Sumo Logic Confidential

Disruption in Cloud

Robert de Haan

CEO – Layer 8 Security

Sumo Logic Confidential

Security Taxonomy

The World is Changing

Sumo Logic Confidential

The World is Changing

Sumo Logic Confidential

The Effect of Digital Disruption

• World’s largest taxi company owns no taxis

• Largest accommodation provider owns no real estate

• Largest phone companies own no phones

• World’s (2nd) most valuable retailer has no inventory

• World’s largest movie house owns no cinemas

Sumo Logic Confidential

Global Center for Digital Business Transformation

Audience Poll:

The digital disruption will displace approximately

what percent of incumbent companies within

the next 5 years? a) < 10%

b) 10-25%

c) 25-50%

d) > 50%

40%

Sumo Logic Confidential

F1000 turnover within past decade

35% of the top

20 F1000

companies

were new

70% of the top 20

F1000 companies

were new

Source: Forrester Research, Inc. and

Built to Change: How to Achieve Sustained Organizational Effectiveness by By E. Lawler, C. Worley & J. Porras

Sumo Logic Confidential

Building a new company

• Time to market

• Access to the market

• Scalable

• Flexible - Dynamic

• Reduced costs

Sumo Logic Confidential

Security Awareness Programs

•We reduce the impact of cybercrime

by testing and repairing the Human

Firewall.

•Baseline – Gap analysis

•Training – continuous – personal

•Reinforcement – continue the

message

•Ascertainment – measure and

analyse

Sumo Logic Confidential

Security Audit and Consulting

Pen Test

Social Eng

Code Review

Vulnerability

Assessment Incident

Response

Vendor

Assurance

PCI DSS Forensics

Gap

Analysis

Audit

Simulated

Attack

Sumo Logic Confidential

SOC as a Service

Sumo Logic Confidential

What is normal vs. a

security event

(reducing the noise) Correlating log data

from disparate

systems

Meeting the stated

frequency of manual log

reviews & log retention

requirements

Large

volumes of log

data

Customer Challenges We Often Hear About

Sumo Logic Confidential

The Evolution of SIEM

Enterprise Security Manager

“Implementing SIEMs continues to be fraught with difficulties, with failed and

stalled deployments common” Source: Gartner

Sumo Logic Confidential

SIEM – “Protect the Known” SECURITY ANALYTICS – “Protect the Unknown”

On Prem Cloud Native

Planning for capacity growth Elastic

15 months (avg.) to deploy Up and running in hours

$1.4M (HW, SW, People) $1,000 for 1GB daily ingest

Perimeter-based security using a

defined signature approach

Distributed cloud model using behavioral-based & continuous

monitoring methodologies (across users, applications, NW,

data); Data Science & Machine Learning algorithms

Islands of Security / Limited view /

Chokepoints / Port Mirroring

Holistic, Integrated, Risk-Based, Enterprise Wide View / APIs

& Native Services

Fixed-Rule Set

(connect the dots)

Machine Learning to identify abstract data relationships,

anomalies, trends, and fraudulent behavioral patterns

Monolithic Applications Modern Applications

Head to Head

Sumo Logic Confidential

We have chosen Sumo Logic

because:

Cloud-Native Analytics Service • Analyze Any Machine Generated Data

• 1000+ Enterprise Customers

• 100+ Petabytes Data Analyzed Daily

• Focus on Modern Applications and delivering intelligence and insight across

Build/Run/Secure use case

• Elastic Web-Scale

• Unified View Across Hybrid Cloud

• Set up Within Minutes / Rapid time-to-value

Sumo Logic Confidential

Centralized Log Aggregation and Analytics

Security Analytics Helps to

Answer:

• What is Happening (descriptive)

• Why did it happen (diagnostic)

Sumo Logic Confidential

Elastic scalability

Mirroring AWS approach Automatic upgrades

New features release weekly

2X – 5X performance

Elastic, scalable

Always on

4 geos, 12AZs, 6 X

replication

Cloud hosted SaaS Analytics (Runs in

AWS)

Optimal visibility & performance

Industry’s most secure

cloud-native analytics platform

Up & running in minutes

Reduce time to value by >70%

No management overhead

Reduce total costs by >50%

Centralized Log Aggregation and Analytics

Sumo Logic Confidential

Log

Reduce

Reduce hundreds or thousands of log lines into easily understood

patterns on a single page to reduce MTTI

by up to 90%

Outlier

Detection

Monitor multi-dimensional metrics &

KPIs via dynamic thresholds to enable accurate, real-time

alerting while eliminating false-

positives

Predictive

Analytics

Leverage historical data to predict

future trends to become more

proactive and reduce risk.

