blog に戻る

2021年06月17日 Sumo Logic

Introducing new cloud security monitoring & analytics apps

By Paul Tobia, Scott Bower, Jason Dunne

Companies generate data at an exponential rate, and the task of analyzing data to produce relevant security insights can be overwhelming. With evolving market dynamics and threat landscapes, security teams have a greater need for integrated and scalable monitoring that provides real-time and meaningful insights into the state of organizational security posture.

As organizations adopt cloud-first strategies, cybercriminals have taken note and continuously evolve their tactics to gain access to valuable cloud data. Just one security event can have far-reaching consequences that negatively impact brand reputation and financial bottom line. Yet, security monitoring for cloud infrastructure has presented challenges for organizations. Few security solutions are natively designed to analyze cloud environments effectively, and legacy approaches are complex, costly, and don’t scale well to handle cloud-scale data volumes. To continue our commitment to helping our customers gain additional insights into the security of their infrastructure, we are rolling out five new dedicated cloud security monitoring and analytics apps in addition to the many security-focused apps already available in our app catalog.

New Cloud Security Monitoring & Analytics Apps

Security teams must re-examine the technology being used to monitor cloud security data. Adopting an approach that readily scales to support digital transformation initiatives and data growth with cloud monitoring that is purpose-built to address security use cases will provide organizations with an excellent fit to meet their needs of today and into the future. The five apps below have been developed to offer out-of-the-box queries, alerts, and dashboards in support of identifying threats quickly.

Cloud Security Monitoring & Analytics app for Linux

Linux - Security Analytics - Login Activity

Ingest any distribution of linux data to better understand your production environments, and surface relevant insights by tuning out-of-the-box content to align with your security team’s focus. Consolidate analytics across various instances by wildcarding on data sources and gain complete visibility into your Linux data for both monitoring and analytics use cases.

Cloud Security Monitoring & Analytics app for Palo Alto Networks

Palo Alto - Security Analytics - Potentially Malicious Activity

The goal of the Palo Alto Networks app is to allow you to analyze the volume of traffic and gain a better understanding of your Palo Alto Networks environments. Dig deep into the data, broken down by threat detection indicators, malware type, etc. to break out data for higher granularity.

In short, the Palo Alto Networks app allows security engineering teams to simplify and consolidate understanding of active attack surfaces.

Cloud Security Monitoring & Analytics app for Amazon VPC Flow Logs

VPC Flow Logs - Security Analytics - Accepts & Rejects

Thoroughly assess Amazon VPC Flow logs to gain a better understanding of your environment and associated traffic patterns. Evaluate the data, with breakouts by access levels, group creation, and others.

Cloud Security Monitoring & Analytics app for AWS CloudTrail

Amazon CloudTrail - Security Monitoring - Overview

This set of CloudTrail monitoring and analytics dashboards provide an array of dashboards for the most critical analytics. Think of this bundle of dashboards as a good starting place to see trends and outliers on specific aspects of your CloudTrail data -- including access monitoring, login activity, system monitoring, privileged activity, and threat intelligence.

Cloud Security Monitoring & Analytics app for Windows

Windows - Security Monitoring - Critical Events

The Cloud Security Monitoring & Analytics for Windows App offers pre-built dashboards and queries to help you track your Windows system, user accounts, login activity, and Windows updates.

Collection

The new Cloud Security Monitoring & Analytics apps are designed to utilize the associated existing cloud data you are already collecting into your Sumo Logic instance, specific to each app. For example, VPC Flow logs already being utilized for other dashboards will be usable for the new VPC Flow Cloud Security Monitoring & Analytics app. If you are looking to bring in new data sources, consult the linked collection documentation for Palo Alto, Linux, AWS VPC Flow, AWS CloudTrail, or Windows.

App Benefits

  • Cloud-native monitoring: Sumo Logic allows you to ingest a diverse array of firewall, database, identity/access, and CDN data

  • Increased visibility: Track summarized overviews to get a broader sense of your production environments

  • Security-focused analytics: Analytics capabilities designed specifically for security engineering teams to prioritize, investigate, and respond to active security incidents

Core Supporting Platform Features

  • Deep search; foundational correlation & alerting

  • Data enrichment & visualization

  • Threat feed integration, outlier detection, global threat benchmarking

Get started now with Cloud Security Monitoring & Analytics on the Sumo Logic platform

To get started, visit the App Catalog within your Sumo Logic instance and visit the Security category. If you don’t yet have a Sumo Logic account, you can sign up for a free trial today.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic cloud-native SaaS analytics

Build, run, and secure modern applications and cloud infrastructures.

Start free trial

Sumo Logic

More posts by Sumo Logic.

これを読んだ人も楽しんでいます