Back to blog results

3월 21, 2024 By Chas Clawson

Guarding the game: securing digital playgrounds

Securing digital playgrounds

Imagine needing to stop a playoff game because viewers were actively impacting the sport, helping players catch impossible passes or score points they never should have gotten. That’s the equivalent of what happened when an Apex Legends hack during the North American finals interrupted the tournament and raised cybersecurity concerns for everyone involved.

With global esports a billion-dollar industry, and competitive video gaming in general worth much more than that, this has a serious impact. Add to that, for too long the gaming companies have been playing checkers while cyber attackers are playing chess. Organizations need to get serious about cybersecurity, and quickly.

New tech to monitor new tech

Online gaming has been a significant driver of developments in networking technology and cloud computing. The need for fast, reliable, and synchronous connections for multiplayer games has pushed advancements in network infrastructure, leading to the development of faster, more robust internet protocols. While not used in esports competition where millisecond performance issues can be game-altering, cloud gaming, where games are streamed from powerful servers to users' devices, is pushing the boundaries of what's possible in cloud computing, demanding rapid processing and low-latency data transmission. The technologies developed to meet these requirements are finding applications beyond gaming, in fields such as telemedicine and remote education.

The symbiotic relationship between the technology sector and industries like gaming and sports catalyzes innovation, with each driving the other to new heights. With a massive following (and winner payout prizes) for esports, tech needs to be transparent so that the focus is purely on the gamer's skills and not their rig or equipment. The technological advancements pioneered in these fields often have far-reaching implications, demonstrating the power of targeted, application-driven innovation.

In World of Warcraft, players have created applications to help them perform better. In fact, some of the esports teams have hired developers to create custom scripts or code to help them achieve their world-first status and guess what they leverage to build it? Log data.

Of course, it all comes back to the atomic level of logs. A popular website, Warcraft Logs, takes the combat log from the user's game (it writes in real-time) and then uploads it to their website for analytics (how good your damage output is, are you taking too much damage, etc). By returning to the logs, players can optimize their performance and use technology and new software in their esports practice and play.

While this holds true for gaming and sports, it’s equally as important for business operations, especially at the break neck speed of innovation driving companies forward. New cloud technologies, for example, must be backed by new observability and security monitoring solutions.

Fortunately, incorporating modern log analytics solutions into the deployment of any advanced technologies improves continuity and security. These systems enable real-time analysis of security alerts generated by applications and network hardware, crucial for identifying and responding to potential threats swiftly, ensuring the integrity and availability of services. They are designed to provide detection and safeguards against data theft, service disruption and ensure user trust.

Legendary gaming security challenges

When it comes to keeping esports and other competitive video games secure, there are some unique challenges to overcome. Stealing and distributing games, cracking code, and other hacks have been part of gamer culture from its inception. Unfortunately, there has been a rise in cyber attacks targeting gaming companies and now, disruptions in live broadcasted professional gaming. These incidents occur amidst broader cybersecurity challenges facing various sectors, demonstrating the gaming industry's critical need for enhanced protective measures.

For example, the recent ransomware attack on Sony’s Insomniac Games, resulting in a significant data breach including employee personal information and details on future game releases, underscores a growing trend of hackers targeting gaming companies. High-profile incidents at CD Projekt and Rockstar Games in previous years highlight the industry's vulnerabilities.

The impact of such breaches is profound, affecting not just the companies' intellectual property and employees' privacy but also shaking the trust within the gaming community. Crucially, some of these breaches might have been preventable with more stringent security protocols, particularly the enforcement of Multi-Factor Authentication (MFA) and rigorous monitoring of account usage. The repeated exploitation of security weaknesses by groups like Rhysida emphasizes the necessity for companies to adopt comprehensive monitoring and security strategies to detect and thwart unauthorized access early. Such measures are not just about safeguarding data. They’re vital for protecting individuals, maintaining the trust and continuity essential to the gaming industry's success and ensuring fair competitive playing fields for esports’ credibility.

During the recent Apex Legends Global Series tournament, hackers exploited a remote code execution (RCE) vulnerability to inject cheat tools into the game, prompting Electronic Arts to postpone the $5 million prize pool event as they investigate the cyberattack. This incident underscores RCE vulnerabilities' significant impact on online gaming, allowing attackers to seize control of game servers, insert malicious code into game clients or alter game mechanics.

