eWeek Sponsored Posts Technology News, Tech Product Reviews, Research and Enterprise Analysis Mon, 11 Sep 2023 17:47:33 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 Building Observability for Cloud Data Platforms https://www.eweek.com/sponsored/sponsored-post/building-observability-for-cloud-data-platforms/ Thu, 24 Aug 2023 21:02:04 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222886 The cloud presents businesses with increased opportunities to make the most out of their data. In the cloud, there is more data coming in from more sources, and businesses can leverage that data to fuel innovation. But to leverage their data, businesses need to prioritize building observability into data pipelines. Effective observability of data pipelines […]

The post Building Observability for Cloud Data Platforms appeared first on eWEEK.

]]>
The cloud presents businesses with increased opportunities to make the most out of their data. In the cloud, there is more data coming in from more sources, and businesses can leverage that data to fuel innovation. But to leverage their data, businesses need to prioritize building observability into data pipelines.

Effective observability of data pipelines ensures the processes providing valuable data are in good health and are running properly, thereby playing a role in business continuity and competitive advantage. For that reason, emphasis must be placed on whether the processes are producing quality data in a timely manner for the consumers relying on it for business decisions.

In today’s cloud-based world, businesses strive to extract maximum value from their data quickly and easily, therefore making observability critical to data-driven decision making.

Cloud changed the need for observability

Because cloud infrastructure scales based on need, robust observability is necessary. Resilient data processes must be built to track the data because this scalability also increases the likelihood that a process might fail along the way. Cloud-based businesses now need to think about building observability for failure.

Cloud computing has also introduced the ability to align data processes more closely with the actual data – a transformation largely due to the increased compute available in the cloud. As data processing within cloud data platforms increases, the need for effective observability solutions to monitor these processes becomes more pressing.

The cloud has also played a role in the evolving nature of data spaces, often leading to new challenges for data analysts and engineers. Sandbox environments, which were typically used for testing, have become commonplace. This has led to an explosion of new data processes that require additional monitoring and observability.

The creation of more production spaces has also heightened the need for strict process and access management protocols. The dynamic nature of the cloud requires robust, automated governance so that only authorized users have access to sensitive data. As data moves from pipeline to production, each step needs to be monitored and controlled to prevent errors and ensure the integrity of the data, emphasizing the need for effective observability solutions.

Observability is critical for organizations

Data observability ensures visibility into the performance and health of data processes. It’s the ability to track, monitor and understand the state of data processing workflows and pipelines in near real-time. Observability ensures that the processes running to serve business needs are operating optimally, generating the insights necessary for informed decisions. This benefits different stakeholders in an organization, from data analysts and engineers to the end consumers of data-driven insights.

  • Analysts: Observability empowers data analysts by placing the power of data quality in their hands. It allows them to build their own data pipelines and machine learning models. By monitoring their creations, they can ensure these processes are working correctly and delivering valuable insights. In this environment, they are not merely passive consumers of data, but rather active participants in the data lifecycle, creating an ecosystem where data-driven decision-making thrives.
  • Engineers: Data engineers benefit from data observability by monitoring infrastructure robustness and reliability. Observability tools provide them with real-time insights into the system, helping them quickly identify and address issues before they escalate. In the cloud, infrastructure scales based on needs, so observability is critical for engineers to build processes that are resilient.
  • Consumers: Proper observability impacts the end consumers of the data—the business decision-makers. Reliable, accurate and timely data is critical for making informed business decisions. Data observability ensures that the insights generated by data processes are trustworthy and available when needed, fostering confidence in the data and the decisions made from it.

Building observability for the cloud

Capital One Software, an enterprise B2B software business of Capital One, designed and built its own monitoring and observability solution for Capital One Slingshot, a SaaS product that helps businesses maximize their Snowflake investment. Preserving the quality and performance of Snowflake data pipelines in Slingshot required a custom-built observability solution.

Using fundamental resources provided by Snowflake, the observability solution was built based on a three-step approach: detect, notify and act. Monitoring activities measure the overall performance of the data processes running in Snowflake and detect abnormalities. Once an error is detected, all impacted stakeholders are informed immediately. The “act” piece varies based on the situation, but timely notifications are critical to rectifying a situation quickly. This anticipatory approach to data monitoring allows Capital One Software to maintain smooth operation of its data processes running in Snowflake, thus minimizing potential interruptions that could hinder downstream processing.

