Security Response Center Sumo Logic
pSaaS analytics platform for reliable and secure cloudnative applicationsppAccelerate cloud migration and optimize infrastructure reliability on any cloudppTrusted by thousands of customers globallyppPokémon delivers safe gaming to hundreds of millions of usersppData tiering saves Infor 1 million in one yearppMonitor and secure 10000 cloudsppBrowse our library of ebooks briefs reports case studies webinars amp moreppDownload reportppRead articleppWatch videoppRead articleppRead articleppDownload paperppRead the guideppCompare with the competitionppStrategy best practicesppImproving application securityppModern SOC toolsppGet the reportppGet started with Sumo LogicppWhats the state of SREppWhat is truly cloudnativeppThe future of cybersecurityppGet the reportppDownload infographicppDownload paperppDownload guideppRead the guideppRead the guideppGet the reportppHow many tools do you useppAccelerating troubleshootingppSLO SLI SLA Beyond alphabet soupppStepbystep processppGet the reportpp
ppCompanies of all sizes are facing heightened cyber security threats in response to state actors increasing supply chain attacks and open source vulnerabilities Keeping customers informed enabled and protected is Sumo Logics highest priorityppNovember 12 2023 330PM PSTppWe continue to make progress with the investigation However the substantial guidance we have as of today remains the same as provided on November 10thppppIf you have questions about steps to take dont hesitate to get in touch with our customer support team at httpssupportsumologiccomsupportsppNovember 11 2023 330PM PSTppWe continue to make progress with the investigation However the substantial guidance we have as of today remains the same as provided on November 10thppppIf you have questions about steps to take dont hesitate to get in touch with our customer support team at httpssupportsumologiccomsupportsppNovember 10 2023 400PM PSTppWHAT SHOULD YOU DO if you have not done so yet
We recommend that customers rotate credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systemsppSpecifically we advise you to rotate immediatelyppWhat you could also rotate as an additional precautionary measureppppWE NO LONGER RECOMMEND THE FOLLOWING MEASURES FOR THIS INCIDENTppppIf you have questions about steps to take dont hesitate to get in touch with our customer support team at httpssupportsumologiccomsupportsppNovember 9 2023 200PM PSTppPer the recommendations mentioned in the November 7th 8th Security Notices we have created a playbook to guide our customers through the process of updating their API access keysppHere is a direct link to the playbook linkppThe information contained in this website is provided as is without any warranty of any kind either express or implied Users are solely responsible for adequate protection and backup of the data and equipment used in connection herewith If Users require assistance please contact our Support team via opening a ticket using our Support ConsoleppppNovember 8 2023ppAs an outcome of our ongoing investigation we are reducing the scope of the additional precautionary measures mentioned in our November 7th message Here is the updated recommendationppWhat you could also rotate as an additional precautionary measureppppNovember 7 2023ppTo Our Valued Customerspp ppAt Sumo Logic ensuring the security and reliability of our
customers digital experience is our top priority We have always
placed great emphasis on protecting our customers against threats and
we understand and deeply value the trust our customers place in us pp ppTo that end we are writing to notify you as a precautionary measure of a possible security incident within our platform pp ppWHAT HAPPENEDpp ppOn Friday November 3rd 2023 Sumo Logic discovered
evidence of a potential security incident The activity identified used a
compromised credential to access a Sumo Logic AWS account We have not
at this time discovered any impacts to our networks or systems and
customer data has been and remains encryptedpp ppWHAT HAVE WE DONEpp ppImmediately upon detection we locked down the exposed
infrastructure and rotated every potentially exposed credential for our
infrastructure out of an abundance of caution We are continuing to
thoroughly investigate the origin and extent of this incident We have
identified the potentially exposed credentials and have added extra
security measures to further protect our systems This includes improved
monitoring and fixing any possible gaps to prevent any similar events
and we are continuing to monitor our logs to look for further signs of
malicious activity We have taken actions to stop the threat to our
infrastructure and are advising customers to rotate their credentialspp ppWHAT SHOULD YOU DOpp ppWe recommend that customers rotate credentials that are
either used to access Sumo Logic or that you have provided to Sumo Logic
to access other systems Specificallypp ppWhat we advise you rotate immediatelypp ppSumo Logic API access keys If you need assistance with this please contact Sumo Support at httpssupportsumologiccomsupportspp ppWhat you could also rotate as an additional precautionary measurepp ppSumo Logic installed collector credentialsppThirdparty
credentials that have been stored with Sumo for the purpose of data
