Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Nowadays, it’s mostly a foregone conclusion that companies need a security program and centralized log aggregation and correlation platform. Unfortunately, the conversation all too often turns toward tactics for data collection and detection of specific threat actors or common vulnerabilities and exposures (CVEs).

Security professionals involved in the IT and cybersecurity industry for the last 10+ years have most likely come across the terms SIEM and recently SOAR, but there is still much confusion about what the specific use cases and purposes are. So, are these tools the same thing? Do security teams need one, the other, or both within their security operation center (SOC) infrastructure?

The news that hacking group Lapsus$ gained unauthorized access to Single Sign-On (SSO) provider Okta through a third-party support account sent chills through information security professionals everywhere. Organizations have adopted SSO identity providers to enable a modern workforce that is increasingly reliant on secure access to cloud-hosted applications to perform critical business functions.

Since our inception, Sumo Logic has been laser-focused on delivering real-time machine data analytics to accelerate digital transformation, while helping businesses effectively build, run, and secure their modern applications and infrastructure—in the cloud or in hybrid environments.

In the last twenty years, more technology has been produced since the beginning of human history. And while we have talked about industrial automation since 1952, the complexity of today’s cybersecurity analyst activities makes the need to embrace automation paramount.

Cybersecurity presents an ever-escalating challenge for most C-level executives. As the average cost of a data breach continues to grow, the sheer volume of attacks threatens to overwhelm resource-strapped IT organizations. In response, many executives are looking to AI-enabled SOAR solutions (Security Orchestration Automation and Response) to help shorten threat response times, optimize high-value security personnel, and reduce overall business risk.

The ever-evolving cyber threat landscape gives birth to new, unprecedented cyberattacks that challenge traditional cybersecurity approaches and force security operations centers (SOCs) to evolve and redefine their methods. To ensure that the integrity of their data is well-protected, SOCs have to be one step ahead of malicious actors. Ergo, the necessity of creating the modern SOC comes into play.

Machine data analytics is the process of parsing data generated by software from a wide variety of sources including servers, networks, applications and financial records. These, and many other similar sources, produce massive amounts of data including from local operating systems, identity/access management tools, cloud consoles and their associated log files, alerts, scripts and profiles.

Managing the security of your Amazon Web Services (AWS) environment requires constant vigilance. Your strategy should include identifying potential threats to your environment and proactively monitoring for vulnerabilities and system weaknesses that malicious actors might exploit. In a complex environment—such as your AWS account with a multitude of services, coupled with various architectures and applications—the ideal solution should be both comprehensive and straightforward.

During AWS re:Invent 21, I had the honor of hosting Phil Weeks, Senior technical advisor at IHG for an informative session on IHG’s security modernization journey during the pandemic which started with replacing a legacy SIEM.