Sumo Logic, a leading cloud-native, machine data analytics platform that delivers continuous intelligence, today announced an integration with Amazon GuardDuty, a new Amazon Web Services (AWS) continuous security monitoring and threat detection service. Coupled with existing monitoring and threat intelligence applications on AWS, including Amazon Virtual Private Cloud (Amazon VPC) and AWS CloudTrail event logs, the new integration provides real-time contextual and actionable visibility on AWS for the continuous intelligence that Security Operations (SecOps) teams need to rapidly detect, investigate and remediate potential threats. The integration of Sumo Logic and Amazon GuardDuty helps security teams reduce the time and resources required to protect cloud applications and critical data. Sumo Logic’s integration with Amazon GuardDuty will be showcased at Sumo Logic’s booth #1804 at AWS re:Invent 2017 in Las Vegas this week.
According to the Ponemon Institute, the odds of an organization experiencing a data breach are one in four, making data security a top concern for organizations of all sizes. IT teams are battling the tsunami of data within their infrastructure and modern applications, challenging them to figure out how to effectively monitor and correlate data to get the deep insights needed to identify and respond to security incidents and mitigate damage. Sumo Logic’s integration with Amazon GuardDuty helps security teams pull in AWS security findings and alerts in real-time to help organizations increase the velocity and accuracy of threat detection in modern applications.
“Amazon GuardDuty delivers a continuous security monitoring solution to identify and respond to AWS-specific security events,” said Randy Streu, VP of business development for Sumo Logic. “As a long time AWS design technology partner, we are excited to be able to expand our comprehensive and best-in-class security analytics solution support on AWS, multi-cloud and on-premises applications and architectures to give customers real-time intelligent security monitoring, threat detection, and data analytics to help strengthen the protection of critical cloud applications and data.”
Amazon GuardDuty can be enabled with a few clicks in the AWS Management Console to immediately start analyzing billions of events across multiple AWS data sources such as AWS CloudTrail, Amazon VPC and DNS Query Logs. Amazon GuardDuty uses threat intelligence feeds, behavioral analytics and machine learning to detect threats more accurately. Amazon GuardDuty can detect Amazon Elastic Compute Cloud (Amazon EC2) instances serving malware or mining bitcoin. It can detect attackers probing web servers for known application vulnerabilities, or accessing AWS resources from an unusual geo-location. It also monitors AWS account access behavior for signs of compromise, such as unauthorized infrastructure deployments or unusual API calls. When a threat is detected, Amazon GuardDuty delivers a detailed and actionable security finding to AWS CloudWatch Events.
“Sumo Logic’s machine data analytics platform enables security teams to conduct deeper investigation of activity associated with Amazon GuardDuty alerts and the resources affected,” said David Wright, general manager, Global ISV Partners for Sumo Logic. “With Amazon GuardDuty and Sumo Logic, customers get intelligent security monitoring, threat detection, and data analytics build for the scale and flexibility of the cloud.”
Sumo Logic provides an integrated suite of applications that provides automated predictive analytics and deep insights for SecOps teams to help them more effectively manage and audit their entire modern application environment. In addition, Sumo Logic delivers comprehensive visibility into the security and compliance posture of applications running on AWS, including Amazon Inspector, AWS Config, AWS CIS Benchmarks and Threat Intelligence, powered by CrowdStrike.