Cloud Security Cybersecurity Security Boulevard (Original) 

Security Management Shifting to the Cloud – Techstrong TV

Avatar photo by Michael Vizard on September 1, 2022

Dario Forte, vice president and general manager for security orchestration at Sumo Logic, explains why the management of security is shifting to the cloud. The video is below followed by a transcript of the conversation.

Mike Vizard: Hey, guys. Thanks for the throw. We’re here with Dario Forte, who is the vice-president and general manager for security orchestration at Sumo Logic. Dario, welcome to the show. 

Dario Forte: Hi, it’s a pleasure for me to be here.

Vizard: You guys just recently launched a SOAR platform in the cloud. It basically automates a lot of the security orchestration functions that people are dealing with. Why do you think it’s important for that to be delivered via the cloud these days, versus what we might have traditionally been doing?

Forte: Yes, that’s a very good question. We believe at Sumo – which, by the way, I want to remember, it’s a cloud company, so the most important thing from an architectural standpoint is the fact that being cloud-native for Sumo, I would say, is de facto mandatory. Sumo acquired DFLabs, which is the company that I founded years ago, and it used to be a cloud-ready, on-prem SOAR company. And now the paradigm is gonna shift for full cloud, as we announced a few months ago. 

  It is very important to stress the point that cloud delivery has a series of very important valuable points. The first one is the capability of delivering additional content coordination – even pliable co-recommendation, integration, and so forth directly from a single location – and that is very helpful, both for end users and MSSBs, which are the main targets for Sumo cloud SOAR. And the capability of scaling this type of delivery is one of the mantra that we have in mind in order to make this new way to deliver SOAR mantra being reputable for the next few years. 

  We understand that there are still customers that are willing to install SOAR on prem, but we performed a series of surveys between CISOs and security operations manager and soft managers all over the world. You know that Sumo is a multinational company, so we have customers all over the world. And we asked them very openly, what did they think in having this kind of a piece of security infrastructure delivered in the cloud? 

  And the majority, I would say the strong majority, of the respondents were confirming that they are gonna move to the cloud for that, as well, in the next 12 months. And that is a major point of evaluation, also, for people like us design the strategy and deliver the architecture of such crucial component for the next months. And so every thing that we are building and delivering in the SOAR is basically designed to live, be maintained, delivered, and scaled in the cloud. 

  We have a strong integration with our cloud SIEM component that is already delivered in the cloud in the multitenancy, native multitenancy, and is already being adopted by many customers and partners from all over the world. And this integrated delivery is already taking place; we closed several customers last quarter that are already buying both solutions, both delivered in the cloud. And recently, we also announced the availability of two important features for the software. 

  One is the War Room, and one is the App Central, that for us, given the type of paradigm that we have in order to deploy and deliver the software in providing value to the customer, are going to be crucial for the near future.

Vizard: People have been talking about automating security for a long time, and SOAR platforms are not necessarily a new idea. But what’s changing now that a lot more folks are looking to automate security?

Forte: Two things. First is the easiness to deploy and handle and manage and update, which is a major step compared with the old-fashioned SOAR. One of the major obstacles in the past for SOAR was the complexity of designing, delivering, and maintaining the automation, because a lot of script and a lot of coding language knowledge were required in order to have this stuff working and being maintained. 

  That was an obstacle, especially for customers and partners that were not sophisticated as that part of that state of the art were requiring. Now things have changed very quickly, and especially with cloud SOAR at Sumo, we pointed everything on two major achievements. First is the easiness to use, and second is the easiness to integrate and deploy. On the first part, we worked a lot on the user interface, and the user experience that now is absolutely improved, both from a pure usability – 

  and allow me to joke for a second – and also from the eye candy standpoint. Probably somebody would call it “the Apple factor,” but actually, it’s more that that. And from the usability and maintainability and the deployment standpoint, we point out on a major differentiator that, for us, is the open architecture. Many SOAR on the past, and still some of the competitors are on that side, are very difficult to integrate and close, from a deployment standpoint. 

  Sumo, it’s a different approach. Sumo has a so-called open integration framework, which is a capability that we patented still when we were at DFLabs that basically allow anybody to write their own integration, their own playbook in a very easy turnaround with, really and actually, almost no coding required. And that shortened the delivery time of an integration, for example, from weeks, like had happened in the past, to hours, like is happening now. 

  Imagine some of the legacy SOAR were actually needing to build the entire stack of integration actions, for example, in order to be able to function. In Sumo, instead, we have a Lego brick approach:  you don’t need to build the entire superset of interaction, or integration, or actions within integration, or a connector, for example. You can just build the single actions that you need for that particular use case. 

  Then, if you want to increase the volume and the number of actions for that particular integration, you just need to add bricks to your construction. And that makes your delivery time being very, very, very, very quicker, compared to the past. And another important thing is that with our open integration framework, everybody can write their own integration. Sumo is not needed unless a validation is required, or some customer have no time or expertise to build the integration. 

