Sumo Logic: In the dynamic world of the 21st century, cloud computing has emerged as a revolutionary force, shaping how organizations operate and innovate. It has transformed data into a valuable asset, serving as the lifeblood that fuels strategic insights and drives technological innovation. However, as we dive deeper into this digital era, data security has surfaced as a crucial concern. The increasing dependency on cloud services has made data more vulnerable than ever, raising a series of critical questions about confidentiality, integrity, and availability. This evolution has made it imperative for businesses to ensure robust security measures are in place to protect their precious data. So, how can organizations navigate this intricate web of cloud computing and data security? The answer is simple, SumoLogic can help you out.

In this exclusive interview with Craig Talbot (Vice President & General Manager of EMEA) and Steve Dietz (Field CTO, Security Business Unit) at Sumo Logic, we gathered valuable insights into the inner workings of this rapidly evolving industry.

Sumo Logic – What is the main mission of the company?

Craig Talbot: Sumo Logic, founded in 2010 by two visionary individuals (Kumar Saurabh and Christian Beedgen), has emerged as a leading player in the industry. Christian Beedgen, one of our esteemed founders, recognized the immense potential of machine data and analytics, which led to the development of Sumo Logic as a log-based platform. However, we didn’t stop there. We saw an opportunity to transform into a comprehensive security and analytics platform, offering unparalleled scalability in the cloud.

Our journey began with the ambition to provide machine data and analytics as a pure Software-as-a-Service (SaaS) business. We aimed to cater to organizations embracing cloud-native architectures, and that’s why we built Sumo Logic on AWS, leveraging the advantages of the cloud to deliver exceptional value to our customers.

Sumo Logic’s mission is to democratize data in the cloud, going beyond just back-office operations. We strive to empower front-office teams, including data scientists and other professionals, by collecting and analyzing vast amounts of machine data. This enables us to offer valuable insights and create new customer value areas, fostering innovation and growth. As a SAS business, our commitment to our customers is unwavering. Our success depends on continuously delivering value and meeting their needs. That’s why we work closely with our customers throughout the year, ensuring their satisfaction and trust. By prioritizing our customers and embracing the power of the cloud, we are driving the democratization of data and revolutionizing the industry.

What are some of the leading solutions of Sumo Logic that are considered innovations in the cyber defence world?

Craig Talbot: Our crown jewel at Sumo Logic is our powerful log analytics platform, which provides elastic scalability and insightful analytics capabilities. It serves as the foundation for our various offerings, especially in the realm of security. Imagine experiencing a heart attack—you don’t just want to know that it’s happening; you want to understand why it’s happening. Our log analytics platform provides that level of insight, enabling us to address security concerns comprehensively.

We have developed a range of products based on our core platform. One such product is the Security Data Lake, offering centralized storage and search for security and cloud data. It helps customers demonstrate compliance and reduce operational cycles across cloud and on-premises environments. We also excel in threat detection and mitigation, enabling real-time data analysis from various security tools across cloud providers and on-premises setups. Our focus on application security ensures comprehensive protection across the entire application stack.

Additionally, our offerings include security information and event management (SIEM) for a holistic security view and automation and orchestration capabilities for streamlined workflows. It’s important to note that all our solutions build upon our core log analytics platform, providing customers with granular insights into their data. The depth and breadth of our solutions showcase our commitment to providing end-to-end security and analytics capabilities. We continually strive to empower organizations with valuable insights and efficient tools to safeguard their environments effectively.

How does Sumo Logic handle log collection and analysis across AWS, Azure, and Google Cloud Platform?

Steve Dietz: We have several different ways to integrate into cloud platforms. The first is AWS, where we make it easy to deploy logging via cloud formation templates. In addition, we support several different ways to collect logs, like S3, Kinesis Firehouse Logs, and AWS Cloudwatch. For Azure, we support Azure monitoring and Azure Blob Storage, and we also support Microsoft Office 365. Lastly, we support Google Workspace for GCP, and for GCP Auditing, we support sub/pub.

What are the key features and capabilities of Sumo Logic’s Cloud SIEM platform? How does it help organizations with threat detection, incident response, and compliance management?

