Disruption in Cloud · Sumo Logic Confidential SIEM – “Protect the Known” SECURITY ANALYTICS...
Transcript of Disruption in Cloud · Sumo Logic Confidential SIEM – “Protect the Known” SECURITY ANALYTICS...
Sumo Logic Confidential
Disruption in Cloud
Robert de Haan
CEO – Layer 8 Security
Sumo Logic Confidential
Security Taxonomy
The World is Changing
Sumo Logic Confidential
The World is Changing
Sumo Logic Confidential
The Effect of Digital Disruption
• World’s largest taxi company owns no taxis
• Largest accommodation provider owns no real estate
• Largest phone companies own no phones
• World’s (2nd) most valuable retailer has no inventory
• World’s largest movie house owns no cinemas
Sumo Logic Confidential
Global Center for Digital Business Transformation
Audience Poll:
The digital disruption will displace approximately
what percent of incumbent companies within
the next 5 years? a) < 10%
b) 10-25%
c) 25-50%
d) > 50%
40%
Sumo Logic Confidential
F1000 turnover within past decade
35% of the top
20 F1000
companies
were new
70% of the top 20
F1000 companies
were new
Source: Forrester Research, Inc. and
Built to Change: How to Achieve Sustained Organizational Effectiveness by By E. Lawler, C. Worley & J. Porras
Sumo Logic Confidential
Building a new company
• Time to market
• Access to the market
• Scalable
• Flexible - Dynamic
• Reduced costs
Sumo Logic Confidential
Security Awareness Programs
•We reduce the impact of cybercrime
by testing and repairing the Human
Firewall.
•Baseline – Gap analysis
•Training – continuous – personal
•Reinforcement – continue the
message
•Ascertainment – measure and
analyse
Sumo Logic Confidential
Security Audit and Consulting
Pen Test
Social Eng
Code Review
Vulnerability
Assessment Incident
Response
Vendor
Assurance
PCI DSS Forensics
Gap
Analysis
Audit
Simulated
Attack
Sumo Logic Confidential
SOC as a Service
Sumo Logic Confidential
What is normal vs. a
security event
(reducing the noise) Correlating log data
from disparate
systems
Meeting the stated
frequency of manual log
reviews & log retention
requirements
Large
volumes of log
data
Customer Challenges We Often Hear About
Sumo Logic Confidential
The Evolution of SIEM
Enterprise Security Manager
“Implementing SIEMs continues to be fraught with difficulties, with failed and
stalled deployments common” Source: Gartner
Sumo Logic Confidential
SIEM – “Protect the Known” SECURITY ANALYTICS – “Protect the Unknown”
On Prem Cloud Native
Planning for capacity growth Elastic
15 months (avg.) to deploy Up and running in hours
$1.4M (HW, SW, People) $1,000 for 1GB daily ingest
Perimeter-based security using a
defined signature approach
Distributed cloud model using behavioral-based & continuous
monitoring methodologies (across users, applications, NW,
data); Data Science & Machine Learning algorithms
Islands of Security / Limited view /
Chokepoints / Port Mirroring
Holistic, Integrated, Risk-Based, Enterprise Wide View / APIs
& Native Services
Fixed-Rule Set
(connect the dots)
Machine Learning to identify abstract data relationships,
anomalies, trends, and fraudulent behavioral patterns
Monolithic Applications Modern Applications
Head to Head
Sumo Logic Confidential
We have chosen Sumo Logic
because:
Cloud-Native Analytics Service • Analyze Any Machine Generated Data
• 1000+ Enterprise Customers
• 100+ Petabytes Data Analyzed Daily
• Focus on Modern Applications and delivering intelligence and insight across
Build/Run/Secure use case
• Elastic Web-Scale
• Unified View Across Hybrid Cloud
• Set up Within Minutes / Rapid time-to-value
Sumo Logic Confidential
Centralized Log Aggregation and Analytics
Security Analytics Helps to
Answer:
• What is Happening (descriptive)
• Why did it happen (diagnostic)
Sumo Logic Confidential
Elastic scalability
Mirroring AWS approach Automatic upgrades
New features release weekly
2X – 5X performance
Elastic, scalable
Always on
4 geos, 12AZs, 6 X
replication
Cloud hosted SaaS Analytics (Runs in
AWS)
Optimal visibility & performance
Industry’s most secure
cloud-native analytics platform
Up & running in minutes
Reduce time to value by >70%
No management overhead
Reduce total costs by >50%
Centralized Log Aggregation and Analytics
Sumo Logic Confidential
Log
Reduce
Reduce hundreds or thousands of log lines into easily understood
patterns on a single page to reduce MTTI
by up to 90%
Outlier
Detection
Monitor multi-dimensional metrics &
KPIs via dynamic thresholds to enable accurate, real-time
alerting while eliminating false-
positives
Predictive
Analytics
Leverage historical data to predict
future trends to become more
proactive and reduce risk.