The breach also raises broader cybersecurity concerns beyond gaming. RCE vulnerabilities are not limited to games; they exist in various software and systems, posing a serious cybersecurity threat. Attackers can exploit these vulnerabilities to compromise systems, steal data, or disrupt operations.

Furthermore, the incident highlights the need for robust security measures, especially in industries like gaming and e-sports, where large sums of money and sensitive data are at stake. It serves as a reminder for organizations to stay vigilant against cyber threats and to continuously update their security practices to understand their environments, particularly where systems may have vulnerabilities which lead to remote code execution. .

Don’t fall for n00b mistakes

When you’re faced with a security incident, the last thing you need to worry about is the additional observability and monitoring needed for your security solution. Sadly, too often, that’s what happens with the wrong security information and event management (SIEM), especially legacy solutions where the SIEM can’t scale at the required pace. This is not the time to have security solutions that can’t deliver or eat up too much of already constrained budgets.

While vendors like Splunk (now part of Cisco), IBM and Securonix have been playing a high-stakes game of "cloud catch-up," lifting and shifting their antiquated code into a cloud façade, Sumo Logic was born in the cloud. And unlike monolithic architectures, true cloud-native solutions are built using microservices, which are independently deployable, manageable, and scalable. This modularity allows for faster iteration, easier updates, and more robust isolation of services, reducing the risk of cascading failures.

While we regularly compete against the legacy behemoth SIEM solutions like Splunk and IBM, there is an inherent advantage of being unencumbered by tech debt. Cloud-native security solutions can dynamically scale resources up or down based on real-time demands, ensuring that sudden spikes in data volume or processing needs do not compromise performance or availability. This elasticity is vital for maintaining robust security postures, especially when dealing with unpredictable workloads or during incident response, where rapid scalability is crucial. Whether you need to monitor IRL games like the Super Bowl or your weekly Fortnite tournament, Sumo Logic continues to be a logical choice.

Ready to start climbing the ranks?

Let us help you. In fact, many of the largest online games are currently being monitored by Sumo Logic. Our solution employs advanced analytics to monitor a vast array of entities within an organization's IT environment, including both human users and non-human elements like scripts, machines, and applications.

Sumo Logic establishes comprehensive visibility into user and entity behaviors by aggregating and analyzing data from logs, metrics, and events across the network. This approach allows the platform to establish what constitutes normal activity patterns within the system, thereby creating a dynamic and evolving baseline against which future activities are compared.

Using user and entity behavior analytics (UEBA), Sumo Logic applies statistical models and machine learning to detect anomalies that deviate from established patterns, flagging potentially malicious or risky activities. For example, if a network endpoint suddenly starts transmitting an unusually large amount of data or a user accesses systems during a key esports event from unfamiliar or unexpected locations, Sumo Logic can identify these actions as outliers based on the historical baseline.

In contrast to legacy SIEM solutions, which require tens or even hundreds of lines of query language in order to craft advanced UEBA detections, Cloud SIEM Outlier and First Seen rules can be crafted and prototyped in minutes, with the model being used to built baselines fully configurable by security engineers and analysts.

Spike in data transferred outbound by user

These actionable insights empower security teams to swiftly respond to potential threats, reducing the time to detect and remediate incidents. By focusing on behavioral analytics, Sumo Logic not only enhances the detection of known threat vectors but also provides robust capabilities to uncover novel or sophisticated attacks, thereby strengthening the organization's overall security posture. We don’t play around when it comes to security posture.

Download our infographic to learn more about how we keep your digital playgrounds reliable and secure.

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Sumo Logic cloud-native SaaS analytics

Build, run, and secure modern applications and cloud infrastructures.

Start free trial
Chas Clawson

Chas Clawson

Field CTO, Security

As a technologist interested in disruptive cloud technologies, Chas joined Sumo Logic's Cyber Security team with over 15 years in the field, consulting with many federal agencies on how to secure modern workloads. In the federal space, he spent time as an architect designing the Department of Commerce ESOC SIEM solution. He also worked at the NSA as a civilian conducting Red Team assessments and within the office of compliance and policy. Commercially, he has worked with MSSP practices and security consulting services for various fortune 500 companies. Chas also enjoys teaching Networking & Cyber Security courses as a Professor at the University of Maryland Global College.

More posts by Chas Clawson.

People who read this also enjoyed