Sumo Logic, known for its ability to delve into operational log files, find patterns and detect anomalies, has turned its attention, technology and skill to inspect operational and machine data files to uncover cyber attacks.
Here's what Sumo has to say about its announcement
Sumo Logic Enterprise Security Analytics is built on top of the following architectural, analytics and content capabilities:
- Elastic Scale: Sumo Logic provides patent-pending Elastic Log Processing to handle daily bursting of multiple terabytes of data per customer for search, correlation and visualization.
- SaaS: Delivered as a service, Sumo Logic provides rapid time-to-value with minimal overhead.
- Hybrid-cloud data collection: Collect from physical, virtual, cloud and SaaS data sources in minutes.
- LogReduce for Security Forensics: This patent-pending capability allows companies to quickly uncover the root cause of a threat incident via unique pattern recognition, reducing the mean time to resolution by 50 percent or more.
- Anomaly Detection: Sumo Logic Anomaly Detection incorporates machine learning to automatically uncover security events in real-time, helping enterprises to ward off threats before they fully impact the organization without relying on rules or predefined schemas.
Security Content Capabilities
- Sumo Logic Applications: Sumo Logic Enterprise Security Analytics includes specific security applications for both cloud-based and on-premise data sources to generate security and compliance insights:
- Cloud-based data sources include: Amazon Web Services (AWS) CloudTrail, Akamai Cloud Monitor
- On-premise data sources include: Palo Alto Networks, Sourcefire, Snort, Cisco ASA, OSSEC, Hyperguard
Common use cases for Sumo Logic Enterprise Security Analytics include:
- Identifying data exfiltration by uncovering and correlating security events across multiple data sources
- Reducing compliance costs by accelerating and simplifying compliance reporting and auditing as well as providing continuous compliance management
- Auditing access to sensitive and mission-critical applications that are both on-premise and in the cloud
- Enabling high-speed forensic investigations into security incidents spanning terabytes of security and operational machine data
It seems that every day we learn of a new security breach that released personal or credit card information on millions of customers. This is only the beginning of the full story. Many security breaches are never disclosed so we really don't have a handle on the size of the problem.
The biggest challenge is that the attacks target quite a number of elements in companies' IT infrastructure from the database servers down to individual point-of-sale devices in retail stores. Why is this? Well, most big companies have deployed complex, distributed systems without having the ability to watch the operation of all of the internal components of those systems. There is simply too much happening, in too many places, for IT operations staff to be able to watch everything.
Suppliers, such as Sumo Logic, have long pointed out that this is an untenable situation and that the use of big data analytics, pattern and anomaly detection could be the tool that could catch "black hats" in the act and prevent these losses.
I don't believe that there is a single "silver bullet" that can stop these attacks. I do, on the other hand, believe that tools such as that being offered by Sumo Logic should be carefully evaluated and deployed to start down the road of early detection and loss prevention.