Embed Size (px)
DESCRIPTION
Sumo Logic’s proactive security analytics helps customers gain critical, real-time visbility into their AWS and on-premises infrastructure. Guaranteed query performance combined with purpose built applications, pre built searches, dashboards and reports help you demonstrate compliance in real-time while reducing the cost and time associated with audits. By correlating logs across various data sources you can reduce false-positives and run detailed root-cause analysis. Join this webinar to learn how: •InsideView is leveraging AWS CloudTrail and Sumo Logic to meet security and compliance requirements •Pattern recognition and Anomaly Detection can uncover compliance events in real-time •You can automatically adapt to changing compliance needs •AWS and Sumo Logic can help you reduce audit costs and cycles
Citation preview
Simplify Compliance with Proactive Machine Data Analytics
Brandon Mensing
Solutions Engineer
Sumo Logic Confidential
Sumo Logic- An Overview
The Sumo Logic Advantage
Customer Case Study: InsideView
Q&A
Wrap Up
Agenda
Search
Visualize
Predict
Applications
Mobile
Internet of Things
Network and Server
The Machine Data Challenge
On-Prem Data Centers
Cloud Sources
Collector
Collector
Powerful & Secure Architecture, Effortless Deployment
Hybrid Data Sources
Private Public
PaaSIaaS
SaaS
Hosted Collector
Sumo Logic Enterprise Security Analytics
Sumo Logic Confidential
Security ApplicationsLogReduce
Reduce log messages into patterns
Search across multiple data sources
Reduce MTTI by 50% or More
Annotate results, influence future ranking
Anomaly Detection
Automatically detect unknown events
Predictive machine – learning analytics
Continuously Demonstrate Compliance
Annotate anomalies for future reference
5
Applications for AWS Services
"A4
rb_
sta
nd
ard
" –
20
10
07
01
–d
o n
ot
de
lete
th
is te
xt o
bje
ct!
7
Sumo Logic Confidential
Sumo Logic Application for CloudTrail
7
User
Monitoring
Network &
SecurityOperations
"A4
rb_
sta
nd
ard
" –
20
10
07
01
–d
o n
ot
de
lete
th
is te
xt o
bje
ct!
8
User Monitoring
Geo Location of All Users
Main users in the AWS account
Admin users activities over time
Recent Activity by Administrative Users
Launched and terminated instances
by user
Operations
Requested AWS services over time
API calls by AWS region
Elastic IP address operations
Created and deleted resources over
time
Network and Security
Authorization failures over time
Created and Deleted Network Security Events
Network and Security Events Over Time
Recent Security Group and Network ACL Changes
Network ACL with All Allowed Ingress/Egress
CloudTrail Use Cases
AWS CLOUD TRAIL DEMO
Sumo Logic Confidential
InsideView is a market intelligence
platform that aggregates, curates and
delivers inside information and intelligence
about customer’s target market
Multiple Accounts in AWS
Legacy infrastructure on-prem
Plan to load-balance workloads
Sumo Logic tied to key production account
Use AWS CloudTrail to gather compliance logs
Believe in the value of Sumo Logic and AWS integration
Sumo Logic Confidential
Challenges
• Visibility across hybrid infrastructure• Querying across cloud and on-prem sources to demonstrate ISO 27000 series compliance• Analyzing compliance logs generated by AWS CloudTrail• Monitoring and auditing access to widespread resources • Did not want costly and complex on-premise analytics solutions• Wanted a comprehensive solution that could cover current and future compliance needs
Sumo Logic Confidential
Results with Sumo Logic
• Simplified querying across hybrid infrastructure for end-to-end infrastructure monitoring• Leverage the Sumo Logic Application for AWS CloudTrail to monitor compliance logs• The Application simplifies real-time monitoring with pre-built searches, dashboards and reports• AWS CloudTrail gathers compliance log data for every command generated and Sumo Logic analyzes in
real-time • Role-based access grants teams and individuals appropriate permissions which aids in meeting
compliance• Sumo Logic helps audit access to resources and the associated user actions that is helping meet ISO
27000 requirements• Sumo was far less complex and costly as compared to the leading competitive solution• Looking to use Sumo Logic for other compliance needs in the future
SaaS infrastructure, fully operational within hours
Guaranteed 5X plus elastic index bursting and SLA’s on query performance
Reduce compliance audit costs by 30% , diminish complexity associated with security and compliance audits
Future proof your investment with applications that adapt to changing compliance
Built-in Machine Learning with Anomaly Detection and LogReduce
Secure by Design service complies with all major regulations
One service does it all – works with on-prem and cloud data sources to provide security, operations and business insights
Advantage
The
Sumo Logic Confidential14
Q&A
Governance
and
Compliance