Steve Dietz: We are a real-time streaming analytics platform that has moved decoupled detections from searching. This makes scaling detections easier as it is not competing for resources with user searches and dashboards. The second key feature is our ability to track an activity/risk score across millions of entities. This allows us to cluster and cross-correlate automatically across data sources and generate insights. This approach allows us to evaluate all alerts versus filtering and only looking at high-severity alerts. Lastly, because of this, when responding to insight, we have built-in automation that significantly reduces the response time. From a compliance perspective, we have features like tagging and dynamic entity groups that make PCI compliance and other compliance frameworks a lot easier.

Does Sumo Logic provide a platform or tools designed explicitly for DevSecOps and security automation?

Steve Dietz: Yes, Sumo Logic offers various platforms and tools specifically designed to support DevSecOps and security automation practices. One notable tool is their terraform provider, which allows customers to seamlessly set up and configure Sumo Logic resources. This can be done through the UI and via API or terraform provider, enabling smooth integration into continuous integration /continuous deployment (CI/CD) pipelines. By utilizing the terraform provider, organizations can easily automate the provisioning and configuration of Sumo Logic resources, allowing them to incorporate Sumo Logic into their CI/CD pipelines efficiently.

Furthermore, we provide an automation service that greatly facilitates adopting security automation practices. This service allows customers to quickly build and leverage playbooks, which serve as a foundation for automating security-related tasks and workflows. With the automation service, organizations can define and execute custom actions in response to security events, alerts, or other triggers. This empowers teams to automate repetitive security tasks, such as incident response, threat hunting, and vulnerability management, leading to increased efficiency and streamlined security operations. Organizations can seamlessly embed security practices into their software development lifecycle by leveraging Sumo Logic’s platform and tools.

How does Sumo Logic assist organizations in detecting and responding to insider threats or unauthorized access attempts?

Steve Dietz: Sumo Logic provides robust support for detecting and responding to insider threats or unauthorized access attempts through their recently released User and Entity Behavior Analytics (UEBA) capabilities. These advanced features include first-seen detections and outlier detection, addressing both insider threats and unauthorized access use cases. Additionally, organizations can leverage Sumo Logic’s platform to create customized dashboards and reports, empowering them to visualize their security posture effectively. This capability enables organizations to identify trends, patterns, and anomalies in their security data, enhancing their ability to mitigate risks and strengthen security defences.

How did the platforms help address specific security challenges after being integrated into businesses?

Craig Talbot: During the integration process, our focus was on integrating with hyper-scale companies like AWS and Google, as well as SAS providers such as Zscaler, Cloudflare, and CrowdStrike. We prioritized scaling with SAS businesses rather than investing heavily in integrating with legacy applications built on-premises. This allowed us to move faster and capture opportunities in the rapidly evolving cloud market. Our CEO used an analogy of “winning the cheese” by targeting specific segments of the cloud business and scaling alongside them. As for different challenges faced during integration, while I cannot provide specific details, we have put significant effort into ensuring seamless integration with commonly used technologies in modern organizations. We offer out-of-the-box integration, provide APIs for less common integrations, and have a professional services organization to assist businesses.

Additionally, we value partnerships and consider them crucial to our success. We work closely with partners, whether they focus on serving the SAS or legacy company market, and collaborate on API development to cater to various customer needs. We foster close relationships with partners across different markets, collaborate on API development, and provide extensive support to ensure mutual growth and customer satisfaction. Together, we strive to deliver comprehensive and customized solutions that empower organizations in their data analytics and security endeavours.

What are the key reasons organizations consider the cloud more secure than on-premises solutions?

Craig Talbot: When you’re on-premises, there’s a lot of configuration and complexity to manage. Moving to the cloud eliminates those concerns, as many things become standardized and taken care of. People are moving to the cloud not just to move away but because applications are modernizing, and cloud providers like AWS, Google, and Azure offer valuable services on top of the cloud infrastructure.

Customers are looking to achieve maximum velocity in their business while minimizing risk. As long as they can balance velocity with minimal risk and have access to the applications they need, they will continue to move to the cloud. The focus is on managing the digital experience effectively without excessive complexity. The argument for cloud security is gaining ground, and even traditionally conservative markets like Germany are outpacing others in cloud and SaaS adoption in revenue and growth.

Ultimately, whether or not to move towards cloud security is an organisation’s decision based on its unique requirements, risk assessments, and alignment with its strategic objectives. It’s important to thoroughly evaluate the benefits and challenges of cloud security and consider factors such as data protection, compliance, scalability, and cost-effectiveness before deciding.