  But everybody can write their own integration, and the result of those integrations go into the App Central. That is one of the two objects that we announced a few weeks ago, where this App Central is a central repository where everybody can contribute, depending from their security and privacy policy. So it’s a very granular kind of container. And those integrations, those playbooks, can be uploaded, can be screened, can be shared, depending from the setup and the attributes that the customer wanna give to the object, and they can be shared. 

  So let’s say, for example, the Log4j kind of incident had a playbook that somebody uploaded very quickly and, y’know, the same playbook can be downloaded by somebody else, customized, and very quickly uploaded in their SOAR instance. It’s really game changing. And again, you don’t need Sumo to govern the process, unless you need it, which is a major step.  

Vizard: You mentioned a War Room, and if things are becoming more automated, do I need the War Room? Or what happens in the War Room, if everything is orchestrated and automated, and maybe we’re resolving issues before we need to meet?

Forte: So the War Room provides security teams with the details of an incident to expedite manual process that will typically take minutes to, now, close with a matter of seconds. And if you look at the standards for incident management and security operations, they are actually asking for a detached repository for collaboration and information exchange within an incident. That is required by standards, so ISO; that is required by Mitre; this is required de facto, also, related to incident management and response. 

  The War Room solved this problem. So unless you have a fully automated playbook that actually does not require human interaction, the War Room instead is a collaboration point where the security analysts can exchange informations, take decision, keep track of those decision that is important also from a compliance standpoint, and at the same time have a usable content that then the machine learning engine can repurpose or recommend for the next similar incident. 

  It is a sort of secured container where the authorized people can exchange information and collaborate in order to speed up the incident resolution process.

Vizard: Right, cool. As we go along here, do you think more security is shifting to the cloud post COVID-19? It was happening before COVID-19, but do you think that that whole process got accelerated because of the pandemic?

Forte: I personally think that there is no direct correlation between pandemic and cloud adoption, but there is an acceleration of the cloud adoption also provided by this escalation of pandemics, which is two different things. The important of having a decentralized but manageable and always reachable set of systems and capabilities is a requirement that is going to increase in the next 12 to 36 months, and cloud is the only option to accelerate this paradigm shift. 

  The interesting thing is that it’s not like before, where the cloud was viewed by security practitioner as almost something that was almost untouchable. Y’know, something that culturally people would not approach. Now, cloud is something that everybody also from the security standpoint is considering, even in countries that are historically against the cloud. 

  We are having the first cloud deals and adoption in Asia, for example, that are notoriously a little bit reluctant of having security in the cloud, and this approach is changing. So I think that the pandemic accelerated was not the main cause of paradigm shift, but I think that cloud adoption is going to be the best. And even if you talk with CIOs, or chief information officer, their budget for cloud operation is going to increase for the next 12 to 24 months.

Vizard: Do you think that we’ll see a lot more usage of artificial intelligence because we’re collecting more data in the cloud, and we can build those types of models more easily? Is there gonna be some advances on that front as a result?

Forte: Yes, as soon as AI provided we’ll be able to anonymize and put the data in secure environment, and handle those data in a secured way. The old-fashioned AI, it is going to have possibly some difficulties in adoptions also because of the increase of the privacy regulations – and also, allow me to say, the balkanization of local clouds. And it depend also from the countries and the geos where you are, but this is the trend. 

  But the good news is that new AI design is taking care of these new trends, so I think that very soon the balkanization of data will be one of the major trends. So I trust that that will happen. Of course, privacy will be a bigger concern.

Vizard: All right. What’s your assessment of the state of cybersecurity right now? Are we winning or losing this battle?

Forte: We are gradually becoming stronger from a defensive side, so corporate-wise the things are getting better. Still a lot to do. But from a critical infrastructure and government defense side, we are still behind the attackers, so to speak, because state-sponsored attacks on the other side, so on the defensive side, have still some regulatory limitation. There are still countries, for example, that cannot officially answer to attacks in an offensive way, because law does not allow them to do it. 

  So when the regulation will change also on defensive side, there will be an acceleration. So I trust that this trend will be better again in the next few months.

Vizard: Huh. So what’s your best advice, then, to cybersecurity teams, given all the challenges they face? The attacks are more sophisticated, they’re increasing in volume. They don’t have a lot of extra people coming. What exactly should they be thinking about right now?

Forte: Automate as much as you can about the routine tasks, and things that don’t require your brain to be involved in it. Especially in SOC, there is so big a skill shortage that security analysts cannot afford to spend their time on basic and routine tasks, and this is where automation can also help. So that is probably one of the major math for the next year or so. And I personally think that skill shortage is still one of the major issue for CISOs and security operations, so automation can really help them to focus on the important things. 

  Again, don’t waste your time on routine tasks; automate them as much as you can, and then focus your mental energies on sophisticated things. Because the good news is that there are a lot of very sharp mind that can definitely answer to these very sophisticated attacks. It’s just a matter of employing the time in the best way.

Vizard: Well said. Dario, thanks for being on the show.

Forte: It’s a pleasure for me. Thank you for being here.

Vizard: All right. Back to you guys in the studio.

Recent Articles By Author
Avatar photo More from Michael Vizard
Michael Vizard , ,
Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 919 posts and counting.See all posts by mike-vizard