We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Sumo Logic announced today the general release of a security orchestration, automation, and response (SOAR) platform it gained via the acquisition of DFLabs earlier this year.
The Sumo Logic Cloud SOAR platform is now integrated with more than 200 third-party IT and security tools using the existing Sumo Logic Open Integration Framework, said Dario Forte, vice president and general manager for orchestration and automation for Sumo Logic.
Sumo Logic previously launched a major expansion into the realm of cybersecurity with a security information event management (SIEM) platform that runs on the Amazon Web Services (AWS) cloud. Sumo Logic Cloud SOAR provides a set of complementary capabilities that IT teams can use to automate a wide range of playbooks and processes, said Forte. SOAR can be integrated with the SIEM platform, whether provided by Sumo Logic or another third party.
SOAR platforms help make up for the chronic shortage of cybersecurity expertise, so interest in the technology has always been high. The challenge is that implementing a SOAR platform, which needs to be integrated with a wide range of IT and security tools, is challenging for most enterprise IT organizations. In the past few months Sumo Logic has made it easier to deploy its newly acquired SOAR platform by providing a wide range of pre-built integrations, noted Forte.
Sumo Logic is planning to apply the observability platform it provides DevOps teams to cybersecurity as part of an effort to advance the adoption of DevSecOps best practices, Forte said. For example, he said, playbooks could be automatically created and applied to security issues the observability platform discovers.
The benefits the Sumo Logic Cloud SOAR platform provides include not only faster overall response times in the event a security threat is discovered, but also a supervised active intelligence capability that suggests what processes to implement to address specific use cases, noted Forte. “It will make recommendations for making changes to automations,” he said.
In addition, the Sumo Logic Cloud Platform reduces the number of false positive alerts generated by using alert enrichment and deduplicating alerts that are being created because of the same incident.
Finally, the Sumo Logic Cloud Platform makes it easier to manage the escalation process, collaborate across incidents, and generate detailed reports that identify both the timeline of the event and the corrective actions taken, Forte said.
Longer term, IT organizations should expect to see Sumo Logic incorporate a wide range of algorithms to further automate security processes, noted Forte. Sumo Logic, however, is not inclined to tout those algorithms as instances of AI, he said. Machine learning and deep learning algorithms are only one form of analytics that is being incorporated into the SOAR platform, he said.
Ultimately, the goal is to not obviate the need for cybersecurity professionals, but rather to augment them via an automation platform that makes it simpler to address security issues at scale, added Forte.
When SOAR platforms first became available, there was some resistance to the idea that the management of cybersecurity tasks could be automated. However, as the volume of cybersecurity attacks has increased, more cybersecurity professionals are starting to appreciate the value of automation. The challenge, of course, is developing the expertise required to create a playbook to automate those processes in the first place. Fortunately, as more playbooks are created, they tend to be shared among cybersecurity teams, eliminating the need for each organization to create their own playbook from scratch. Instead, they can just extend an existing one to help level a decidedly uneven cybersecurity playing field.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.