collection by the hosted collector eg credentials for S3 accessppThirdparty credentials that have been stored with Sumo as part of webhook connection configurationppUser passwords to Sumo Logic accountspp ppIf you have questions about steps to take please do not hesitate to contact our customer support team at httpssupportsumologiccomsupports pp ppWHAT HAPPENS NEXTpp ppWhile the investigation into this incident is ongoing we
remain committed to doing everything we can to promote a safe and secure
digital experience pp ppWe will directly notify customers if evidence of malicious
access to their Sumo Logic accounts is found Customers may find updates
at our Security Response Centerpp ppYour security remains our top priority and we want to
reiterate how much we value you putting your trust in us Thank you for
your understanding through this process ppOctober 26 2023Last month Google published CVE20235129 marked as a duplicate and CVE20234863 indicating vulnerabilities existed within libwebp and as a result within a number of downstream applications leveraging it Sumo Logic has updated all applicable systems to ensure we are not vulnerable and are continuing to monitor our corporate security posture as well as our thirdparty vendors to ensure they are dealing with the situation as appropriateppOctober 26 2023Sumo Logic is aware of the vulnerability CVE202344487 also known as HTTP2 Rapid Reset Attack Sumo Logic has mitigations in place that we inherit from AWS mechanisms We do not believe we are susceptible based on our scanning testing and inherited mitigations from our AWSbased infrastructure We have followed the current guidance published by AWS in this regardppSeptember 28 2023Sumo Logic is aware of the vulnerabilities CVE20235129 and CVE20234863 that Google published indicating a critical vulnerability in libwebp We are actively investigating to identify any and all areas where we may be leveraging the vulnerable versions of this library As of now our investigations have revealed no indications of compromise We will keep this page up to date as our investigations continueppJune 20 2023Sumo Logic is aware of the published vulnerabilities CVE202334362 CVE202335036 and CVE202335708 by Progress software indicating that the MOVEit Transfer tool was vulnerable to multiple SQL injection vulnerabilities Our investigation suggests that Sumo Logic is not impacted as our products and services do not use MOVEit Transfer tool Our current assessment is that no action is required from our customers but we will continue to monitor and update as appropriateppNov 4 2022Sumo Logic is aware of the recently announced OpenSSL vulnerabilities CVE20223786 and CVE20223602 Our initial investigation suggests that Sumo Logic is not impacted as our products and services do not rely on OpenSSL Our current assessment is that no action is required from our customers but we will continue to monitor and update as appropriateppApril 1 2022Sumo Logic has validated that we do not use any part of the vulnerable Spring Cloud framework found in CVE202222963 We have also reviewed CVE202222965 and have validated that Sumo Logic is not vulnerable to known exploitable methods Out of an abundance of caution we will be updating our Sumo Logic Service however no action is required on your part The Sumo Logic collector is not vulnerable to known Spring Cloud framework exploitation methodsppMarch 31 2022Sumo Logic is aware of CVE202222963 which is an exploitable Remote Code Execution RCE in Spring Cloud Functions Our initial investigation suggests that Sumo Logic is not impacted Our current assessment is that no action is required on your part at this time but we will continue to monitor and keep you posted as our analysis progressesppOur Global Operations Center investigated Oktas evolving situation as Sumo Logic currently leverages Oktas federated identity solution So far we have no evidence that Sumo Logic our employees or services are impacted in any wayppBeginning early in the morning on Dec 10th Sumo Logics
security team investigated and validated the nature and severity of the
exploit against potential points of compromise and determined that at NO time was Sumo Logic exploitedppWe use a custom SumoLog4Layout library that never invokes custom
lookups as compared to Apache Log4j so the Sumo Logic Service was
never impactedppSummaryppA support engineers laptop at the Identity and Authentication IAM firm Okta was compromisedppWhat steps has Sumo Logic takenppOur Global Operations Center investigated Oktas evolving situation as Sumo Logic currently leverages Oktas federated identity solution So far we have no evidence that Sumo Logic our employees or services are impacted in any wayppWhat can I doppCustomers and prospects in a currently 30day trial can use the Okta app to determine if they are compromised and leverage Cloud SIEM targeted searchespp
pp
ppppActively monitoring current threats in realtime to ensure customers are not impactedppppCreating easytocopy search queries and filters customers can use to determine if they are at riskppppProviding securityspecific onboarding to prospects in our 30day trial to help them determine if they are compromisedpp
