Evaluate your SIEM
Get the guideComplete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
January 20, 2021
At Illuminate 2020, Kashif Iqbal, Head of Corporate Technology and Cyber Security at SEGA Europe, shared their data security challenges and how they currently leverage Sumo Logic for their security needs.
Kashif spoke about the four main benefits their security team have experienced since switching to Sumo Logic.
Reduction of day-to-day management hours from 1000 hours to 100 hours
Reduction of threat investigation and triage hours by 20%
High-level data security insights through pre-built and custom dashboards
Successful onboarding and deployment
SEGA Europe’s SOC team supports offices around the world--a mix of their game development studios, their sales, marketing, finance, PR, and legal departments, as well as their publishing operations. The team supports their 24/7 network operations center and security operations center based in their London office.
With a broad mixture of customers to support and a significant volume of data generated by and through their games, having senior management buy-in and the right approach to security have been crucial. Apart from complying with legal requirements such as GDPR, their organization is internally committed to doing everything possible to protect customer data.
With offices distributed across different countries and millions of customers depending on them, security was a top concern for the teams at SEGA Europe. For many years, they were reliant on an on-premises SIEM solution that delivered basic compliance requirements.
When Kashif joined SEGA Europe six years ago, they had only been keeping logs for one year. The existing SIEM wasn’t easily expandable to their studios and the rest of the business, so they had to rush onboarding another solution without going through a detailed process. When their log quantity increased, backing up and upgrading their hardware became a costly issue, both in time and money.
Due to the diverse nature of SEGA Europe’s deployment, they decided to look for a cloud SIEM that was both cost effective and suitable for their requirements. Their goal was to have a single pane of glass that will give them full observability into their systems--one with threat intelligence in place and has interoperability, so they wouldn’t have to worry about server patching and security patching as was their experience with their previous SIEM setup.
SEGA Europe’s technology team conducted its Sumo Logic rollout solely with in-house resources, with the focus on onboarding as many resources as quickly as possible. The security team started to leverage the Sumo Logic platform with other users leveraging the data for sorting, managing their security analytics, and threat hunting and investigation. And it was also used by the network team for log monitoring.
Sumo Logic brought value to the security team at SEGA Europe in the following areas:
The biggest nightmare for the SEGA Europe security team was the thousands of hours they spent on keeping the lights on for all their systems. With Sumo Logic, the amount spent on day-to-day maintenance work was reduced from 1000 hours to 100 hours, a 90% reduction. Now they’re able to focus on threat hunting and asking questions.
They also put a number of KPIs in place in order to track how much time they were spending on threat investigation. With Sumo, they noted that there was a 20% reduction in the hours spent on investigation and triage.
"Right now we have a very small agile team of very capable guys, and they enjoy working with this tool.”
The SEGA Europe team leverages Sumo’s built-in dashboards and, at the same time, they’re continuously working on building their own dashboards. Kashif was able to share some dashboards with the audience at Illuminate.
One of the dashboards that proved to be crucial when COVID hit was their bandwidth utilization dashboard. “We started to monitor bandwidth utilization for capacity planning, also for top denied IP addresses which have been hitting us,” Kashif shared. He said it was a very useful dashboard from their previous on-prem SIEM that they were able to onboard easily onto Sumo Logic.
He also mentioned that there are a number of high level dashboards that give him and their CTO a clear look at the critical vulnerability they have as a business--one of their KPIs. “What does the weather look like? Post and present VPN log-ins, the locations of logging, possible travel, all those sorts of stuff that you normally want your security solution to tell you [is on Sumo Logic].”
“Quite an interesting engagement” was how Kashif described their experience working with the customer success team at Sumo.
“So to get a technology team onboard and buy into the solution, you allow them to have a Sumo champion in each studio,” Kashif said. Once they had identified a Sumo champion in each studio, they sent them to virtual training sessions with Sumo’s team.
From there, the Sumo champion would then come back to their respective teams armed with new knowledge and they then can field questions. “Once that happens, then you are in the business of making sure everybody's happy and they start onboarding the solution,” shared Kashif.
SEGA Europe has been with Sumo Logic for the last year and have not logged a single ticket. He shared that they were able to utilize Sumo’s customer success and engineering teams as a resource to help them with deployment and adoption.
Currently, SEGA Europe’s NOC and SOC teams are able to utilize the entirety of their data quota and so they are planning to upgrade by 25% for the next renewal. They are also planning to use Sumo Logic for their service desk and development teams to push further their goal of having a single pane of glass and full visibility into their CICD pipeline.
They also started looking into AI and machine learning, with the perspective of investigating how they can leverage ML to predict and find anomalies from a security posture perspective. He also shared that they are looking into using containers for their environments alongside Sumo Logic’s Cloud SIEM Enterprise for their observability requirements.
Kashif Iqbal is the Head of Corporate Technology and Cyber Security at SEGA Europe.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.
Start free trial