Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
August 19, 2021
Given today’s evolving multi-cloud dynamics and increasingly active threat landscapes, security teams have a greater need for integrated and scalable monitoring that provides meaningful real-time insights into the state of organizational security posture. As organizations adopt cloud-first strategies, cybercriminals have taken note and continuously evolve their tactics to gain access to valuable cloud data. Just one security event can have far-reaching consequences that negatively impact brand reputation and financial bottom line.
Despite a clear need to build towards ongoing solutions for these newfound use cases, security monitoring for cloud infrastructure has presented challenges for organizations. Few security solutions are natively designed to analyze cloud environments effectively, and legacy approaches are complex, costly, and don’t scale well to handle cloud-scale data volumes. To continue our commitment to helping our customers gain additional insights into the security of their infrastructure, we are rolling out three new AWS-specific cloud security monitoring and analytics apps in addition to the many security-focused apps already available in our app catalog. The content of the catalog is available in the Sumo Logic Cloud SIEM Powered by AWS incorporates includes compliance, Cloud Security Monitoring and Analytics, Cloud SIEM, and Cloud SOAR technologies with out-of-the-box integrations with key AWS security services, and integrations with cloud-based SaaS and on-premises security services.
Security teams must re-examine the technology being used to monitor cloud security data. Adopting an approach that readily scales to support digital transformation initiatives and data growth with cloud monitoring that is purpose-built to address security use cases will provide organizations with an excellent fit to meet their needs of today and into the future. The three AWS-focused apps below have been developed to offer out-of-the-box queries, alerts, and dashboards in support of detecting active threats quickly.
The focus of GuardDuty is on protecting AWS accounts, workloads, and data with intelligent threat detection, and the corresponding Sumo Logic dashboards are designed to surface the most relevant security insights from that data to yield actionable processes to tackle specific security concerns within your AWS infrastructure. Utilizing this app allows you to stay ahead of changing attack surfaces in a repeatable way via cloud security monitoring and analytics dashboards that provide operational security awareness for AWS GuardDuty data sources.
Improve overall situational awareness with the GuardDuty security monitoring overview which includes high severity findings and outliers. Threat descriptions allow security engineering teams to better understand specific threats and associated severity levels.
More granular dashboards also allow security teams to view relevant panels including latest findings as well as trending findings broken down by threat purpose. Drill further down into associated threat purpose, threat name, etc. to ensure that corporate resource types and AWS accounts are properly secured in order to consistently evaluate overall security posture for your AWS instances.
AWS WAF (web application firewall) data is a rich source of security findings, as it allows you to monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control overall access to your content. Each dashboard within this application takes a different lens on AWS WAF data, from traffic patterns to threat intelligence, allowing you to truly identify the needles in the haystack that drives critical security concerns within your AWS infrastructure.
The security monitoring overview dashboard serves as an overarching summary of AWS WAF data and general trends to consider from a security monitoring perspective. Traffic maps help to directionally orient security remediation efforts and clearly visually identify unanticipated changes in the overall cloud environment. Additionally, traffic trends and panels show all traffic broken out by rule type in order to identify any spikes that may require immediate attention.
Analyze AWS WAF traffic to improve situational awareness around firewall-related threat intelligence. Breakouts according to country and rule type generate clear actionable insights, enabling security engineering teams to act on unexpected anomalies in allowed traffic and blocked traffic patterns. Analyze AWS WAF data to assess trends including allowed threats and allowed traffic broken down by specific sources or malicious IPs. By identifying active security threats within your AWS infrastructure, security engineering teams can take action on specific named actors, pivoting out on the appropriate malicious confidence levels.
The Sumo Logic AWS Security Hub app extracts key findings from the AWS Security Hub, which is designed to centrally view and manage security alerts and automate security checks. The additional level of analysis within these dashboards surfaces the most relevant findings and takes a focused approach to improving overall security posture. Finding types and severity levels act as leading indicators for security engineers to go into security incidents with the most relevant technical details to address active threats.
The associated detailed security monitoring dashboard displays all findings, including critical severity findings, based on AWS Security Hub data. By allowing security engineering teams to quickly identify outliers based on a given threshold broken out by severity level, this dashboard is designed for day-to-day security operations as well as in-the-moment security incident detection in the event of an incident or a breach. Normalized severity levels throughout each panel act as an equalizer to clarify importance of a given finding within the context of all findings.
The new AWS-focused Cloud Security Monitoring & Analytics apps are designed to utilize the associated existing AWS data you are already collecting into your Sumo Logic instance, specific to each app. If you are looking to bring in net new data sources, consult the linked collection documentation for GuardDuty, AWS WAF, and Security Hub.
Cloud-native monitoring: Sumo Logic allows you to ingest a diverse array of firewall, database, identity/access, and CDN data
Increased visibility: Track summarized overviews to get a broader sense of your production environments
Security-focused analytics: Analytics capabilities designed specifically for security engineering teams to prioritize, investigate, and respond to active security incidents
Deep search; foundational correlation & alerting
Data enrichment & visualization
Threat feed integration, outlier detection, global threat benchmarking
To get started, visit the App Catalog within your Sumo Logic instance and visit the Security category. If you don’t yet have a Sumo Logic account, you can sign up for a free trial today.
No matter where you are on your security modernization journey, Sumo Logic and AWS can help you achieve your goals. Learn more about Sumo Logic Cloud SIEM powered by AWS.
Get started with Cloud SIEM powered by AWS.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial