Transforming DevSecOps visibility, time and efficiency in fintech

To manage security operations (SecOps) across both cloud and on-premises infrastructure, TrueLayer initially adopted a mix of open-source solutions. The tool sets were initially helpful in centralizing logs for querying, alerting, and automating response actions; however, despite diligent efforts, the approach led to a constant firefighting mode.

As Bruno Braga, SecOps Lead and Engineer at TrueLayer observed, “We quickly assessed that our open source approach just did not scale. The problem was that we built a security pipeline, but we were spending most of the time engineering solutions to issues with the technology rather than resolving alerts.”

In their pursuit of a robust cloud-native solution, TrueLayer evaluated both Splunk and Sumo Logic. Their objective was to find a SIEM solution that would seamlessly integrate with their AWS and Kubernetes environments while offering flexibility to support their custom playbooks.

After a thorough hands-on trial, Sumo Logic emerged as the preferred choice for the following reasons:

• Usability and simplicity
  Sumo Logic's intuitive user interface and ease of navigation proved a perfect fit to facilitate the team’s smooth adoption and operation of the platform.

• Extensibility with APIs
  Given TrueLayer's use of automation, Sumo Logic's extensive support for APIs provided the desired flexibility the SecOps team needed to integrate with existing tools and workflows.

• Cost-effectiveness
  Sumo Logic's pricing structure offered a significant advantage over Splunk, aligning with TrueLayer's budgetary considerations without compromising on functionality or performance.

Delivering granular security insights with power and ease

TrueLayer seamlessly integrated the Sumo Logic platform into their environment, encompassing in-house tooling, threat intelligence feeds, the company’s core fintech system, and various external resources. This integration has empowered TrueLayer with advanced security analytics capabilities, efficiently collecting data from log files and event streams. Sumo Logic's scalability easily supports TrueLayer's data volumes with the platform adeptly ingesting and analyzing almost 700 GBs of data daily.

Sumo Logic’s streamlined onboarding was a critical step for the team to obtain security alerts and conduct threat hunting activities. Getting crucial security insights went from 40 hours to two hours, a 95% improvement. Reflecting on the transition, Braga remarked, "With Sumo Logic, our security team gained visibility within hours or minutes, compared to the previous process that took several weeks to make log sources usable with our existing stack."

Sumo Logic's SIEM functionality further bolsters TrueLayer’s security efforts by providing a comprehensive view of normal and abnormal activities specific to the company. For instance, TrueLayer depends on Sumo Logic to normalize user behavior and automatically search for high-risk activity.

“We rely on Sumo Logic’s scheduled searches to actively monitor for IOCs during incidents. This lets us focus on addressing ongoing incidents while staying on top of any emerging threats. With Sumo Logic, we can effectively manage incidents and be vigilant for potential additional threats,” explained Braga.

Many organizations assess the “build vs buy” approach. By shifting from their custom-built open source solution over to Sumo Logic, the TrueLayer team saved approximately 1,040 hours annually spent on troubleshooting issues with their platform.

Streamlining compliance audits with turnkey reports

As a leading open banking payment platform, TrueLayer must adhere to a myriad of compliance requirements inherent to the financial services industry. Sumo Logic plays an integral role in helping TrueLayer meet the necessary regulatory standards and pass their annual compliance audits.

According to Braga, “We rely on Sumo Logic to generate reports and dashboards tailored for regulators as a routine aspect of our audit processes. The out-of-the-box reports, coupled with its intuitive customization features, enable us to swiftly and efficiently demonstrate our high security standards to auditors.”

Using Sumo Logic’s automation capabilities, TrueLayer could take that a step further. The team developed detailed, automated reports to help identify compliance gaps ensuring they are able to maintain consistent compliance standards and reduce risk to the business.

Additionally, Sumo Logic's centralized log analysis serves a broader range of company operations beyond compliance checks.

Elevating customer experience through application observability

With the security team's triumph in leveraging Sumo Logic's SIEM capabilities, TrueLayer's DevOps team has eagerly embraced the platform to enhance observability insights into the company's software solution. Now equipped with Sumo Logic, the development team can promptly pinpoint which service is impacted when deviations from expected performance occur.

Braga shared, "Using Sumo Logic, our development team can swiftly analyze what’s happening when something isn't working as expected within the TrueLayer platform. Sumo Logic helps the team explore the issue and go from troubleshooting to fixing—fast."