Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
December 3, 2019
Security is a top concern for any enterprise to move their applications and workloads to the public cloud. AWS offers a broad selection of native security tools and as our Continuous Intelligence Report noted, AWS customers are using several of these to improve the security of their AWS environment. However, it can be overwhelming to know where to start and how to deploy best practices for detecting security misconfigurations caused by human errors and attacks from external sources.
Sumo Logic Cloud SIEM is introducing a new AWS Quick Start solution with best practices, built-in content, queries, and dashboards to help customers to detect, investigate and respond to security threats and vulnerabilities. The Sumo Logic AWS Quick Start solution helps customers get started instantly with a decade of best practices that we have learned with 2000+ customers.
For instance, customers use our AWS CloudTrail app to track user activity, the GuardDuty app for monitoring threat detection and the GuardDuty Benchmark app to understand how customer’s security posture compares with the global benchmarks that we gather from hundreds of Sumo Logic customers. The VPC Flow Logs and the AWS WAF apps are used to monitor traffic patterns and the Threat Intel app for AWS is used to help detect threats in your environment with Sumo Logic Threat Intelligence, whereas the AWS apps for PCI and CIS Foundations are used to simplify audits and maintain compliance.
Given that most customers use multiple security apps, we have created an AWS Security Quick Start solution that allows customers to automate:
Once configured as described below, the automation takes less than 10 minutes.
Customers can also roll-back the collection and Sumo Logic app installation if so desired.
The Security Quick Start solution uses CloudFormation templates that create and/or configure the necessary AWS monitoring resources needed for collection, and make API calls to the Sumo Logic API to install the apps for a given AWS account and region.
Once the stack has been successfully created, multiple nested stacks will be created along with the Main stack as shown below:
Collectors and sources will be installed automatically using the cloud formation template in Sumo Logic as shown below:
Sumo Logic Apps will be installed in a parent folder under your personal folders with the date and time:
If you have chosen to delete Sumo Logic Resources when stack is deleted then you can delete all the resources attached with your stack by simply deleting the stack by selecting the parent stack created for Quick Start in the CloudFormation section of the AWS Management Console and clicking the Delete button.
To get started, check out the Sumo Logic Quick Start help doc. If you don’t yet have a Sumo Logic account, you can sign up for a free trial today.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial