With more and more organizations moving from traditional on-premises infrastructure to the cloud, it remains critical for organizations to have robust security monitoring, regardless of their cloud platform of choice. Sumo Logic Threat Labs has expanded our log parsing, mapping and detection rules for Microsoft Azure. While our Cloud SIEM has broad coverage for AWS and GCP platforms, we wanted to close the gap for Azure coverage, which previously addressed: Azure - Event Hub Deleted Signal Firing.

If you are an application developer or security analyst, you likely spend a lot of time thinking about your customers’ security. IT operations teams have found many ways to help secure login portals by implementing dual authentication and Single-Sign-On (SSO) portals. Many IT organizations have learned to use SSO and Two Factor Authentication (2FA) to help secure their codebase and employee data. This method is great, assuming that all users are compliant with 2FA.

I recently had the opportunity to discuss state-of-the-art technologies to support security operations with industry analysts. I asked questions and confirmed that the current view of SOAR (security orchestration, automation and response) and SIEM (security information and event management) goes well beyond the security operation center (SOC).

Nowadays, it’s mostly a foregone conclusion that companies need a security program and centralized log aggregation and correlation platform. Unfortunately, the conversation all too often turns toward tactics for data collection and detection of specific threat actors or common vulnerabilities and exposures (CVEs).

Security professionals involved in the IT and cybersecurity industry for the last 10+ years have most likely come across the terms SIEM and recently SOAR, but there is still much confusion about what the specific use cases and purposes are. So, are these tools the same thing? Do security teams need one, the other, or both within their security operation center (SOC) infrastructure?

The news that hacking group Lapsus$ gained unauthorized access to Single Sign-On (SSO) provider Okta through a third-party support account sent chills through information security professionals everywhere. Organizations have adopted SSO identity providers to enable a modern workforce that is increasingly reliant on secure access to cloud-hosted applications to perform critical business functions.

Since our inception, Sumo Logic has been laser-focused on delivering real-time machine data analytics to accelerate digital transformation, while helping businesses effectively build, run, and secure their modern applications and infrastructure—in the cloud or in hybrid environments.