gap with a broader set of automation capabilities targeted directly at the modern SOC. These automation capabilities can help reduce alert fatigue while offering the continuous intelligence needed to collaborate, develop, operate, and secure applications at cloud scale.”
Expanding continuous intelligence to security operations
The newly announced Sumo Logic Cloud SIEM Enterprise is a cloud-native solution that addresses the challenges facing today’s modern SOC. This latest offering by Sumo Logic modernizes security operations by automating the manual work for the security analyst, saving them time and enabling them to be more effective by focusing on higher-value security functions.
Sumo Logic Cloud SIEM Enterprise also provides real-time insights and intelligence SOC teams can use to quickly identify evidence of compromise and improve their ability to respond quickly by understanding the impact of an attack. This removes common technology limitations that burden a SOC’s efficiency and ability to mitigate risk.
Sumo Logic Cloud SIEM Enterprise innovations include:
- Modern SaaS SIEM that enables customers to collect any security data, better correlate this data with context, prioritize actionable insights, and automate analyst workflows to build and automate security operations from the cloud.
- Improved analyst productivity with automated SOC analyst workflows performing routine manual tasks including data collection, correlation, and alert prioritization necessary to support investigations and threat hunting. These automated workflows are combined with deep search capabilities and connectivity to the customer’s existing response platforms.
- Focused and guided workflows that help level 1 and level 2 SOC analysts efficiently use their time and resources performing high-value activities, such as threat hunting, automation, and incident response versus managing and maintaining a SIEM.
- 360-degree visibility that provides context across user, device, app, and threat intelligence data, including deep packet inspection for full visibility into the customer’s network traffic (and AWS via VPC traffic mirroring with Sumo Logic’s network sensor).
- Elastic scalability via multi-tenant architecture that supports rapid application growth and security requirements. The service overcomes the inherent limitations of traditional architectures by allowing organizations to burst as needed without any manual intervention.
“As an enterprise with a cloud-first strategy, it’s imperative that security easily integrates into our modern application architecture,” said Lewis Brodnax, chief security officer, GreenSky.
“Using Sumo Logic’s Cloud SIEM Enterprise solution automates our security processes, so my SOC analysts can focus their time and effort on the real threats. It also allows my team to coordinate and manage incidents and quickly respond to today’s rapidly changing threat landscape.”
“We believe organizations will greatly benefit from our new Cloud SIEM Enterprise offering that features comprehensive functionality from automated security workflows to advanced threat detection and best-in-class cloud visibility to address modern security operation challenges,” said Greg Martin, general manager, security business unit, Sumo Logic.
“With the industry’s fast-moving transformation to public cloud, we wanted to give security teams a cloud-native solution with robust features they can use to navigate today’s cloud centric world.”