March 19, 2020

Stop Threats With ARIA SDS and SumoLogic's New Integration

A new out-of-the-box integration between Sumo Logic’s Continuous Intelligence Platform and ARIA Cybersecurity Solutions’ ARIA SDS Packet Intelligence closes today’s network-visibility gap to detect and stop network-borne threats which include ransomware, malware and intrusions.


A New ARIA Cybersecurity Solutions-Sumo Logic Integration

When thinking about many of the worst data breaches we’ve seen so far (Equifax, CapitalOne, Target, Home Depot, and more), it’s clear that there was one common element: The threats were not detected while they were active on internal networks.

 It’s a common mistake, especially since it’s easy to think of the internal network as onsite infrastructure directly in IT’s control. However, an organization’s network also includes what extends beyond what’s on-premises, like instances within the public cloud and off-site hosted data centers.

Why is this important? Network perimeter defenses provide monitoring, and thus protection, for only a small portion of the attack surface, a number that could be as low as 20% of total traffic. Yet once a network threat successfully gains access, it spreads laterally within the network and continues to go undetected. 

If, like many other companies, you are only looking at north-south traffic, you may be leaving yourself vulnerable to the data breaches discussed above. Improved visibility of internal, east-west network traffic (the other 80%) provides information necessary to detect threats earlier in the kill chain, often as they are propagating. 


A new integration improves network visibility

ARIA Cybersecurity Solutions  integrates, out of the box, with Sumo Logic’s Continuous Intelligence Platform to close this network-visibility gap. With this integration, the ARIA SDS Packet Intelligence (PI) application feeds NetFlow metadata from every network packet to the Continuous Intelligence platform, including east-west traffic that is typically overlooked.

Once this data is available in the Continuous Intelligence platform, IT security professionals can quickly create queries to generate more accurate, comprehensive, and actionable dashboards. This real-time information enables them to conduct incident investigations related to ransomware, malware, intrusions, including advanced persistent threats (APT), data exfiltration attempts, and other potential threats—all so they can take action and stop threats before significant harm is done.

Using the ARIA SDS PI application within a Sumo Logic environment empowers end users to:

  1.         Identify hard-to-detect cyber attacks in real time early in the kill chain.
  2.         Allow network security analysts to accelerate their investigative response efforts to verify threats through automated workflows.
  3.         Give security analysts the ability to stop the attacks at the threat conversation level. These teams can leave critical production or IoT devices online by blocking the threat conversations until the issue can be resolved.
  4.         Visualize all internal network traffic, including those between devices, virtual machines, containers and IoT so proper connectivity policies can be developed, monitored, and enforced.


Queries and dashboards

The ARIA SDS-Sumo Logic integration gives SOC teams the ability to stop the threats as detected, minimizing harm. To get started, the ARIA Cybersecurity team has created a set of sample queries and dashboards to detect cyber threats and attacks as well as visualize all internal network traffic communications.


1-    Network traffic visibility dashboard

The ARIA SDS PI application creates unsampled NetFlow or IPFIX metadata for every network packet. It is through this enriched data that this dashboard can be used to visualize, profile, and trend all internal network traffic. These visualizations can be used to drill down and highlight possible network segmentation gaps.

ARIACS-SUMO-traffic dashboard-Final


2-    Threat summary dashboard

The ARIA SDS PI solution provides an at-a-glance view that provides meaningful insights into network security. This gives security professionals the ability to view threats and policy violations that are being detected by type, while also allowing you to investigate communication details in order to better monitor your security posture. 

ARIASDS-SUMO-threat dashboard-Final 


Getting started is easy

The ARIA SDS PI solution is the perfect complement to Sumo Logic as the improved network visibility naturally leads to better threat search queries to identify and stop cyber-attacks.

To get started, visit our ARIA Packet Intelligence app for Sumo Logic Page!

Tags: cybersecurity, siem, intrusion response, intrusion detection