Cloud Security, Cloud Security

Sumo Logic makes its integrated SIEM-SOAR product readily available

Visitors walk by a cloud sign at a technology trade fair on March 21, 2017, in Hanover, Germany. S3 buckets have become a security time bomb, said one expert. (Alexander Koerner/Getty Images)

Sumo Logic on Tuesday stepped deeper into the cloud operations realm by announcing the general availability of Sumo Logic Cloud Security Orchestration, Automation and Response (SOAR), its latest offering that aims to help organizations modernize its security operations centers (SOCs).

By releasing Sumo Logic Cloud SOAR, Sumo Logic looks to improve SOC productivity, increase visibility, enhance incident response, and help SOC security teams make more insightful decisions.

The availability of Sumo Logic Cloud SOAR follows Sumo Logic’s acquisition earlier this year of DF Labs. The SOAR product from DF Labs combines with Sumo Logic Cloud SIEM to promise comprehensive cloud-native security intelligence solutions that are built for today’s digital businesses running modern applications, architectures and multi-cloud infrastructures. 

The new integrated offering acknowledges the elevation of expectations that we have for cybersecurity solutions, said Frank Dickson, program vice president, security and trust at IDC.

“Detection is simply not enough, today’s solutions need to provide detection and response,” Dickson said. “These changing expectations are not static as simple response will soon give way to higher levels of remediation. This new offering from Sumo Logic is the first resulting from the acquisition of DF Labs, but it certainly will not be the last.”

Jon Oltsik, senior principal analyst who covers security at the Enterprise Strategy Group, added that this new product integration is a good addition for Sumo Logic as it can now complement security analytics with SOAR for process automation. 

“Sumo Logic customers can benefit from SOAR and it may help to make Sumo Logic more attractive to prospective customers,” Oltsik said. “Finally, Sumo Logic can now serve as a complete security operations platform for MSSPs. Now it’s up to Sumo Logic to keep up with leading SOAR vendors in terms of feature/functionality.” 

Sean Nikkel, senior cyber threat intel analyst at Digital Shadows, said one of the best recommendations from someone who has worked in a SOC would be to get a SOAR working. Nikkel said SOAR platforms can go a long way to reduce some of the workload fatigue and burnout that comes with repetitive tasks, especially when it comes to incident response.

“What's great about SOAR is it can potentially reduce the time spent investigating, responding, and remediating alerts,” Nikkel said. “For finite resources like time and staffing, the savings potentially lead to other process improvements, like more time for threat hunting, professional development, and customer engagements. SOAR can pull different systems together for specific scenarios and adds the potential benefit of increased quality of investigations since you can add more enrichment and context for the analysts in an automated, repeatable way.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.