Log

Compare

Compare baselines

before and after events and changes. Ideal for analyzing migrations,

code releases, and Dev/Test/Prod environments

Sumo Logic: Advanced Analytics & Operators Patented Advanced Analytics – Out of the Box

Sumo Logic Confidential

1. Collect & Aggregate • Many and varied sources • Across environments • Safe, secure & fast

2. Visualize & Alert • Real-time dashboards • Proactive alerting • Out-of-the box apps

3. Investigate & Take Action • Search and troubleshoot • Identify unknowns • Analyze, triage and isolate

4. Monitor & Optimize • Detect anomalies • Predict and preempt issues • Streamline and improve processes

Collect, Monitor, Alert, Act

Sumo Logic Confidential

Cloud To Cloud Integrations

CONFIG MGMT

IAAS & PAAS

CONTAINERS

CDN

SAAS

APP STACKS

INFRASTRUCTURE

COMPLIANCE &

SECURITY

Sumo Logic Confidential

The Industry Benchmark in Delivering Secure SaaS • PCI/DSS 3.1 Service Provider Level 1 Certified

• ISO 27001 Certification

• CSA STAR Certification

• SOC 2, Type II attestation

• HIPAA compliant

• FIPS 140 compliant

• AES 256-bit encryption at rest

• TLS encryption in transit

• E.U.-U.S. Privacy Shield

Sumo Logic Confidential

Security Analytics – Overview Screen

Sumo Logic Confidential

Security Analytics – Vulnerabilities on Endpoints

Sumo Logic Confidential

Security Analytics – User Monitoring Screen

Sumo Logic Confidential

Sumo Logic Global Threat Intelligence

• Increase velocity & accuracy of

threat detection

• Correlate Sumo Logic log data

with threat intelligence data to

identify and visualize malicious

IP addresses, domain names,

email addresses and URLs

• Powered by Anomali (formerly

Threat Stream)

Sumo Logic Confidential

Sumo Logic App for Threat Intelligence (powered by Anomali)

Sumo Logic Confidential

Trend Micro – Deep Security

Sumo Logic Confidential

What Our Customer are Saying

“I do not want our team’s valuable time consumed by managing the execution environment. This will not help our business move forward or be more competitive” Josh Abadie, Cloud Engineering Manager

“I was looking for a Cloud SIEM, and when talking to some of the

SIEM MQ Leaders, I knew it was going to be a very short

conversation” Glenn Watt, CISO

Sumo Logic Confidential

Customer Case Study: Airbnb

Customer Usage

• AWS Security

• PCI Compliance

Customer Problem

• Rapid growth of their digital business and machine data

• Small security team, struggling to keep up

• Visibility: New infrastructure coming online (AWS and on-Prem)

• Security: monitor for IOC to protect customer data and brand

• Compliance: Needed centralized logging solution

Solution

• Cloud-based, elastic architecture for immediate time to value and reduced TCO

• Sumo Logic for full-stack, real-time visibility across hybrid infrastructure

• Leveraging advanced analytics/alerting to increase capabilities and efficiency of

team

• PCI/DSS 3.1 Service Provider Level 1 Certified

Results • Rapid Time to Value

• Ability to scale as their business grows

• Ingest and handle peak travel loads

• Improved staff efficiency do more with less

• Visibility across AWS and On-Prem infrastructure, in a consistent way

• Lower TCO

Future Use: Threat intelligence lookup for users/devices

logging into critical infrastructure/apps

Sumo Logic Confidential

THANK YOU