visualize-analyze-report

Visualize, Analyze and Report on Security Data From AWS

Evident.io and Sumo Logic team up to provide seamless integrated visibility into compliance monitoring and risk attribution

Analyzing and visualizing all your security data in one place can be a tricky undertaking.  For any SOC, DevSecOps or DevOps team in heterogeneous environments, the number of tools in place to gain visibility into and monitor compliance can be daunting. The good news is that Evident.io and Sumo Logic have teamed up to bring you a simple-to-implement, yet effective integration that allows you to perform additional analytics and visualization of your Evident Security Platform data in the Sumo Logic Analytics platform.

Evident.io ESP is an agentless, cloud-native platform focused on comprehensive continuous security assessment of the control plane for AWS cloud infrastructure services. ESP can monitor all AWS services available through the API, ensuring their configurations are in line with AWS best practices for security as well as your organization’s specific compliance requirements.

Sumo Logic is a leading SaaS-native, machine data analytics service for log management and time series metrics. Sumo Logic allows you to aggregate, perform statistical analytics, report on trends, visualize and alert on all your operational, performance and security related event log data in one place from just about any data source.

Why integrate with Sumo Logic?

Both of these platforms are architected for the cloud from the ground up and have a solid devops pedigree. This integration allows you to aggregate all the data generated by your AWS cloud infrastructure in the same place as your application level security and performance event data which allows you to perform attribution on a number of levels. The Evident.io alert data is rich with configuration state data about your security posture with regards to AWS best practices for security and the CIS Benchmarks for AWS. As customers adopt CI/CD concepts; being able to quickly visualize, alert and remediate, in near real-time, on any vulnerabilities introduced by misconfiguration is critical. Evident.io and Sumo Logic combined can help you do this better and faster. And, best yet, it is super easy to get started with Evident.io and Sumo Logic in a matter of minutes.

The Sumo Logic App for Evident.io ESP

The Sumo Logic App for Evident.io ESP enables a user to easily and quickly report on some key metrics from their AWS Cloud infrastructure such as:

  • Trend analysis of alerts over time (track improving or deteriorating posture over time)
  • Time to resolve alerts (For SLAs – by tracking the start and end of an alert in one report)
  • Summary of unresolved alerts/risks
  • Number of risks found by security signatures over time

Below are some screen shots from the Sumo Logic App for Evident.io ESP:

Figure 1 is an overview of the the types and severity of risks, alert status and how long before a risk is resolved and marked as ended on the Evident.io side. This can be an important metric when managing to SLAs.

Figure 1 is an overview of the the types and severity of risks, alert status and how long before a risk is resolved and marked as ended on the Evident.io side. This can be an important metric when managing to SLAs.

Fig. 1

Figure 2 provides a detailed view of the risks identified by Evident.io ESP within the configured time range for each of the dashboard panels. The panels present a views into:

  • Which Evident.io ESP signatures triggered the risks
  • A breakdown of:
    • risks identified by AWS region
    • risks by AWS account
    • number of total identified risks
    • number of newly identified risks

Figure 2 provides a detailed view of the risks identified by Evident.io ESP within the configured time range for each of the dashboard panels.

Fig. 2

The chart in Fig 3 below is an interesting one that shows risks identified clearly trending down over 14 days.  This is indicating that the teams are remediating identified issues in the Evident.io ESP alerts, and you clearly see an improvement in the security posture of this very large AWS environment that has 1000s of instances. Note: There are almost no high severity risks in this environment.

fig3

Fig. 3

Is my data secure?

These two platforms do an awesome job of securing your data both in flight and in transit, with both using TLS 1.2 encryption for in flight data and customer specific 256 bit AES encryption keys for at rest data. You can be confident that this data is securely transported from the Evident Security Platform to Sumo Logic and stored in a secure fashion.

How can I gain access?

This integration relies on the use of AWS SNS (Simple Notification Service) and a Sumo Logic native https collector. If you are both an Evident.io and Sumo Logic customer you can enable and start to benefit from the integration using the directions here:  http://docs.evident.io/#sumo. Note you will need to have access to both Evident.io and Sumo Logic instances.

Security and compliance monitoring are no longer a bottleneck in your agile environment.  You can start visualizing the data from Evident Security Platform (ESP) in Sumo Logic in a matter of minutes.