Sumo Logic ahead of the packRead article
CLOUD INFRASTRUCTURE SECURITY
Security data lake: Collect, store, search and analyze data
Store and use unstructured and structured data in a single security data lake. Cost-effectively demonstrate compliance plus threat detection and investigation from a central, secured location.
Save time and money with centralized data storage and analysis
Sumo Logic stores and provides full visibility and security analytics for your primary security data lakes and log data in one location for more effective threat detection and threat hunting.
Simplified data security
Sumo Logic provides maximum flexibility with our vendor-agnostic data collection and storage of security logs, combined with domain-agnostic analytics.
Compliant data lake security
Ensure your data lake security meets audit requirements. With Sumo Logic, data is ingested and managed in a secure and compliant manner right out of the box. We maintain rigorous compliance certifications, including HIPAA, FISMA, SOC 2 Type II, GDPR and FedRAMP™, at no additional charge to ensure your data are safe. Sumo Logic is also a certified PCI-DSS Level 1 Service Provider.
Scalable, cost-effective log management
Data Tier options allow you to store sensitive data for threat detection and first-level investigations alongside your high-volume data for extensive threat investigations.
Sumo Logic’s cloud-native SaaS platform enables cross-team collaboration between development and security teams as they work to make their apps reliable and secure
Amazon Security Lake
Sumo Logic ingests data from Amazon Security Lake to gain transparency across all Amazon Web Services environments while providing full visibility into your existing on-premises and multi-cloud environments.
What are the differences between a data warehouse vs. security data lake?
The main areas of difference between a data warehouse and a security data lake are purpose, data handling and architecture. Data warehouses are designed for structured historical data to support business intelligence and decision-making processes, whereas security data lakes are optimized for handling vast amounts of raw, diverse security-related data for advanced analytics, threat detection and incident response. Security data lakes also provide the benefit that the data stored there can be structured, unstructured and semi-structured, all available on tap for quick and easy access.
Are security data lakes the same as a SIEM?
No, they are not. Security Information and Event Management (SIEM) is a real-time security monitoring and threat detection solution that relies on predefined rules, while a security data lake is a flexible storage architecture designed for advanced security analytics and handling large volumes of diverse security-related data, which is quintessentially missing from most SIEM solutions. However, these two technologies can complement each other, with SIEM providing real-time monitoring and alerting, while a security data lake enables deeper and more exploratory analysis of security data over extended periods.
Can I build my own security data lake?
Yes, a company can build its own security data lake. But it is complex and resource-intensive. Building a security data lake involves setting up a flexible and scalable repository to store raw and unprocessed security-related data from various sources within the organization. Companies should consider the long-term costs and resource commitments involved in building and managing a custom security data lake compared to utilizing existing cloud-based data lake services or specialized security data lake solutions provided by vendors.
How long can I retain data in Sumo Logic’s security data lake?
With Sumo Logic, you can keep the data you need for virtually as long as you need it, while other less important data can be retained for a shorter period, reducing your overall cost of operation. Set a data retention period and edit it at any time. The minimum retention period is one day, and the maximum retention period is 5,000 days, which easily surpasses even the most lengthy data retention requirements for even the most stringent compliance frameworks.
How do I know my data is protected in Sumo Logic’s security data lake?
All data are ingested into Sumo Logic is managed in a secure and compliant manner right out of the box. More than 2,400 companies and organizations use and trust our cloud-native platform, which employs AES-256 encryption to protect data at rest and TLS for data in transit, with security controls at every application layer and a zero-trust segmentation model.
Sumo Logic maintains multiple compliance certifications—including PCI-DSS and HIPAA certifications, ISO 27001, FedRAMP Moderate Authorization, and SOC 2 Type 2 attestation. Sumo Logic also works directly with top security industry auditors and offers a paid bug bounty program with HackerOne. Plus, we also have a full-time dedicated team performing continuous and ongoing software reviews and penetration testing to keep our customers’ data safe and secure. We spend millions annually to maintain these attestations, which in turn is extended to our customers free of charge.