Sumo Logic introduced Global Intelligence Service for AWS CloudTrail.

This latest offering provides security teams with valuable real-time security intelligence to scale detection, prioritization, investigation, and workflow to prevent potentially harmful service configurations that could lead to a costly data breach.

The new Sumo Logic Global Intelligence Service for AWS CloudTrail uses baseline algorithms derived from industry best practices, frameworks, and vulnerability scans to analyze event activity and create benchmarks and insights based on potentially risky AWS configurations across population cohorts. With this real-time intelligence, Sumo Logic helps customers address the following questions:

- How does my company’s attack surface compare to peers? Benchmark: Sumo Logic provides teams with visibility into volume of individual AWS resources, variety of those resources, and velocity of change within those resources to identify how their attack surface is similar to or differs from others using AWS.

- Which service configuration changes are normal and which ones are harmful? Prioritize: Sumo Logic provides teams insights and benchmarks to help them visualize and detect harmful configurations that can potentially cause data breaches. With this real-time intelligence, teams can focus on configurations that can be used as a potential point of breach entry and efficiently allocate resources to quickly perform remediation efforts.

- What can my company do now to prevent future attacks? Optimize: Sumo Logic helps customers continuously optimize their security posture by providing security teams with recommendations on how to reduce their attack surface area (i.e. remove unused resources), proactively reconfigure their EC2, IAM, and S3 services based on baseline configurations, and which AWS accounts, users, and machines need to be added to watchlists.

“As more companies go through their digital transformation and cloud journeys, it is important for them to review their security posture and controls to ensure the security of customer-facing digital services, as well as sensitive customer data,” said Bruno Kurtic, co-founding VP, Product and Strategy, Sumo Logic. “The security insights provided by our new Global Intelligence Service for AWS CloudTrail will be a valuable resource for already stretched security teams to proactively identify configuration issues and quickly address them before they turn into incidents and impact their business.”

This solution is the second offering from the company’s Global Intelligence Service, an operational and security benchmarking service that leverages machine learning and statistical analysis to uncover global key performance and risk indicators that allow organizations to measure themselves against the world’s leading adopters of new technologies, modern architectures, and cloud infrastructures. The first offering, Global Intelligence Service for Amazon GuardDuty, is being used by leading companies to further strengthen cloud security posture, improve threat detection, and enhance regulatory compliance.

The Sumo Logic Global Intelligence Service is part of the company’s Global Intelligence solution, a design to extend machine learning and insights to new teams and use cases. The other offerings include the Sumo Logic Continuous Intelligence Report, Sumo Community Insights, and Sumo Data Science Insights.

Global Intelligence Service for AWS CloudTrail is currently in closed beta and expected to be in the Sumo Logic App catalog early 2020.