{"id":11140,"date":"2025-02-07T11:17:05","date_gmt":"2025-02-07T19:17:05","guid":{"rendered":"http:\/\/www.sumologic.com\/?post_type=resource&p=11140"},"modified":"2026-03-04T17:02:27","modified_gmt":"2026-03-05T01:02:27","slug":"hashicorp","status":"publish","type":"resource","link":"https:\/\/www.sumologic.com\/case-studies\/hashicorp","title":{"rendered":"HashiCorp"},"content":{"rendered":"\n
<\/div>\n\n\n\n

Results at a glance<\/h3>\n\n\n\n
<\/path><\/svg>Efficient, scalable security monitoring for 10,000 clouds and growing<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Gained broad security visibility across three cloud environments<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Accelerated security investigations with automated workflows<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Optimized incident response decision-making using custom dashboards<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Improved team productivity and focus<\/span><\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n

Challenge<\/h3>\n\n\n\n

Collectively supporting cloud infrastructure for tens of thousands of customers and HashiCorp itself generates massive volumes of various events.<\/h5>\n\n\n\n

Sifting through this telemetry to conduct a single security investigation and search on a series of related events was a time-consuming process for the security team, plagued with excruciatingly slow search results.<\/p>\n\n\n\n

\u201cOur sheer mass of data made everything slow. From collecting all the events we needed to gaining context around alerts and seeing what was going on, we couldn\u2019t investigate in real time to understand if something was relevant or find things that are critically important,\u201d said Ryan Breed, Senior Security Engineer at HashiCorp, noting that \u201crunning a large search took so long that it would break an analyst\u2019s concentration and slow down the investigation process.\u201d<\/p>\n\n\n\n

<\/div>\n\n\n\n

Solution<\/h3>\n\n\n\n

HashiCorp, known for its innovation that never sleeps, requires security that can keep up. For that, they selected Sumo Logic.<\/p>\n\n\n\n

Unlocking security visibility for HashiCorp required real-time monitoring across the company\u2019s complex operating environment, which spans three infrastructure-as-a-service (IaaS) cloud environments and API integrations with each cloud vendor\u2019s full suite of products.<\/p>\n\n\n\n

As a cloud-native solution, Sumo Logic provides HashiCorp with centralized and scalable Logs for Security and security information and event management (Cloud SIEM) across the company\u2019s and its customers\u2019 multi-cloud environments.<\/p>\n\n\n\n

According to Ryan Breed, \u201cSumo Logic helps us scale our security visibility and keep pace with the business as we launch new products, add customers and adopt new tools. As we grow, the marginal cost of adding visibility and enhancing what we have is minimal, which allows us to accommodate some pretty fundamental changes and scale the business much more quickly.\u201d<\/p>\n\n\n\n

<\/div>\n\n\n
<\/div>
\n \"Ryan<\/figure><\/figure>

Ryan Breed<\/p>

Senior Security Engineer<\/p><\/div><\/div>

\u201cSumo Logic proactively helps us understand an alert, whether it’s important or not and, in some cases, automatically disposes of the alert.\n\u201d<\/div><\/div>
\"Ryan<\/a><\/div><\/div><\/div><\/div><\/div>\n\n\n
<\/div>\n\n\n\n

Results<\/h3>\n\n\n\n

Low latency, insight-driven security investigations \u2014 in real time<\/strong><\/p>\n\n\n\n

After deploying Sumo Logic Cloud SIEM to integrate and ingest telemetry from all aspects of the company\u2019s infrastructure, HashiCorp experienced the first game changer for managing security investigations: the ability to do low-latency search.<\/p>\n\n\n\n

Sumo Logic\u2019s cloud scale empowers HashiCorp security experts to search and conduct investigations in real time. In addition, Cloud SIEM streamlined workflows enabled the security operations center (SOC) team to implement a system where alerts automatically initiate searches.<\/p>\n\n\n\n

\u201cSumo Logic proactively helps us understand an alert, whether it’s important or not and, in some cases, automatically disposes of the alert,\u201d said Breed, adding that \u201chaving a low latency search system with Sumo Logic makes that kind of real-time workflow automation possible.\u201d<\/p>\n\n\n\n

Applies Alerting and Detection Strategy (ADS) to optimize security investigations<\/strong><\/p>\n\n\n\n

Cloud SIEM parses, maps and creates normalized records upon ingestion from HashiCorp\u2019s structured and unstructured data and then automatically triages alerts to provide the security experts with actionable insights. To further optimize Cloud SIEM\u2019s performance in distilling down tens of thousands of daily alerts, the SOC team applies Palantir\u2019s ADS framework.<\/p>\n\n\n\n

The framework helps the security team develop theories and think deeply about how best to leverage Cloud SIEM during investigations. For example, the team has mapped out threat-hunting searches to uncover traces a threat actor might leave on the infrastructure and workflows to support the next steps the analyst should take if they find one of those traces.<\/p>\n\n\n\n

\u201cLeveraging ADS lets us really focus on the performance side of using Cloud SIEM. Having an idea of what we\u2019re looking for before we go looking helps us optimize things like field extractions and making the most common search patterns return very quickly. This helps the analyst stay in the zone when an investigation has multiple layers of abstraction and Cloud SIEM has made all of that supporting information available upfront,\u201d said Breed.<\/p>\n\n\n\n

Reduced time-to-decision with interactive dashboards<\/strong><\/p>\n\n\n\n

Sumo Logic\u2019s security analytics and dashboards provide the security team with single-pane-of-glass visibility across HashiCorp\u2019s extensive cloud environments. The SOC has also implemented a range of custom dashboards to advance the team\u2019s playbooks and processes for conducting daily investigations.<\/p>\n\n\n\n

When an analyst is investigating suspicious login activity, for example, they can fill in important parameters into the dashboard, such as the user ID and a time range, which then returns an interactive heads-up display where the analyst can \u2018click\u2019 to drill further into specific data.<\/p>\n\n\n\n

\u201cInteractive dashboards give us the context and color that help our security analysts minimize the time-to-decision. They can plug in the parameters and get the information very quickly, so they don’t have to stop whatever they’re doing to reach a decision and take action,\u201d said Breed.<\/p>\n","protected":false},"excerpt":{"rendered":"

Collectively supporting cloud infrastructure for tens of thousands of customers and HashiCorp itself generates massive volumes of various events. See how HashiCorp gained efficient, scalable security monitoring for 10,000 clouds and growing.<\/p>\n","protected":false},"author":4,"featured_media":19412,"template":"","meta":{"_acf_changed":true,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"3","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"resource-type":[29],"resource-solution":[56,45],"translation_priority":[221]},"selected_primary_terms":{"resource-type":[],"resource-solution":[]},"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-2b1a2e4.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item svg path{fill:#2184f9!important}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-2b1a2e4.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-a617356.gspb_iconsList [data-id='0'] svg,body #gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-2b1a2e4.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-2b1a2e4.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item svg{margin:0!important}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-2b1a2e4.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-2b1a2e4.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"3185,3180,3170","_relevanssi_noindex_reason":"","inline_featured_image":false},"resource-type":[29],"resource-solution":[45,56],"class_list":["post-11140","resource","type-resource","status-publish","has-post-thumbnail","hentry","resource-type-case-studies","resource-solution-case-study","resource-solution-secops-and-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource\/11140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/4"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media\/19412"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=11140"}],"wp:term":[{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-type?post=11140"},{"taxonomy":"resource-solution","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-solution?post=11140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}