For many years, the U.S. government was hesitant about moving data and applications to the public cloud. Concerns around security were prevalent. Today, cloud has become a central proposition of IT spend in government institutions. With the government urging federal agencies to move to the cloud for its agility, scalability, and cost efficiency, those agencies need access to FedRAMP®-authorized vendors.

While Gartner hasn’t released the SOAR Magic Quadrant, to the delight of many SOAR enthusiasts, the highly anticipated Gartner SOAR Market Guide for 2022 is out and we are happy to announce that Sumo Logic has been included again! Even though Security Orchestration, Automation and Response (SOAR), as a relatively new security category, doesn’t have a SOAR Magic Quadrant, Gartner is already dedicating a market guide for SOAR solutions.

Security analysts and administrators need every advantage to keep up with prioritizing and investigating alerts. A SIEM (security information and event management) solution helps uncover threats, but it takes a lot of time assigning and updating tags, criticality, and signal suppression. Sometimes users opt to skip the step altogether, especially if there are a lot of entities to add or update at once. Other times, they introduce errors during this manual step.

A common question we receive is: should security orchestration, automation and response (SOAR) replace security information and event management (SIEM)? While the two technologies share some common components, they serve different purposes. As security teams look to modernize their security operations center (SOC) to meet the demands of cloud environments, automation is the key priority. To that end, it’s vital to understand the roles of both SIEM and SOAR.

Monday, May 30th, 2022, Microsoft issued CVE-2022-30190 for a Remote Code Execution vulnerability with the Microsoft Support Diagnostic Tool (MSDT) in Windows: “A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.

One of the universal truths in technology is that security always lags behind innovation. Companies must move quickly as they seek to innovate, increase efficiencies and be disruptive in ever-crowded markets. Living on the bleeding edge means you will get a few cuts, but the risk of not adopting new technologies is greater than those of a few system failures or breaches. One challenge is that it is often not apparent what new risks exist until boundaries are pushed.

With more and more organizations moving from traditional on-premises infrastructure to the cloud, it remains critical for organizations to have robust security monitoring, regardless of their cloud platform of choice. Sumo Logic Threat Labs has expanded our log parsing, mapping and detection rules for Microsoft Azure. While our Cloud SIEM has broad coverage for AWS and GCP platforms, we wanted to close the gap for Azure coverage, which previously addressed: Azure - Event Hub Deleted Signal Firing.

If you are an application developer or security analyst, you likely spend a lot of time thinking about your customers’ security. IT operations teams have found many ways to help secure login portals by implementing dual authentication and Single-Sign-On (SSO) portals. Many IT organizations have learned to use SSO and Two Factor Authentication (2FA) to help secure their codebase and employee data. This method is great, assuming that all users are compliant with 2FA.

I recently had the opportunity to discuss state-of-the-art technologies to support security operations with industry analysts. I asked questions and confirmed that the current view of SOAR (security orchestration, automation and response) and SIEM (security information and event management) goes well beyond the security operation center (SOC).

Nowadays, it’s mostly a foregone conclusion that companies need a security program and centralized log aggregation and correlation platform. Unfortunately, the conversation all too often turns toward tactics for data collection and detection of specific threat actors or common vulnerabilities and exposures (CVEs).