Organizations that want to ensure observability is in place for their own cloud-based data pipelines should focus on:

  • Define standards for monitoring and alerting: Develop baseline standards used across all teams and encourage further customization based on specific needs. Also, apply overarching monitors that apply to all teams (i.e., a common process failure or unauthorized access to the system).
  • Anticipate and prepare for failure: Given the volatile nature of the cloud, businesses need to design robust and resilient processes. Ensure that efficient alert systems will notify relevant parties across preferred channels in the event of a failure. This needs to be done in a timely manner.
  • Automate, but don’t forget the human element: Automate common remedial actions to aid with quick resolution. However, prepare for the potential situations where human intervention is still necessary. For example, depending on the process, it might be an analyst that resolves an issue as it arises or even a product support team if it serves a larger community of analysts.

As the data ecosystem evolves, the need for more robust, customizable monitoring and alerting solutions will only increase. Businesses should invest in solutions that meet their unique needs to ensure data processes are delivering reliable, timely and actionable insights. In the world of data-driven business, organizations cannot afford to ‘fly blind.’ It’s critical to detect, notify and act swiftly to ensure business continuity and decision-making efficacy in the face of ever-increasing data complexity.

The post Building Observability for Cloud Data Platforms appeared first on eWEEK.

]]>
Why Good Data Proves Critical for an AI-Powered Cybersecurity Future https://www.eweek.com/sponsored/sponsored-post/why-good-data-proves-critical-for-an-ai-powered-cybersecurity-future/ Tue, 08 Aug 2023 09:34:18 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222825 In the Spy vs. Spy universe of security teams and cyber criminals, the good guys and the bad guys are constantly preparing themselves for another day of battle. But instead of blasting dynamite and chucking bombs, they’re both equipping themselves with the same tool these days: artificial intelligence (AI). Demand from both sides is driving […]

The post Why Good Data Proves Critical for an AI-Powered Cybersecurity Future appeared first on eWEEK.

]]>
In the Spy vs. Spy universe of security teams and cyber criminals, the good guys and the bad guys are constantly preparing themselves for another day of battle. But instead of blasting dynamite and chucking bombs, they’re both equipping themselves with the same tool these days: artificial intelligence (AI).

Demand from both sides is driving a booming global cybersecurity AI market that will reach an estimated $103 billion by 2032, up from $17.4 billion last year. For the criminals, AI reduces barriers to entry while saving time and resources, significantly contributing to a 50 percent increase in phishing attacks. Experts and analysts have also linked AI to advanced persistent threats (APTs), deepfakes, malware incidents and distributed denial of service (DDoS) attacks large and small: For example, one of the most devastating cyberattacks in history, NotPetya, spread rapidly by using an AI-powered algorithm to infect computers without detection, resulting in worldwide damages of at least $10 billion.

Clearly, organizations must maximize the value of AI to counter their adversaries’ efficacy with these tools. However, this requires navigating through all of noise. After all, AI is emerging as a massively consumable resource for even everyday end-users. But, in the process, there is a fundamental reality which is getting lost in translation: Without good data, AI in cybersecurity is useless.

Good network data/telemetry enables security teams to detect, identify, investigate and make impactful decisions that improve defenses over time. AI on its own does not embody an oracle for detection and protection. It should serve more as an assistant to investigations, so teams can swiftly reduce time for alert assessments and remediation/response.

Weak, inconclusive data will forever hinder security professionals as they attempt to truly understand what’s happening within the network. Teams need network detection and response tools that allow them to capture good, structured network data. As a result, analysts can apply AI-driven language processing to the collected, structured data, to boost their decision-making and overall defense.

To make this possible, Corelight recently announced that we integrated AI in the form of generative pre-trained transformers (GPTs) and advanced machine learning (ML) analytics into our portfolio to expand network detection coverage and further supplement security teams’ investigations. This is made possible because of the quality of evidence born from the Zeek project, an open-source network monitoring tool which our founders created. Corelight Sensors run on Zeek, taking the detailed logs it generates to identify security events/anomalies and investigate incidents quickly and efficiently.

In terms of moving forward with AI in cybersecurity, we recommend that teams keep in mind the following three core “truths”:

  • Don’t simply buy into the loudest AI hype. In selecting any product or vendor, make sure you’re investing in a solid foundation of good data that you can keep building upon for continuous improvement.
  • Accept reality. Attackers love AI, and they’re getting better and better at deploying it. Organizations must stay at least one step ahead of what the bad guys are doing.
  • Achieving this begins and ends with good data. Quality data is required to build powerful AI tools that lead to good analytics and, ultimately, informed security decision-making.

We were in a similar situation two decades ago when the cloud hype cycle commenced- too many companies bought in while overlooking the need for strong data storage and computing power. Today, they’re making the same mistakes by attempting to conduct optimal analytics without good data.

For now, and the indefinite future, we should assess tools based upon two paths of inquiry: In which part of the product do we ask questions, and which part contains the data that will answer the questions? We will arrive at the required state of absolute fortified protection if we embed this awareness into our knowledge base. And that means – in our Spy Vs. Spy universe – our side will be best prepared for battle.

