Sumo Logic Threat Labs Launched
June 13, 2022
Share this

Sumo Logic unveiled Sumo Logic Threat Labs, a threat research and security detection unit.

The Threat Labs unit is among the expanded services and tools from Sumo Logic to help customers modernize security operations and achieve greater cyber-resilience.

The Sumo Logic Threat Labs Unit is built to deliver a continuous stream of deep detection content, rapid response guidance, and actionable best practices to Sumo Logic security customers. The team is staffed with domain experts with backgrounds in forensics, incident response, and red/blue teaming, as well as offensive and defensive cyber operations in the United States military and intelligence services. Informed by deep human expertise, the Threat Labs Unit will also play a larger role in contributing advanced detection logic and best practices to the security community to help collectivize the defense.

Dave Frampton, VP/GM, Sumo Logic Security Business Unit said, “Our Threat Labs Unit will contribute actionable insights to our customers from leading-edge threat research, we will also share insight with the community to improve the industry's collective defense. Our deep and diverse practitioner expertise translates into advanced detection coverage delivered in a unique SaaS model which combines real-time global updates with deployment customization for individual customers.”

Modern threat surfaces also encompass application security at every layer of the stack. Customers need end-to-end workflows coordinated across detection, investigation and response efforts. Threat Labs insights are delivered across the Sumo Logic security portfolio, ranging from detection and investigation in Cloud SIEM to automated threat response in Cloud SOAR. In its SaaS delivery platform, Sumo Logic updates detection content for all customers at least twice weekly, to shorten the cycle time from research to concrete defense adaption in environments where every minute counts.

As first reported in the media in April, the very first malware exploiting serverless computing was found in the wild creating crypto-miner instances in AWS Lambda. Called Denonia, this cutting-edge malware requires a holistic approach to detection, investigation, and response. The Threat Labs Unit performed research and detection engineering on the Sumo Logic platform. The team then generated content for detection in Cloud SIEM, delivered analysis and hunting across the platform, and orchestrated the response in Cloud SOAR all in one workflow.

Share this

The Latest

October 10, 2024

When employees encounter tech friction or feel frustrated with the tools they are asked to use, they will find a workaround. In fact, one in two office workers admit to using personal devices to log into work networks, with 32% of them revealing their employers are unaware of this practice, according to Securing the Digital Employee Experience ...

October 10, 2024

In today's high-stakes race to deliver innovative products without disruptions, the importance of feature management and experimentation has never been more clear. But what strategies are driving success, and which tools are truly moving the needle? ...

October 09, 2024
A well-performing application is no longer a luxury; it has become a necessity for many business organizations worldwide. End users expect applications to be fast, reliable, and responsive — anything less can cause user frustration, app abandonment, and ultimately lost revenue. This is where application performance testing comes in ....
October 08, 2024

The demand for real-time AI capabilities is pushing data scientists to develop and manage infrastructure that can handle massive volumes of data in motion. This includes streaming data pipelines, edge computing, scalable cloud architecture, and data quality and governance. These new responsibilities require data scientists to expand their skill sets significantly ...

October 07, 2024

As the digital landscape constantly evolves, it's critical for businesses to stay ahead, especially when it comes to operating systems updates. A recent ControlUp study revealed that 82% of enterprise Windows endpoint devices have yet to migrate to Windows 11. With Microsoft's cutoff date on October 14, 2025, for Windows 10 support fast approaching, the urgency cannot be overstated ...

October 04, 2024

In Part 1 of this two-part series, I defined multi-CDN and explored how and why this approach is used by streaming services, e-commerce platforms, gaming companies and global enterprises for fast and reliable content delivery ... Now, in Part 2 of the series, I'll explore one of the biggest challenges of multi-CDN: observability.

October 03, 2024

CDNs consist of geographically distributed data centers with servers that cache and serve content close to end users to reduce latency and improve load times. Each data center is strategically placed so that digital signals can rapidly travel from one "point of presence" to the next, getting the digital signal to the viewer as fast as possible ... Multi-CDN refers to the strategy of utilizing multiple CDNs to deliver digital content across the internet ...

October 02, 2024

We surveyed IT professionals on their attitudes and practices regarding using Generative AI with databases. We asked how they are layering the technology in with their systems, where it's working the best for them, and what their concerns are ...

October 01, 2024

40% of generative AI (GenAI) solutions will be multimodal (text, image, audio and video) by 2027, up from 1% in 2023, according to Gartner ...

September 30, 2024

Today's digital business landscape evolves rapidly ... Among the areas primed for innovation, the long-standing ticket-based IT support model stands out as particularly outdated. Emerging as a game-changer, the concept of the "ticketless enterprise" promises to shift IT management from a reactive stance to a proactive approach ...