Security breaches are becoming increasingly commonplace and dangerous. The World Economic Forum nominated cyber-attacks as one of the major threats to global stability for 2019. Not only money is at stake, as breaches have an appalling effect on organizations’ reputation, trustworthiness, and often prove to a business killer. Most important, however, is the data – our personal data that once stolen is available to cybercriminals to exploit.

The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.

This week the US government as well as many enterprises were hit by a cyber attack, dubbed Solorigate, via the SUNBURST backdoor. Fireeye (also a victim of the attack) has done a great analysis of how the attack works, and we recommend reading it. But we’ll focus on a couple of takeaways instead of the precise details of how it worked. What we can learn from it in order to improve our cybersecurity posture.

The events of 2020 brought us unprecedented challenges that no one was prepared for, changing the way we live, work, and communicate, impacting the global economy, all geographic regions, and every single industry. In such a downturn cybercrime flourishes, especially when organizations move most of their operations and processes online.

Sumo Logic has reviewed the announced breach on December 8, 2020 by FireEye and their subsequent public release of over 300 countermeasure rules. We are continuing to analyze the available information and would like to share this update to all existing and prospective customers interested in how our Sumo Logic services can assist with this development.

Many people, when reviewing their security strategy, ask the question “is SIEM suitable for my organization”, or simply “is SIEM right for me?” And for a long time, the answer was “no unless you are a large multinational”. The price, the complexity and the hard-to-get value made SIEM a category suitable only for the big corporations with large security teams and budgets.

There’s an unwritten rule that every machine that becomes visible on the internet is under attack in under 5 seconds. We recently deployed our LogSentinel SIEM honeypot with one of our customers and that rule proved correct – immediately malicious requests from all over the world started pouring in, on almost all the protocols that we support – SSH, RDP, SMB, HTTP, and they haven’t stopped since.

SIEM has traditionally earned itself a bad reputation as an unwieldy and unmanageable tool that really never lived up to its promises. In my presentation during Illuminate, I talked about what Sumo Logic is doing to modernize log analytics and SIEM as a whole. Today, we see that despite how overall technology is accelerating, security always seems to lag behind. In Sumo Logic, we address this head-on.

We have built our LogSentinel SIEM around some core principles and we’d like to share and explain them.

PSD2 is the new EU Directive that aims to open up the banks and allow non-banking institutions to provide payment services. It is a great thing but it comes with many requirements. They are in the form of implementing and delegated acts of the European Commission as well as guidelines of the European Banking Authority. The directive, the implementing acts, and the guidelines are mostly best industry practices with regard to security and risk management.