{"id":11417,"date":"2025-01-10T17:22:21","date_gmt":"2025-01-11T01:22:21","guid":{"rendered":"http:\/\/www.sumologic.com\/?post_type=resource&p=11417"},"modified":"2026-03-26T11:01:05","modified_gmt":"2026-03-26T19:01:05","slug":"sps","status":"publish","type":"resource","link":"https:\/\/www.sumologic.com\/case-studies\/sps-commerce","title":{"rendered":"SPS"},"content":{"rendered":"\n
How SPS commerce uses security insights from Sumo Logic to improve cybersecurity<\/h5>\n\n\n\n
<\/div>\n\n\n\n

Results at a glance<\/h3>\n\n\n\n
<\/path><\/svg>Centralized security visibility across cloud and on-premises infrastructure<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Seamless integration into existing AWS and Azure services<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Consolidated 20 separate dashboards into a single-pane view<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Accelerated investigations with automated alert triage and threat correlations<\/span><\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n

Challenge<\/h3>\n\n\n\n

Keeping pace with the growing and changing business while defending it from cyber threats was challenging.<\/h5>\n\n\n\n

To manage cybersecurity for its broad infrastructure, SPS Commerce used a hybrid staffing model that included the internal security operations center (SOC) team and a managed services provider aiding with 24\/7 coverage for monitoring alerts.<\/p>\n\n\n\n

\u201cIt’s a bit of a truism that the attackers only have to be successful once while our SOC team has to be successful 100 percent of the time. So, we really needed the visibility and the data to detect and respond to those threats,\u201d said Nick Kemske, SOC and Incident Response Manager of SPS Commerce.<\/p>\n\n\n\n

<\/div>\n\n\n\n

Solution<\/h3>\n\n\n\n

For visibility across the company\u2019s attack surface, SPS Commerce wanted central access to all the data sources to give the SOC team accurate security visibility and insights. This required investment in a\u00a0SIEM solution<\/a>.<\/p>\n\n\n\n

As part of the SOC team\u2019s requirements, they wanted a solution that would give them the added value of seeing the same systems, logs and metrics the rest of the company was gathering to monitor the environment. Sumo Logic was the perfect solution because the infrastructure team already used the platform for their observability use cases.<\/p>\n\n\n\n

\u201cWhen selecting a SIEM, we didn\u2019t want to get too far afield and separate from what our infrastructure partners were doing. Expanding the company\u2019s Sumo Logic usage to include our SIEM needs gives us better opportunity to collaborate and partner with teams to resolve issues when they come up,\u201d said Kemske.<\/p>\n\n\n\n

<\/div>\n\n\n
<\/div>
\u201cEverything goes into Sumo Logic for our security monitoring. I have a saying on my team, that \u2018all means all\u2019 when you think about security and the importance of monitoring everything.\n\u201d<\/div><\/div>

Nick Kemske, SOC and Incident Response Manager<\/p><\/div>

\"Nick<\/a><\/div><\/div><\/div><\/div><\/div>\n\n\n
<\/div>\n\n\n\n

Results<\/h3>\n\n\n\n

Fast implementation and ramp-up to support SOC needs<\/strong><\/p>\n\n\n\n

As the infrastructure team had already deployed the Sumo Logic platform and was collecting the company\u2019s logs from infrastructure data sources, the SOC team enjoyed a jumpstart in their adoption effort. Using the platform\u2019s cloud collectors made it a turnkey process for the team to integrate additional data sources from their security tools, such as the company\u2019s CrowdStrike and Tenable solutions.<\/p>\n\n\n\n

\u201cSumo Logic makes it easy to get started by taking advantage of everything that\u2019s pre-built in the application like the out-of-the-box security rule sets,\u201d said Kemske, adding that \u201cthere\u2019s lots of really fantastic documentation about how the overall platform works, so it allowed us to really get up to speed quickly.\u201d<\/p>\n\n\n\n

Single source for security telemetry and insights<\/strong><\/p>\n\n\n\n

With Sumo Logic ingesting all the desired log data, the solution is now the SOC team\u2019s authoritative security data source. \u201cEverything goes into Sumo Logic for our security monitoring. I have a saying on my team, that \u2018all means all\u2019 when you think about security and the importance of monitoring everything,\u201d said Kemske.<\/p>\n\n\n\n

From switches and routers to AWS and Azure logs, all the\u00a0telemetry<\/a>\u00a0comes together in Sumo Logic for triaging alerts and correlating threats across the company\u2019s infrastructure. Based on the data source\u2019s use case for security analysis, the SOC team leverages Sumo Logic\u2019s flexible data tiering to denote which sources Cloud SIEM should continuously process and analyze.<\/p>\n\n\n\n

With integrated threat intelligence feeds, the SOC team leverages Cloud SIEM\u2019s more than 700 pre-built rules along with the team\u2019s custom rules to obtain enriched and actionable insights. \u201cAll that is married together in Cloud SIEM, which then kicks off the investigation workflow for my team. It’s really a great and seamless journey,\u201d noted Kemske.<\/p>\n\n\n\n

Faster investigations with automation and a single-pane view<\/strong><\/p>\n\n\n\n

Before adopting\u00a0Cloud SIEM<\/a>, the SOC team\u2019s investigation workflow relied on 20 separate system dashboards that required a lengthy, manual effort to weave together a view of the company\u2019s entire footprint. With Cloud SIEM in place, the team now has visibility into what\u2019s happening in the environment \u2014 all from a single console that doesn\u2019t require the team to pivot across tools.<\/p>\n\n\n\n

\u201cCloud SIEM has underpinned our shift from a very rote, manual process to one that\u2019s much more automated, which has been really helpful in giving us visibility and saving time on our investigations,\u201d Kemske explained, adding that \u201cbecause we can also easily kick off JIRA tickets from Cloud SIEM, we can integrate a lot better with our delivery teams and partners in the way that they expect.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

As a leading electronic data interchange (EDI) provider, SPS Commerce has an expansive infrastructure to serve more than 70,000 customers worldwide. It consists of on-premises systems, cloud footprints in AWS and Azure, and a wide range of custom applications and toolsets.<\/p>\n","protected":false},"author":4,"featured_media":58980,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"3","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"resource-type":[29],"resource-solution":[56,45],"translation_priority":[221]},"selected_primary_terms":{"resource-type":[],"resource-solution":[]},"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item svg path{fill:#2184f9!important}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-a617356.gspb_iconsList [data-id='0'] svg,body #gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item svg{margin:0!important}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"3185,3180,3170","_relevanssi_noindex_reason":"","inline_featured_image":false},"resource-type":[29],"resource-solution":[45,56],"class_list":["post-11417","resource","type-resource","status-publish","has-post-thumbnail","hentry","resource-type-case-studies","resource-solution-case-study","resource-solution-secops-and-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource\/11417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/4"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media\/58980"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=11417"}],"wp:term":[{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-type?post=11417"},{"taxonomy":"resource-solution","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-solution?post=11417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}