ppppStart a 30 Day trialppLeverage our application integrations and log ingesting capabilities to determine if your organization has been compromisedppppStart free trialppppTalk to our security expertsppTake a tour of our security capabilities and Cloud SIEM Our team can walk you through common threat response scenarios and how to build proactive threat monitoringppppRequest demopp2023 Sumo LogicppNo credit card required Up and running in minutespp
Already have an account
Login
ppMore than 2100 enterprises around the world rely on Sumo Logic to build run and secure their modern applications and cloud infrastructuresp
ppCompanies of all sizes are facing heightened cyber security threats in response to state actors increasing supply chain attacks and open source vulnerabilities Keeping customers informed enabled and protected is Sumo Logics highest priorityppNovember 12 2023 330PM PSTppWe continue to make progress with the investigation However the substantial guidance we have as of today remains the same as provided on November 10thppppIf you have questions about steps to take dont hesitate to get in touch with our customer support team at httpssupportsumologiccomsupportsppNovember 11 2023 330PM PSTppWe continue to make progress with the investigation However the substantial guidance we have as of today remains the same as provided on November 10thppppIf you have questions about steps to take dont hesitate to get in touch with our customer support team at httpssupportsumologiccomsupportsppNovember 10 2023 400PM PSTppWHAT SHOULD YOU DO if you have not done so yet
We recommend that customers rotate credentials that are either used to access Sumo Logic or that you have provided to Sumo Logic to access other systemsppSpecifically we advise you to rotate immediatelyppWhat you could also rotate as an additional precautionary measureppppWE NO LONGER RECOMMEND THE FOLLOWING MEASURES FOR THIS INCIDENTppppIf you have questions about steps to take dont hesitate to get in touch with our customer support team at httpssupportsumologiccomsupportsppNovember 9 2023 200PM PSTppPer the recommendations mentioned in the November 7th 8th Security Notices we have created a playbook to guide our customers through the process of updating their API access keysppHere is a direct link to the playbook linkppThe information contained in this website is provided as is without any warranty of any kind either express or implied Users are solely responsible for adequate protection and backup of the data and equipment used in connection herewith If Users require assistance please contact our Support team via opening a ticket using our Support ConsoleppppNovember 8 2023ppAs an outcome of our ongoing investigation we are reducing the scope of the additional precautionary measures mentioned in our November 7th message Here is the updated recommendationppWhat you could also rotate as an additional precautionary measureppppNovember 7 2023ppTo Our Valued Customerspp ppAt Sumo Logic ensuring the security and reliability of our
customers digital experience is our top priority We have always
placed great emphasis on protecting our customers against threats and
we understand and deeply value the trust our customers place in us pp ppTo that end we are writing to notify you as a precautionary measure of a possible security incident within our platform pp ppWHAT HAPPENEDpp ppOn Friday November 3rd 2023 Sumo Logic discovered
evidence of a potential security incident The activity identified used a
compromised credential to access a Sumo Logic AWS account We have not
at this time discovered any impacts to our networks or systems and
customer data has been and remains encryptedpp ppWHAT HAVE WE DONEpp ppImmediately upon detection we locked down the exposed
infrastructure and rotated every potentially exposed credential for our
infrastructure out of an abundance of caution We are continuing to
thoroughly investigate the origin and extent of this incident We have
identified the potentially exposed credentials and have added extra
security measures to further protect our systems This includes improved
monitoring and fixing any possible gaps to prevent any similar events
and we are continuing to monitor our logs to look for further signs of
malicious activity We have taken actions to stop the threat to our
infrastructure and are advising customers to rotate their credentialspp ppWHAT SHOULD YOU DOpp ppWe recommend that customers rotate credentials that are
either used to access Sumo Logic or that you have provided to Sumo Logic
to access other systems Specificallypp ppWhat we advise you rotate immediatelypp ppSumo Logic API access keys If you need assistance with this please contact Sumo Support at httpssupportsumologiccomsupportspp ppWhat you could also rotate as an additional precautionary measurepp ppSumo Logic installed collector credentialsppThirdparty
credentials that have been stored with Sumo for the purpose of data
collection by the hosted collector eg credentials for S3 accessppThirdparty credentials that have been stored with Sumo as part of webhook connection configurationppUser passwords to Sumo Logic accountspp ppIf you have questions about steps to take please do not hesitate to contact our customer support team at httpssupportsumologiccomsupports pp ppWHAT HAPPENS NEXTpp ppWhile the investigation into this incident is ongoing we
remain committed to doing everything we can to promote a safe and secure