Log
Compare
Compare baselines
before and after events and changes. Ideal for analyzing migrations,
code releases, and Dev/Test/Prod environments
Sumo Logic: Advanced Analytics & Operators Patented Advanced Analytics – Out of the Box
Sumo Logic Confidential
1. Collect & Aggregate • Many and varied sources • Across environments • Safe, secure & fast
2. Visualize & Alert • Real-time dashboards • Proactive alerting • Out-of-the box apps
3. Investigate & Take Action • Search and troubleshoot • Identify unknowns • Analyze, triage and isolate
4. Monitor & Optimize • Detect anomalies • Predict and preempt issues • Streamline and improve processes
Collect, Monitor, Alert, Act
Sumo Logic Confidential
Cloud To Cloud Integrations
CONFIG MGMT
IAAS & PAAS
CONTAINERS
CDN
SAAS
APP STACKS
INFRASTRUCTURE
COMPLIANCE &
SECURITY
Sumo Logic Confidential
The Industry Benchmark in Delivering Secure SaaS • PCI/DSS 3.1 Service Provider Level 1 Certified
• ISO 27001 Certification
• CSA STAR Certification
• SOC 2, Type II attestation
• HIPAA compliant
• FIPS 140 compliant
• AES 256-bit encryption at rest
• TLS encryption in transit
• E.U.-U.S. Privacy Shield
Sumo Logic Confidential
Security Analytics – Overview Screen
Sumo Logic Confidential
Security Analytics – Vulnerabilities on Endpoints
Sumo Logic Confidential
Security Analytics – User Monitoring Screen
Sumo Logic Confidential
Sumo Logic Global Threat Intelligence
• Increase velocity & accuracy of
threat detection
• Correlate Sumo Logic log data
with threat intelligence data to
identify and visualize malicious
IP addresses, domain names,
email addresses and URLs
• Powered by Anomali (formerly
Threat Stream)
Sumo Logic Confidential
Sumo Logic App for Threat Intelligence (powered by Anomali)
Sumo Logic Confidential
Trend Micro – Deep Security
Sumo Logic Confidential
What Our Customer are Saying
“I do not want our team’s valuable time consumed by managing the execution environment. This will not help our business move forward or be more competitive” Josh Abadie, Cloud Engineering Manager
“I was looking for a Cloud SIEM, and when talking to some of the
SIEM MQ Leaders, I knew it was going to be a very short
conversation” Glenn Watt, CISO
Sumo Logic Confidential
Customer Case Study: Airbnb
Customer Usage
• AWS Security
• PCI Compliance
Customer Problem
• Rapid growth of their digital business and machine data
• Small security team, struggling to keep up
• Visibility: New infrastructure coming online (AWS and on-Prem)
• Security: monitor for IOC to protect customer data and brand
• Compliance: Needed centralized logging solution
Solution
• Cloud-based, elastic architecture for immediate time to value and reduced TCO
• Sumo Logic for full-stack, real-time visibility across hybrid infrastructure
• Leveraging advanced analytics/alerting to increase capabilities and efficiency of
team
• PCI/DSS 3.1 Service Provider Level 1 Certified
Results • Rapid Time to Value
• Ability to scale as their business grows
• Ingest and handle peak travel loads
• Improved staff efficiency do more with less
• Visibility across AWS and On-Prem infrastructure, in a consistent way
• Lower TCO
Future Use: Threat intelligence lookup for users/devices
logging into critical infrastructure/apps
Sumo Logic Confidential
THANK YOU