“Computers are bicycles for the mind,” said Steve Jobs once.
Security Information and Event Management (SIEM) is biking uphill.
Picture this: You cycle hard against the incline and ensure the bike holds up, all the while watching out for incoming traffic in blind turns. The worst part? The bike grinds to a halt when you stop pedaling. You simply can’t coast on the steep hill of security operations.
Organizations that deploy SIEM systems know this uphill climb well. Deployment typically takes 18 months, and more than half of these SIEM deployments fail. A major friction point is the big hardware refresh every three to four years, requiring all configurations & customizations be saved. With the refresh, you must update hardware, software, rules, patches, among others, and that usually renders the SIEM unusable. If you magically get the SIEM working on the first cycle, it may fail on the next. Or when you stop pedaling.
This is the reality of all the SIEMs in the market. From SIEM software, SIEM appliances, SIEM virtual appliances on AWS, and hosted SIEM virtual appliances, to managed SIEMs on the cloud, they all have these problems in different magnitudes — but the problems themselves don’t change.
Cloud giants trust cloud-native SIEM
The cloud platforms of Microsoft, Google, and Amazon have all released their respective Cloud SIEMs in the last few months. These SIEMs — born in the cloud and delivered as a cloud service — are just like Sumo Logic, which was first built a decade ago. It is great to get market validation from all the largest public cloud companies. They understand the power of cloud-native security solutions, especially as security is a major concern for migrating to the cloud. Also, these companies run the world’s biggest cloud platforms and grasp the benefits of delivering services on the cloud inside out.
They know that a cloud-native SIEM is a happy SIEM — it needs no hardware, software, facility, or capital expenditure to optimally function. It comes with built-in platform security, disaster recovery, data masking, elastic scalability, and other essential features. As it is delivered as a cloud service, pricing is flexible and transparent.
In the frontlines of cloud SIEM
Sumo Logic is a leader in the cloud SIEM space with more than 2000 customers. We have built about a thousand security operations centers (SOCs) using Sumo Logic as their cloud SIEM platform.
Our SOCs look nothing like the centers with walls of screens you see on TV shows. Ours are ‘SOC-less’ SOCs — boring and distributed, where there is mostly just one SOC Manager looking at Sumo from their laptop. With this compact yet powerful system, we have removed the complexity of SIEM by going cloud-native, building SOCs from the ground up to satisfy the user behavior of Security Analysts.
Additionally, Sumo Logic is a truly multi-tenant SIEM. Our machine learning algorithms can benchmark the threats against your peers. Our solution can tell you whether what you see in the form of threats are normal or not.
Cloud-native SIEM scales well
During a Superbowl broadcast, a media client sent Sumo Logic 70 terabytes of data on the day itself, without a single capacity planning action item. At half time, we saw 1.3 million events per second.
We have clients in the gaming space who used our starter package pre-launch and continued to use Sumo Logic as they skyrocketed to becoming one of the biggest names in gaming: Using Sumo Logic from 25 GB/day to 25 TB/day in a few months, without adding other resources.
Scalability is just one aspect of Cloud SIEM. Its simplicity is another. Every aspect of cloud-native SIEM has been carefully thought through and it is a game changer for many organizations that are in the process of migrating to or have fully-embraced the cloud.
Sumo Logic competes with the cloud SIEMs of the giants by providing organizations and your Security Analysts a multi-cloud tool that correlates threats across hybrid environments so you can monitor from a single console.