The post Why Good Data Proves Critical for an AI-Powered Cybersecurity Future appeared first on eWEEK.

]]>
What to Hunt for in Your Cloud Environment https://www.eweek.com/sponsored/sponsored-post/what-to-hunt-for-in-your-cloud-environment/ Mon, 19 Jun 2023 15:26:54 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222595 Cloud security can be complex. But it doesn’t have to be. As organisations move towards cloud environments, it is often uncertain what security measures need to be taken, or indeed how processes should be introduced. A change in Cloud configurations and administration means that there are many new opportunities for adversaries to detect vulnerabilities, and […]

The post What to Hunt for in Your Cloud Environment appeared first on eWEEK.

]]>
Cloud security can be complex. But it doesn’t have to be.

As organisations move towards cloud environments, it is often uncertain what security measures need to be taken, or indeed how processes should be introduced. A change in Cloud configurations and administration means that there are many new opportunities for adversaries to detect vulnerabilities, and to exploit misconfigurations in Cloud environments.

“(31%) of 4,332 global enterprise cloud decision makers ranked “cybersecurity” as a top investment priority for their organization in 2023”- Google, Cloud Brand Pulse Survey, Wave 5, 2022

Top 3 Vulnerabilities in Cloud to Watch Out for

There are multiple vulnerabilities within your cloud environment. Identifying them must be a top priority.

1. Unauthorized Access

The first challenge is that most Cloud offerings are designed with one thing in mind: accessibility. While ease of access is fundamental, this can cause issues with unauthorized access. With the ability to access Cloud data from multiple locations, devices, and accounts, this data is left more vulnerable than ever.

“By 2027, more than 50% of enterprises will use industry cloud platforms to accelerate their business initiatives.”- Gartner

2. Insider Threats

The second challenge is that when it comes to ease of access, one great feature of Cloud platforms is the ability to create multiple links between teams, and platforms, but that can leave an organisation more vulnerable. Insider threats, across all platforms, is one of the greatest threats to an organisation’s cyber security posture.

3. Data Exfiltration

The third challenge is that with Cloud security there are multiple devices, including mobiles, that can become compromised. Remote access, as well as data downloading and access to 3rd parties, means that data may be displayed.

What to Hunt for in Your Cloud Environment

To solve the above three challenges, Threat and Risk Intelligence, and Threat Hunting is crucial. You need to know what to hunt for within your environment, and to be proactive rather than reactive to your security measures.

  • Indicators of Compromise

Malicious activity presented in the form of Indicators of Compromise. IOCs can include malicious file names, hash values, IP addresses or registry key edits. IOCs are normally identified through research or Threat Intelligence platforms.

  • Tactics, Techniques and Procedures (TTPs)

TTPs are the patterns of activities or methods associated with a specific threat actor or group of threat actors. Without an IOC, we can hunt for different TTPs and identify any suspicious activity.

  • Anomalies in the Environment

It can be the case that a Threat Hunt reveals no new IOC’s or attacker TTPs, however we may discover other anomalies within our environment that need to be investigated and remediated.

  • Unknown Insider Threats

An insider might be able to circumvent security controls. Threat Hunting enables us to detect potential insider threat activity.

Next Steps Toward a Simplified Cloud Security

  1. Work towards having a “Single Pane of Glass” view by establishing comprehensive visibility across your estate. This should be consistent for on-prem, endpoints, Cloud, or a mixture of different type of assets. This can be done using log-based analytics and API-driven integrations on a SIEM. Improve Digital Risk controls based on measurable metrics (SOC KPI’s, tickets generated/resolved and service SLA’s) and risk assessments.
  2. Ensure that Managed Detection & Response (MDR) is in place for complete visibility of your digital world. Visualise and understand malicious or anomalous activity. Analyse, prioritise and respond to threats in rapid time. Safeguard your data, people, and processes.

SecurityHQ takes away the confusion and the heavy lifting of threat hunting, to save you money, time, and prevent stress, so that you can get on with what you do best, hassle free.

To learn more about Threat and Risk Intelligence here, download the datasheet here. Or, to speak with an expert, contact the team here.

The post What to Hunt for in Your Cloud Environment appeared first on eWEEK.