digital experience pp ppWe will directly notify customers if evidence of malicious
access to their Sumo Logic accounts is found Customers may find updates
at our Security Response Centerpp ppYour security remains our top priority and we want to
reiterate how much we value you putting your trust in us Thank you for
your understanding through this process ppOctober 26 2023Last month Google published CVE20235129 marked as a duplicate and CVE20234863 indicating vulnerabilities existed within libwebp and as a result within a number of downstream applications leveraging it Sumo Logic has updated all applicable systems to ensure we are not vulnerable and are continuing to monitor our corporate security posture as well as our thirdparty vendors to ensure they are dealing with the situation as appropriateppOctober 26 2023Sumo Logic is aware of the vulnerability CVE202344487 also known as HTTP2 Rapid Reset Attack Sumo Logic has mitigations in place that we inherit from AWS mechanisms We do not believe we are susceptible based on our scanning testing and inherited mitigations from our AWSbased infrastructure We have followed the current guidance published by AWS in this regardppSeptember 28 2023Sumo Logic is aware of the vulnerabilities CVE20235129 and CVE20234863 that Google published indicating a critical vulnerability in libwebp We are actively investigating to identify any and all areas where we may be leveraging the vulnerable versions of this library As of now our investigations have revealed no indications of compromise We will keep this page up to date as our investigations continueppJune 20 2023Sumo Logic is aware of the published vulnerabilities CVE202334362 CVE202335036 and CVE202335708 by Progress software indicating that the MOVEit Transfer tool was vulnerable to multiple SQL injection vulnerabilities Our investigation suggests that Sumo Logic is not impacted as our products and services do not use MOVEit Transfer tool Our current assessment is that no action is required from our customers but we will continue to monitor and update as appropriateppNov 4 2022Sumo Logic is aware of the recently announced OpenSSL vulnerabilities CVE20223786 and CVE20223602 Our initial investigation suggests that Sumo Logic is not impacted as our products and services do not rely on OpenSSL Our current assessment is that no action is required from our customers but we will continue to monitor and update as appropriateppApril 1 2022Sumo Logic has validated that we do not use any part of the vulnerable Spring Cloud framework found in CVE202222963 We have also reviewed CVE202222965 and have validated that Sumo Logic is not vulnerable to known exploitable methods Out of an abundance of caution we will be updating our Sumo Logic Service however no action is required on your part The Sumo Logic collector is not vulnerable to known Spring Cloud framework exploitation methodsppMarch 31 2022Sumo Logic is aware of CVE202222963 which is an exploitable Remote Code Execution RCE in Spring Cloud Functions Our initial investigation suggests that Sumo Logic is not impacted Our current assessment is that no action is required on your part at this time but we will continue to monitor and keep you posted as our analysis progressesppOur Global Operations Center investigated Oktas evolving situation as Sumo Logic currently leverages Oktas federated identity solution So far we have no evidence that Sumo Logic our employees or services are impacted in any wayppBeginning early in the morning on Dec 10th Sumo Logics
security team investigated and validated the nature and severity of the
exploit against potential points of compromise and determined that at NO time was Sumo Logic exploitedppWe use a custom SumoLog4Layout library that never invokes custom
lookups as compared to Apache Log4j so the Sumo Logic Service was
never impactedppSummaryppA support engineers laptop at the Identity and Authentication IAM firm Okta was compromisedppWhat steps has Sumo Logic takenppOur Global Operations Center investigated Oktas evolving situation as Sumo Logic currently leverages Oktas federated identity solution So far we have no evidence that Sumo Logic our employees or services are impacted in any wayppWhat can I doppCustomers and prospects in a currently 30day trial can use the Okta app to determine if they are compromised and leverage Cloud SIEM targeted searchespp
pp
ppppActively monitoring current threats in realtime to ensure customers are not impactedppppCreating easytocopy search queries and filters customers can use to determine if they are at riskppppProviding securityspecific onboarding to prospects in our 30day trial to help them determine if they are compromisedpp
ppppStart a 30 Day trialppLeverage our application integrations and log ingesting capabilities to determine if your organization has been compromisedppppStart free trialppppTalk to our security expertsppTake a tour of our security capabilities and Cloud SIEM Our team can walk you through common threat response scenarios and how to build proactive threat monitoringppppRequest demopp2023 Sumo LogicppNo credit card required Up and running in minutespp
Already have an account
Login
ppMore than 2100 enterprises around the world rely on Sumo Logic to build run and secure their modern applications and cloud infrastructuresp
