We use Sumo Logic Security for logging purposes. We store and monitor application logs and VPC flow logs in the solution.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
We use Sumo Logic Security for logging purposes. We store and monitor application logs and VPC flow logs in the solution.
Sumo Logic Security is a good solution for searching the logs and identifying the issues. Sumo Logic Security searches the logs to identify issues easily. Suppose we got an issue related to the application 500 error. We store the application logs in Sumo Logic Security. We can easily search those logs to identify where exactly we are facing the application 500 error.
Sumo Logic Security is expensive, and its pricing could be improved.
I rate Sumo Logic Security a nine out of ten for stability.
Around ten users are using the solution in our organization.
I rate the solution an eight to nine out of ten for scalability.
We have two options for technical support. If we take the enterprise support, we get a reply within one or two hours. If you don't have enterprise support, you will get a reply in around one day or 12 hours, based on their availability.
The implementation process of the solution was good and not very difficult. You can easily integrate Sumo Logic Security with AWS or Kubernetes. Even new users who are aware of AWS can follow the documentation and easily deploy the solution.
The solution’s deployment doesn’t take more than 15 minutes for a knowledgeable person.
Storing logs in Sumo Logic Security is charged GB-wise, which is a little higher than other products.
We are mainly concentrating on networking. We use VPC products and application logs to monitor the genuineness of users who have logged in. We also store and monitor GuardDuty logs to see if someone is trying to access the same server multiple times. We are storing and monitoring WAF logs and GuardDuty logs. If someone faces any issues, we'll receive an email and take action based on it.
If someone tries to access one of the applications from a different country, we can search in Google and identify the location of that particular IP address. Sumo Logic Security identifies whether a particular IP address is low, medium, or high risk without the help of Google.
We can store logs in CloudWatch, but it is very difficult to search them in CloudWatch. We should know the query in order to do that. Searching for logs with Sumo Logic Security is very easy compared to CloudWatch. We have been using the solution for more than two years and haven't faced any issues with the solution's availability. I would recommend the solution to other users.
I would recommend Sumo Logic Security instead of AWS, CloudWatch, or CloudTrail. With Sumo Logic Security, you can capture and see all the logs in a single place. If some issues occur, you can log into the solution and verify all the logs. At an organizational level, we have multiple AWS accounts for different environments. Instead of logging in to all the AWS accounts, you can log in to Sumo Logic Security and verify everything.
Overall, I rate the solution a nine out of ten.
The product is a log aggregator of all the logs from all our environments, including AWS. Our infrastructure is deployed on AWS. We ship all logs to Sumo Logic. Based on the logs, we create alerts. These alerts are sent to an email ID, which creates tickets.
The solution is automated. It has a good number of extensions like CrowdStrike and AWS extensions. It is very useful. We can integrate threat intelligence solutions into the product.
The query of Sumo Logic is complex. It should be improved. The solution should improve its UI. FireEye, Splunk, and LogRhythm provide proper UIs. The solution should improve its scalability and stability.
Connecting the collector with Sumo is difficult if a collector or device is down. We have faced multiple challenges like this, and we are still facing these challenges. We recently raised a ticket to Sumo Logic to investigate the issue.
I have been using the solution for one and a half years. I am using the latest version of the solution.
I rate the tool’s stability a seven out of ten.
I rate the tool’s scalability a seven out of ten. In my current organization, there are around 18 people who have access to the product, including the security team. Apart from these, 30 people from different teams have access to the tool but do not have full admin access.
The support team is very cooperative. As soon as the team receives our tickets, a support person is assigned to us. They reach out to us and try to solve the problem.
Positive
The installation of the devices was good. The product is deployed on the cloud.
The product is costly. At the same cost, we can get other tools with better features and capabilities.
First-time users must decide how they want to use the tool. The product is very good as a log aggregator. If we want to use the solution as a SIEM console, it will not be that useful because it does not have the features a SIEM tool would have. It does not have analyzing or threat intel features. The product does provide the option of using extensions, but it does not have its own threat intel feature. Overall, I rate the solution a seven out of ten.