]]>
How to Turn Security and Compliance From a Tug of War Into the Dream Team https://www.eweek.com/sponsored/sponsored-post/how-to-turn-security-and-compliance-from-a-tug-of-war-into-the-dream-team/ Wed, 14 Jun 2023 22:37:01 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222547 Perhaps once distinct teams within organizations, security and compliance functions today go hand-in-hand — or at least they should, writes Sumo Logic CSO George Gerchow. Data breaches continue to wreak havoc on today’s enterprise, with rising stakes of both cost and reputation. To help combat this challenge, we’re seeing more government regulations across industries create […]

The post How to Turn Security and Compliance From a Tug of War Into the Dream Team appeared first on eWEEK.

]]>
Perhaps once distinct teams within organizations, security and compliance functions today go hand-in-hand — or at least they should, writes Sumo Logic CSO George Gerchow.

Data breaches continue to wreak havoc on today’s enterprise, with rising stakes of both cost and reputation. To help combat this challenge, we’re seeing more government regulations across industries create a compliance roadmap for IT security. To add to the pressures of security and privacy, the skills gap is widening and is being compounded by layoffs in the technology industry.

To protect against the increase of threats in the enterprise and meet new compliance standards, security and compliance teams need to better align. Our recent report found that split and shifting priorities continue to plague security and compliance teams. The report found that 76% of security teams have significantly or completely shifted their organization’s security strategy for regulatory and compliance priorities. This has resulted in many companies having security teams take on privacy controls if/when necessary. Less than half companies (40%) said they have suspended or postponed security projects to address compliance issues, which has resulted in putting security in the backseat.

The reality is that companies are still trying to find the split between security and compliance. But this strategy has to change. There are two simple steps that companies can take to merge budgets and create team collaboration to align security and compliance initiatives.

Merge security and compliance budgets

Security and compliance initiatives are equally important to securing and protecting today’s workforce and should not be siloed. However, when budgets are allocated, one division usually gets more resources. When security and compliance teams have a unified strategy and budget, it allows for each team to focus on what they do best — fighting threats and navigating increasing government regulatory pressures.

Currently, 86% of technology leaders in our survey said they plan to make a significant investment in compliance solutions and data privacy in the future, while just over half (52%) will make a significant investment in a security management suite. By merging budgets, security and compliance teams can invest in comprehensive solutions to unify their strategies.

Security and compliance practices have demonstrated that they are meant to go together. It’s hard to run one cyber division successfully without the other.

Unite teams with collaboration tools and unified responsibilities

More organizations are under regulatory scrutiny, and companies cannot afford to stray from protocol, making compliance a business-driven initiative that funds security. Therefore, compliance and security teams need to remove communication silos and learn to work together to tightly manage security and compliance.

As a first step to boost team collaboration, security and compliance team members need to understand one another’s clear and defined roles and use shared collaboration tools like Slack or other instant-messaging apps. Once aligned on roles and responsibilities, I recommend documenting them in this shared space so it’s easily accessible by teams and can be regularly updated. By merging collaboration tools, security and compliance teams also gain greater visibility into similar challenges, a better understanding of one another’s policies and remove doubled-up oversight to create cost efficiencies.

Once security and compliance teams are regularly communicating, I like to give them both opportunities to overcome hurdles and work on projects together. One simple way to engage teamwork between security and compliance is through employee awareness training for both data security and privacy. Working closely with the compliance team, the security team can update security awareness programs to include privacy concerns and responsibilities impacting the company.

If security and compliance IT teams unify their resources and goals, they will be able to solve compliance challenges, while protecting against cyberattacks.

The post How to Turn Security and Compliance From a Tug of War Into the Dream Team appeared first on eWEEK.

]]>
How to keep your apps safe and accelerate release cycles (Guide: Application security) https://www.eweek.com/sponsored/sponsored-post/how-to-keep-your-apps-safe-and-accelerate-release-cycles-guide-application-security/ Wed, 14 Jun 2023 22:32:35 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222552 Your step-by-step guide to implementing application security best practices Applications are critical to the success of any business. Keeping them secure takes work. Integrating security throughout the software development lifecycle is essential to addressing cybersecurity issues before they happen. In this guide, “How to keep your apps safe and accelerate release cycles” we review the […]

The post How to keep your apps safe and accelerate release cycles (Guide: Application security) appeared first on eWEEK.

]]>
Your step-by-step guide to implementing application security best practices

Applications are critical to the success of any business. Keeping them secure takes work. Integrating security throughout the software development lifecycle is essential to addressing cybersecurity issues before they happen.

In this guide, “How to keep your apps safe and accelerate release cycles” we review the seven steps you can take to more fully integrate security throughout your CI/CD lifecycle.

Download the guide today to learn more!

The post How to keep your apps safe and accelerate release cycles (Guide: Application security) appeared first on eWEEK.

