Sumo Logic Potential Security Incident
Updated by Keith Kirkland
High Level Summary of the Security Advisory
Sumo Logic provides cloud monitoring, log management, Cloud SIEM tools, and real-time insights for web and SaaS based applications. The company claims to be the first enterprise-grade cloud-based service that collects, manages, and analyzes all log data provided by its clients.
On November 7, 2023, Sumo Logic published a notification on its Security Response Center, as a precautionary measure, of a potential security incident, in which a compromised credential was used to access a Sumo Logic AWS account. Sumo Logic has not discovered any impacts to their networks or systems, and has confirmed that their customer data has been and remains encrypted.
Upon detecting the issue, Sumo Logic locked down the exposed infrastructure and rotated every potentially exposed credential for their infrastructure out of an abundance of caution. Sumo Logic has identified the potentially exposed credentials and has added extra security measures to further protect their systems. This includes improved monitoring and fixing any possible gaps to prevent any similar events and additional continued monitoring of logs to look for further signs of malicious activity.
Should I be concerned?
Maybe. It depends on if you have a relationship with Sumo Logic. Click on the link below to find out if you have a relationship with this vendor. If you do, follow the recommendations below.
Note: This link specifically references vendor directory records. You may also want to search your Relationship List for "Sumo Logic” to confirm.
What to do if you or your vendors have an active relationship with Sumo Logic
Sumo Logic recommends that customers rotate credentials that are either used to access Sumo Logic or that the customers have provided to Sumo Logic to access other systems. Specifically:
What Sumo Logic advises their customers rotate immediately:
- Sumo Logic API access keys (If any assistance is required with this, please contact Sumo Support at https://support.sumologic.com/support/s/)
What the customers could also rotate as an additional precautionary measure:
- Third-party credentials that have been stored with Sumo Logic as part of webhook connection configuration - As updated by Sumo Logic on November 8, 2023.
For any questions about the steps to be taken, Sumo Logic advises to contact their customer support team at https://support.sumologic.com/support/s/
Customers will be directly notified if evidence of malicious access to their Sumo Logic accounts is found. Customers may find updates on the potential incident on Sumo Logics’ Security Response Center.
--------------------------------------------------------------
We are actively working on future product enhancements related to these types of events. If you found this information helpful or have additional feedback please let us know at product@visotrust.com.
For any additional questions, please reach out to your customer success manager.
Stay ahead of the curve with our Public Risk Notice Alerts!
Get the latest information and news to your inbox on cybersecurity breaches and third-party vendor risks that could impact your organization.
Sign up today to fortify your organization's security.
The VISO TRUST team
—----------—----------—-----