DEVOPSdigest

Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly.

These advancements, bolstered by Sumo Logic’s free data ingest licensing, empower customers to use their critical security data to close security gaps and better fuel DevSecOps.

“Many organizations are still working to adopt a ‘shift-left’ strategy to evolve to a true DevSecOps approach that breaks silos and enables teams to solve the hardest operational and security challenges faster. This is only possible when teams across development, security and operations are looking at the same data and insights, which means aligning on the atomic level of data – logs,” said Joe Kim, President and CEO of Sumo Logic. “We’re excited to deliver new security innovations leveraging AI and deeper threat intelligence, all wrapped around our new Flex Licensing model - removing the economic and collaboration barriers by ingesting, storing and analyzing all security log events in the Sumo Logic SaaS Log Analytics Platform, so Dev, Sec and Ops teams have a single place to monitor and secure their apps and infrastructure.”

Sumo Logic’s latest security innovations and enhancements fuel DevSecOps by:

- Quickly finding insights: Sumo Logic's advanced analytics capabilities allow security teams to find insights within their data to keep up with the rapid pace of cyber threats. Whether companies are looking to detect threats or troubleshoot issues, Sumo Logic provides the tools teams need to uncover valuable insights in real-time. New and updated capabilities include:

- MITRE ATT&CK Threat Coverage Explorer: MITRE ATT&CK Threat Coverage Explorer is a new feature within Sumo Logic’s Cloud SIEM solution that helps security teams analyze its threat coverage across the organization and continuously improve its security posture. With the industry’s most comprehensive out-of-the-box rules and content, no other solution provides customers the ability to view and filter both theoretical coverage and historical events relative to adversary tactics, techniques and procedures (TTPs). Additionally, customers can compare their own exposure against peer benchmarks across the Sumo Logic customer base, leveraging global intelligence using dynamic filters to zero in on specific areas of concern based on their security log sources and rules they’ve disabled, enabled or prototyped.

- Copilot: Sumo Logic is introducing Copilot, an AI-assisted log analytics experience with pre-built natural language prompts to help early career Dev Sec and Ops teams can gain expert-level insights, uplevel query skills and drive to root cause faster. Copilot’s innovative experience ensures that users can get accurate answers without trial and error, a common pitfall in many GenAI implementations.

- AI-driven Alerting: Now generally available to all customers, Sumo Logic’s patent-pending AI-driven Alerting feature enables users to harness the power of AI-driven anomaly detection and automation through playbooks. AI-driven alerts get organizations closer to their goal of self-healing and self-protecting apps by triggering playbooks that automate response to unusual or suspicious application and infrastructure signals. Unlike other solutions, Sumo Logic’s Anomaly Detection build ML models using several weeks of historical data while leveraging AutoML to detect seasonality and tune model parameters without user intervention. Playbooks can also be assigned to monitors with a single click, significantly streamlining the experience compared to competitive products.

- Collecting all the data in one place for actionable insights: Sumo Logic offers a single source of truth for security and operational data, ensuring consistency and reliability across an organization. By centralizing security logs and threat intelligence in one platform with a flex licensing model and easy-to-query insights, Sumo Logic eliminates data silos and cost barrier concerns over which data to collect. Sec, Dev, and Ops teams can trust that the information they're working with is accurate, up-to-date and easily accessible for better decision-making and more effective collaboration.

New capabilities include:

- New Integrated Threat Intelligence: By integrating out-of-the-box threat intelligence feed and third-party feeds with security log data, Sumo Logic is strengthening security postures and providing earlier threat detection. This new feature enables the integration of multiple threat intelligence feeds across all platform features to provide broad threat intelligence.

- New Unified Interface breaks down DevSecOps silos: Sumo Logic is previewing a new UI experience across its Log Analytics, Cloud SIEM and SOAR offerings. With all data and dashboards in one place, Sec and Dev teams can streamline their processes, easily query from the same source of truth, and eliminate unnecessary tools.

- Expanded Cloud Infrastructure Security Data: Thanks to Sumo Logic’s Flex Licensing and the latest addition of open-source security policy checks, customers can now enjoy increased cost-effectiveness without sacrificing security coverage from Cloud Infrastructure Security. Customers can maintain comprehensive visibility of the overall health of their AWS environment by leveraging the new Cloud Infrastructure Overview dashboard and take action against surfaced misconfigurations and vulnerabilities faster with AI-powered remediation plans and playbooks.