]]>
100% visibility from day one (Case study: SoSafe) https://www.eweek.com/sponsored/sponsored-post/100-visibility-from-day-one-case-study-sosafe/ Wed, 14 Jun 2023 22:24:23 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222551 Download case study About Founded in 2018, SoSafe is a leading cybersecurity awareness company in the DACH region with 300+ employees rapidly growing across five office locations that serve its more than 2,500 customers and 1.7 billion users. 100% visibility from day one Challenge DevOps and security teams needed to unify telemetry to maximize their […]

The post 100% visibility from day one (Case study: SoSafe) appeared first on eWEEK.

]]>
Download case study

About

Founded in 2018, SoSafe is a leading cybersecurity awareness company in the DACH region with 300+ employees rapidly growing across five office locations that serve its more than 2,500 customers and 1.7 billion users.

100% visibility from day one

Challenge

DevOps and security teams needed to unify telemetry to maximize their efficiency and visibility.

Through years of rapid growth, SoSafe’s infrastructure for its IT environment and SaaS product had grown significantly and included a mix of cloud and on-premises systems that were all producing high volumes of telemetry data for a range of users and needs.

The DevOps and site reliability engineers (SRE) teams were generating content to monitor the SaaS platform and infrastructure to understand how things were performing while the security operations center (SOC) team was using a range of tools to monitor the security and integrity of the company’s complex environment—all of which was producing content that had to be separately tracked and analyzed.

Collectively, monitoring the company’s growing data volumes across a sprawl of individual tools was time-consuming and difficult for the DevOps and security teams to work efficiently and obtain the desired insights.

Solution

Pursuing a strategy to simplify and unify telemetry monitoring and analysis for its security, compliance, and observability needs, SoSafe conducted an in-depth evaluation of multiple solutions and selected Sumo Logic as its platform of choice.

“Sumo Logic was the winning choice because it met our requirement for a cloud-native platform that could unify and support our observability, intelligence, and security needs,” said Daniela Ramirez Villarroel, SOC Lead at SoSafe. “Also, another big differentiator was the platform’s extensive SIEM capabilities to support our security and GDPR compliance requirements.”

Results

Gained greater efficiency with a single, unified solution

With Sumo Logic, SoSafe is equipped with efficient data intake and analysis capabilities that provide the company with meaningful insights to continue to drive its phenomenal business growth. The platform provides a single solution that supports all of SoSafe’s many tools and use cases—from optimizing software security and delivery to monitoring the security of the environment and ensuring adherence to GDPR requirements.

“Immediately after our purchase, we were able to send data to Sumo Logic and increase our visibility to 100 percent,” said Ramirez. With some of the initial dashboards, SoSafe experts gained visibility into:

  • Traffic analytics on visits to the company’s safe-awareness.com website

  • SaaS platform responsiveness and alerts on any errors that require attention

  • Mission-critical security dashboards to identify and respond to issues as they arise

User-friendly tool that delivers fast ROI

From the start, SoSafe wanted to onboard users from various departments with access to Sumo Logic. The platform’s simplified management made it easy and efficient for the company’s IT, security, and DevOps users to ramp up and begin experiencing value from Sumo Logic’s telemetry analysis.

“Sumo Logic is very user-friendly. There’s a lot of good documentation and great online and professional support, so we didn’t need to have very senior analysts to get the best out of Sumo Logic,” said Ramirez adding that “this made it a very easy learning curve that delivered a fast return on investment.”

Unified security operations with a single platform

With Sumo Logic ingesting data from SoSafe’s various tools, the security analysts gained a central SOC management solution, which also alleviated the need for them to be experts and pivot across individual security solutions. The SOC team now has go-to dashboards to efficiently monitor the attack surface across the company’s infrastructure and gain insights on the state of SoSafe’s security posture.

“Sumo Logic’s out-of-the-box content gave us a great head start and made it very easy for our security analysts to quickly begin finding interesting things. With all the security insights in one place now, we’ve improved our security incident response times,” said Ramirez.

Supporting SoSafe’s continued growth

As SoSafe looks at what’s next and how Sumo Logic will support the company’s next-level growth, there are several strategic projects on the horizon:

  • Migration to a new cloud provider

    Supported by Sumo Logic’s integration, out-of-the-box content, and dashboards, the security team is prepared for a smooth transition with no security monitoring downtime.

  • Purple team exercises

    Leveraging the platform, the security team will adopt a framework to regularly perform offensive and defensive cybersecurity testing (offensive red team and defensive blue team create collaborative purple team) to improve the company’s security monitoring efforts and overall security posture.

  • Expanded users and use cases

    To support efforts in attracting new customers and providing current customers with a high-quality service, the adoption of the Sumo Logic platform will expand to include users from marketing, sales, and customer service.

Download case study

The post 100% visibility from day one (Case study: SoSafe) appeared first on eWEEK.

