Sumo Logic Extends AWS Alliance to Launch SIEM Service

Source:-https://securityboulevard.com/

Sumo Logic this week announced it is making a security information event management (SIEM) platform available on the Amazon Web Services (AWS) cloud.

Jabari Norton, vice president of partners and alliances for Sumo Logic, said the Sumo Logic Cloud SIEM Powered by AWS extends the reach of the Sumo Logic Continuous Intelligence Platform for analyzing data into the realm of cybersecurity.

The Sumo Logic Continuous Intelligence Platform is already hosted on AWS. The challenge the company faced was extending the reach of that platform to create a SIEM that can collect data from multiple third-party data sources spanning everything from on-premises IT environments to software-as-a-service (SaaS) applications, said Norton. Those capabilities make it possible to now analyze security data using machine learning algorithms to detect threats and correlate security intelligence, noted Norton.

The Sumo Logic Cloud SIEM is also tightly integrated with AWS security services such as Amazon GuardDuty and AWS CloudTrail in addition to all the cloud services that AWS continuously updates, added Norton. While the relationship with AWS is not exclusive, Norton said Sumo Logic has no plans to host of a version of its SIEM on any other public cloud at this time.

In effect, Sumo Logic is now applying the same observability capabilities it provides to IT operations and DevOps teams to analyzing security data. In theory, that approach should make it easier for all those teams to collaborate around a platform that aggregates data from across the extended enterprise. That’s critical because while security teams are mainly tasked with discovering vulnerabilities they typically need to rely on DevOps and IT operations teams to remediate them.

In the meantime, the rate at which security platforms are shifting to the cloud continues to accelerate in the wake of the COVID-19 pandemic. Security teams that now need to work from anywhere are finding it simpler and more cost effective to employ cloud platforms to analyze security data. In many cases, the rise of cybersecurity AI will soon force the cloud migration issue. Few organizations have the infrastructure resources required to aggregate the volume of data that is required to train an AI model. The need for those AI models is becoming increasingly pressing because the rate at which cybersecurity attacks are being launched is increasing beyond the abilities of any cybersecurity team, on their own, to analyze.

Of course, there is no shortage of SIEM platforms available in the cloud. Sumo Logic is betting many organizations will simply extend their existing subscriptions to now include a SIEM service.

It may still be some time before the bulk of security platforms employed by any organization reside in the cloud. However, at this juncture, it’s now more a question of time. The less time understaffed cybersecurity teams spend managing infrastructure themselves, the more time they should have available to uncover threats. The issue, of course, is finding the time and resources to make transition in the middle of what is now often a daily cybersecurity firefight.