A new out-of-the-box integration between Sumo Logic’s Continuous Intelligence Platform and ARIA Cybersecurity Solutions’ ARIA SDS Packet Intelligence closes today’s network-visibility gap to detect and stop network-borne threats which include ransomware, malware and intrusions.
When thinking about many of the worst data breaches we’ve seen so far (Equifax, CapitalOne, Target, Home Depot, and more), it’s clear that there was one common element: The threats were not detected while they were active on internal networks.
It’s a common mistake, especially since it’s easy to think of the internal network as onsite infrastructure directly in IT’s control. However, an organization’s network also includes what extends beyond what’s on-premises, like instances within the public cloud and off-site hosted data centers.
Why is this important? Network perimeter defenses provide monitoring, and thus protection, for only a small portion of the attack surface, a number that could be as low as 20% of total traffic. Yet once a network threat successfully gains access, it spreads laterally within the network and continues to go undetected.
If, like many other companies, you are only looking at north-south traffic, you may be leaving yourself vulnerable to the data breaches discussed above. Improved visibility of internal, east-west network traffic (the other 80%) provides information necessary to detect threats earlier in the kill chain, often as they are propagating.
A new integration improves network visibility
ARIA Cybersecurity Solutions integrates, out of the box, with Sumo Logic’s Continuous Intelligence Platform to close this network-visibility gap. With this integration, the ARIA SDS Packet Intelligence (PI) application feeds NetFlow metadata from every network packet to the Continuous Intelligence platform, including east-west traffic that is typically overlooked.
Once this data is available in the Continuous Intelligence platform, IT security professionals can quickly create queries to generate more accurate, comprehensive, and actionable dashboards. This real-time information enables them to conduct incident investigations related to ransomware, malware, intrusions, including advanced persistent threats (APT), data exfiltration attempts, and other potential threats—all so they can take action and stop threats before significant harm is done.
Using the ARIA SDS PI application within a Sumo Logic environment empowers end users to:
Queries and dashboards
The ARIA SDS-Sumo Logic integration gives SOC teams the ability to stop the threats as detected, minimizing harm. To get started, the ARIA Cybersecurity team has created a set of sample queries and dashboards to detect cyber threats and attacks as well as visualize all internal network traffic communications.
1- Network traffic visibility dashboard
The ARIA SDS PI application creates unsampled NetFlow or IPFIX metadata for every network packet. It is through this enriched data that this dashboard can be used to visualize, profile, and trend all internal network traffic. These visualizations can be used to drill down and highlight possible network segmentation gaps.
2- Threat summary dashboard
The ARIA SDS PI solution provides an at-a-glance view that provides meaningful insights into network security. This gives security professionals the ability to view threats and policy violations that are being detected by type, while also allowing you to investigate communication details in order to better monitor your security posture.
Getting started is easy
The ARIA SDS PI solution is the perfect complement to Sumo Logic as the improved network visibility naturally leads to better threat search queries to identify and stop cyber-attacks.
To get started, visit our ARIA Packet Intelligence app for Sumo Logic Page!