]]>
Monitor and secure 10,000 clouds (Case study: HashiCorp) https://www.eweek.com/sponsored/sponsored-post/monitor-and-secure-10000-clouds-case-study-hashicorp/ Wed, 14 Jun 2023 22:19:30 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222549 About HashiCorp’s suite of multi-cloud infrastructure automation products underpin the most important applications for the largest enterprises in the world, supporting thousands of customers. They have open source and commercial offerings for HashiCorp Terraform, Vault, Consul, Nomad, and also maintain open source projects for HashiCorp Vagrant, Packer, Boundary, and Waypoint. Their open source products are […]

The post Monitor and secure 10,000 clouds (Case study: HashiCorp) appeared first on eWEEK.

]]>

About

  • HashiCorp’s suite of multi-cloud infrastructure automation products underpin the most important applications for the largest enterprises in the world, supporting thousands of customers. They have open source and commercial offerings for HashiCorp Terraform, Vault, Consul, Nomad, and also maintain open source projects for HashiCorp Vagrant, Packer, Boundary, and Waypoint. Their open source products are downloaded by IT practitioners more than 100 million times a year.

Download this case study

Monitor and secure 10,000 clouds

Challenge

Collectively supporting cloud infrastructure for tens of thousands of customers and HashiCorp itself generates massive volumes of various events.

Sifting through this telemetry to conduct a single security investigation and search on a series of related events was a time-consuming process for the security team, plagued with excruciatingly slow search results.

“Our sheer mass of data made everything slow. From collecting all the events we needed to gaining context around alerts and seeing what was going on, we couldn’t investigate in real time to understand if something was relevant or find things that are critically important,” said Ryan Breed, Senior Security Engineer at HashiCorp, noting that “running a large search took so long that it would break an analyst’s concentration and slow down the investigation process.”

Solution

HashiCorp, known for its innovation that never sleeps, requires security that can keep up. For that, they selected Sumo Logic.

Unlocking security visibility for HashiCorp required real-time monitoring across the company’s complex operating environment, which spans three infrastructure-as-a-service (IaaS) cloud environments and API integrations with each cloud vendor’s full suite of products.

As a cloud-native solution, Sumo Logic provides HashiCorp with centralized and scalable Cloud Security Analytics and security information and event management (Cloud SIEM) across the company’s and its customers’ multi-cloud environments.

According to Ryan Breed, “Sumo Logic helps us scale our security visibility and keep pace with the business as we launch new products, add customers and adopt new tools. As we grow, the marginal cost of adding visibility and enhancing what we have is minimal, which allows us to accommodate some pretty fundamental changes and scale the business much more quickly.”

Results

Low latency, insight-driven security investigations — in real time

After deploying Sumo Logic Cloud SIEM to integrate and ingest telemetry from all aspects of the company’s infrastructure, HashiCorp experienced the first game changer for managing security investigations: the ability to do low-latency search.

Sumo Logic’s cloud scale empowers HashiCorp security experts to search and conduct investigations in real time. In addition, Cloud SIEM streamlined workflows enabled the security operations center (SOC) team to implement a system where alerts automatically initiate searches.

“Sumo Logic proactively helps us understand an alert, whether it’s important or not and, in some cases, automatically disposes of the alert,” said Breed, adding that “having a low latency search system with Sumo Logic makes that kind of real-time workflow automation possible.”

Applies Alerting and Detection Strategy (ADS) to optimize security investigations

Cloud SIEM parses, maps and creates normalized records upon ingestion from HashiCorp’s structured and unstructured data and then automatically triages alerts to provide the security experts with actionable insights. To further optimize Cloud SIEM’s performance in distilling down tens of thousands of daily alerts, the SOC team applies Palantir’s ADS framework.

The framework helps the security team develop theories and think deeply about how best to leverage Cloud SIEM during investigations. For example, the team has mapped out threat-hunting searches to uncover traces a threat actor might leave on the infrastructure and workflows to support the next steps the analyst should take if they find one of those traces.

“Leveraging ADS lets us really focus on the performance side of using Cloud SIEM. Having an idea of what we’re looking for before we go looking helps us optimize things like field extractions and making the most common search patterns return very quickly. This helps the analyst stay in the zone when an investigation has multiple layers of abstraction and Cloud SIEM has made all of that supporting information available upfront,” said Breed.

Reduced time-to-decision with interactive dashboards

Sumo Logic’s security analytics and dashboards provide the security team with single-pane-of-glass visibility across HashiCorp’s extensive cloud environments. The SOC has also implemented a range of custom dashboards to advance the team’s playbooks and processes for conducting daily investigations.

