Cloud Infrastructure Security is a cloud-native, enterprise-grade solution composed of security apps, customizable dashboards, and tools to analyze your security data. It leverages Sumo Logic's core functionality, including data collection, ingestion, and storage, to produce findings that help protect your attack surfaces from threats.
To get the most out of Cloud Infrastructure Security, use apps custom-built for the solution, like the Cloud Infrastructure Security for AWS app. This app provides visibility into your AWS environment to give you insights into active threats, security control failures, and suspicious activity.
You can use Cloud Infrastructure Security for:
- Security data lake. Store your structured and unstructured data in a centralized repository so it can be easily accessed for analytics.
- Audit and compliance. Audit your systems to ensure they are in compliance with the rules set by governments and regulatory organizations. This helps protect end users and keep information private and secure, in addition to outlining protocols in the event of a breach.
- Threat detection and investigation. Identify and explore threats or security-related events within your assets, applications, or networks as quickly and effectively as possible.
- Application security. Monitor your software development pipeline to ensure it is secure during the continuous integration/continuous deployment (CI/CD) process and production cycle.
To learn more about Cloud Infrastructure Security and receive training certification, take the Cloud Infrastructure Security course in our Sumo Logic Training Portal.
The Sumo Logic data pipeline
The Sumo Logic data pipeline makes collected data available for use in Cloud Infrastructure Security. At a high level, it follows four steps:
- Data collection. First, you must set up an OpenTelemetry collector, installed collector, or a hosted collector and add a source. You can also set up source categories and other metadata, which helps you search and analyze the data you collect.
- Search and analyze. Once data is in Sumo Logic, you can write queries to search events in real-time from the analytics platform UI.
- Visualize and monitor. Once you’ve found and analyzed data that’s interesting, you can create dashboards to visualize it and set up alerts to monitor your data in real-time. Certain pre-built apps come pre-configured with dashboards designed for security.
- Share the findings. Export your dashboards or share with others on your team. You can control who can view and edit your dashboards to keep your data secure.
Build security analytics assets
Using the following skills with Sumo Logic's core platform, build the infrastructure you need to be successful in Cloud Infrastructure Security:
- Write queries
- Build dashboards
- Create alerts
Once your data is ingested, you’ll need to search and filter it to find log messages of interest for your security analytics. With field extraction rules (FERs) and scheduled searches, data processing and querying can be automated. Finally, once you've written these queries, you can visualize them with dashboards and create alerts based on certain thresholds.
In addition to queries, dashboards, and alerts, Cloud Infrastructure Security offers many other features, including:
- Integrations for common applications and services like AWS, Office365, SalesForce, and others
- Threat intelligence and security from CrowdStrike, AWS GuardDuty, Cylance, Cisco, and others
- Maintains major compliance certifications, including PCI DSS, ISO 27001, and FedRAMP
- Multi-cloud, hybrid cloud, and full stack security visibility
These tools can help you detect previously hidden threats.
Explore Sumo Logic security features
Queries are the core of Sumo Logic's data processing platform. With queries, you can display information in tables, visualize data in dashboards, and create automated alerts. Explore the following features to learn how to leverage queries for Cloud Infrastructure Security:
- Lookup tables. Create lookup tables to enrich the log data received by Sumo Logic. See Create a Lookup Table.
- Dashboards. Dashboards to display a number of useful metrics in easy-to-read form to allow administrators to see system status at a glance. You can quickly set up custom dashboards from scratch. See Create a Dashboard.
- Alerts. Automated alerts notify important personnel when there may be a potential threat. Again, Sumo Logic's analytics platform makes it simple. You can learn how to set up an alert in just a few minutes. See Create a Monitor.