When an analyst is investigating suspicious login activity, for example, they can fill in important parameters into the dashboard, such as the user ID and a time range, which then returns an interactive heads-up display where the analyst can ‘click’ to drill further into specific data.

“Interactive dashboards give us the context and color that help our security analysts minimize the time-to-decision. They can plug in the parameters and get the information very quickly, so they don’t have to stop whatever they’re doing to reach a decision and take action,” said Breed.

Download this case study

The post Monitor and secure 10,000 clouds (Case study: HashiCorp) appeared first on eWEEK.

]]>
How to right-size security for small and emerging teams https://www.eweek.com/sponsored/sponsored-post/how-to-right-size-security-for-small-and-emerging-teams/ Wed, 14 Jun 2023 22:12:06 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222548 It’s not just established enterprises, all businesses are increasingly targeted in cyberattacks. Are you ready to address the vulnerabilities in your environment? Download the eBook now! Emerging security teams don’t have the same resources and dedicated cybersecurity expertise as established SOCs in enterprises. The following issues often hamper emerging security teams when building out their […]

The post How to right-size security for small and emerging teams appeared first on eWEEK.

]]>
It’s not just established enterprises, all businesses are increasingly targeted in cyberattacks. Are you ready to address the vulnerabilities in your environment?

Download the eBook now!

Emerging security teams don’t have the same resources and dedicated cybersecurity expertise as established SOCs in enterprises. The following issues often hamper emerging security teams when building out their security program:

  • Complexity — too many tools and distributed workforces
  • Lack of visibility — siloed tools, a mix of on-prem and cloud infrastructure
  • High costs — licensing costs from security tool sprawl
  • Limited security expertise — overworked teams in need of more training

Sound familiar?

What works for the top one percent of elite security teams differs from the needs of the other 99% of organizations.

Read this ebook to explore how data from security analytics can be used across four common use cases and get your emerging security program started on the right foot.

Download the eBook now!

The post How to right-size security for small and emerging teams appeared first on eWEEK.

]]>
How security and performance redefine banking (Case study: Standard Chartered nexus) https://www.eweek.com/sponsored/sponsored-post/how-security-and-performance-redefine-banking-case-study-standard-chartered-nexus/ Wed, 14 Jun 2023 15:23:54 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222550 Standard Chartered nexus is a white-label Banking-as-a-Service (BaaS) solution powered by Standard Chartered. By embedding financial products directly on mass digital ecosystems, customers can enjoy easy access to financial services, such as digital savings accounts, personal loans, and other targeted financial solutions that were previously unavailable to them. Get a demo Download study Challenge Standard […]

The post How security and performance redefine banking (Case study: Standard Chartered nexus) appeared first on eWEEK.

]]>

Standard Chartered nexus is a white-label Banking-as-a-Service (BaaS) solution powered by Standard Chartered. By embedding financial products directly on mass digital ecosystems, customers can enjoy easy access to financial services, such as digital savings accounts, personal loans, and other targeted financial solutions that were previously unavailable to them.

Challenge

Standard Chartered nexus needed a unified analytics platform to support security analytics, DevOps, customer experience, and more. It needed to be easy for technical and non-technical users.

From the company’s launch in 2020, Standard Chartered nexus made a conscious decision to embed observability across every aspect of the company’s operations.

The company wanted to adopt a unified analytics platform to support its end-to-end use cases — from security analytics and DevOps to customer experience, business metrics monitoring and more. They also wanted a platform with an intuitive user interface that would be easy for technical and non-technical users to navigate so every employee could successfully use the solution.

Solution

Standard Chartered nexus evaluated multiple solutions, including Sumo Logic, Datadog and Splunk. After rigorous analysis, Sumo Logic stood out as the best solution to support the company’s goals.

Several factors lead to the decision to adopt Sumo Logic, including:

  • Cloud-native architecture that provides hyper scalability
  • User-friendly for all employees — technical and non-technical
  • Single platform for company-wide observability and security use cases
  • High-quality support for logs and metrics
  • Outstanding vendor engagement and level of professional services
  • Extensive API and data collection support for turnkey integration into the company’s ecosystem

Highest security standards

Standard Chartered nexus only adopts solutions that meet the highest security standards. In addition to meeting the company’s functional requirements, the Sumo Logic platform demonstrated best-in-class security principles. “We had a third-party conduct an extensive security assessment on Sumo Logic that went well, and we liked the fact that Sumo Logic had several certifications like SOC 2 Type 2, ISO 27001 and PCI,” said Mathias Faure, CTO at Standard Chartered nexus.

Results

Seamless deployment and hyperscaling observability

As a cloud-native solution with extensive APIs and collectors, Sumo Logic integrated easily, leveraging Kubernetes and supporting hundreds of microservices, distributed computing jobs and other business applications. This enabled the company to quickly gain full-stack visibility across the environment in a single snapshot.

Easily handling the bank’s data volumes, Sumo Logic analyzes 500,000 data points per minute for metrics and 100GB of daily log data, which empowers Standard Chartered nexus with hyperscaling observability. “Because we have all digital banking capabilities bundled in a box — from digital onboarding, self- servicing and assisted channel reporting — we have quite a lot happening in our hyperscale platform. Sumo Logic readily scales to our needs and gives us extreme observability around our business and technical metrics and logs,” said Faure adding that “It gives us millisecond responsiveness for capabilities around querying, dashboarding and alerting.”

Ease of use empowers technical and non-technical users

The Sumo Logic platform is so straightforward to navigate that technical and non-technical teams have all onboarded and created custom dashboards for their specific needs. The company’s 220-plus employees — from business users in marketing and finance to technical users in security and development — use Sumo Logic. Logs, metrics and dashboards deliver valuable insights that drive daily decision making as well as support strategic planning for the future.

“Sumo Logic’s simplicity is quite key for our business-wide use; otherwise, it would’ve just been a technical tool for technologists.”

Enabling best-in-class customer onboarding and responsiveness

Improving the customer onboarding journey was an early and impactful success using Sumo Logic. At the outset, Standard Chartered nexus created a best- practice service level objective (SLO) that customers would experience a fast and frictionless process when adopting a digital banking service. The bank set an SLO to service customer transactions in less than 100 milliseconds.

Leveraging Sumo Logic’s monitoring and data analytics across the onboarding cycle — both from the banking platform’s backend and the user interface — the DevOps teams pinpointed bottlenecks and identified potential drop offs. Armed with these insights, the team then rapidly rapidly optimized the business process.

“Sumo Logic’s observability of our customer onboarding experience helped us sense exactly what the customer was feeling and guided our design and direction for optimizing the process. We delivered ten process improvements over five months that significantly accelerated our responsiveness. We’re currently within the three minute range for an end-to-end onboarding — well below our original SLO target,” shared Faure. “Our list accounts and transaction api response time is now under 30ms.”

Fueling and fostering business-wide use cases

Sumo Logic has enabled teams across the company to collaborate and work from a single source of truth. As a result, this data-driven collaboration has empowered teams to move more efficiently and swiftly to fix product defects, address security issues, launch new features to market and more. A handful of the company’s many use cases include:

  • Security monitoring
    “We’ve built a really good information set from our platform’s logs that feeds into Sumo Logic for all the security monitoring use cases across our customer platform. The Sumo Logic platform provides us with powerful security analytics and dashboarding capabilities that keep us informed on anything related to the application security of our solution,” said Faure. As one example, Faure shared, “We scan our code base hourly and log all the vulnerabilities that pop up. Then, we automatically create tickets for the teams to action within a given SLA, depending on the criticality. This process fosters great collaboration between our DevSecOps and DevOps teams.”
  • Delivering product fixes
    With Sumo Logic observability, the quality assurance and DevOps teams rapidly move through product issues. “The testing team has dashboards for defects that they can submit to development with
    a query link. From there, the developer can look back in the data to the time when the defect was found and understand everything. For example, they can look at technical metrics and logs from one of the many microservices to obtain the whole context at a given point in time. Equipped with all that information, our turnaround time between defect-to-solution is very fast,” said Faure.
  • Application performance
    The site reliability engineering (SRE) team monitors the reliability of the company’s software in the production environment. Leveraging custom dashboards, the team can quickly highlight potential bottlenecks or areas that need improvement. “Working closely with functional squads, our SRE team shares the data insights on any areas that need attention. Focused on maintaining a high point value for application performance, the squad will fix the performance issue before they roll out new functionalities,” said Faure.

The post How security and performance redefine banking (Case study: Standard Chartered nexus) appeared first on eWEEK.

]]>
6 Best Practices for Implementing Marketing Resource Management: Infographic https://www.eweek.com/sponsored/sponsored-post/6-best-practices-for-implementing-marketing-resource-management-infographic/ Fri, 09 Jun 2023 00:17:46 +0000 https://www.eweek.com/?post_type=sponsored_posts&p=222529 Check out this informative infographic to learn Wrike’s six best practices for implementing marketing resource management!

The post 6 Best Practices for Implementing Marketing Resource Management: Infographic appeared first on eWEEK.

]]>
Check out this informative infographic to learn Wrike’s six best practices for implementing marketing resource management!Infographic showing the 6 Best Practices for Implementing Marketing Resource Management

The post 6 Best Practices for Implementing Marketing Resource Management: Infographic appeared first on eWEEK.

]]>