Sumo Logic Security Reviews

Name: Sumo Logic Security
Brand: Sumo Logic
Rating: 4.1 (24 reviews)

Vendor: Sumo Logic

4.1 out of 5

24 reviews
92% willing to recommend

Leave a review

What is Sumo Logic Security?

Sumo Logic

Get the Sumo Logic Security Buyer's Guide and find out what your peers are saying about Sumo Logic Security, CrowdStrike Falcon, Wazuh and more!

Sumo Logic Security is the #13 ranked solution in SOAR tools, #18 ranked solution in top Security Information and Event Management (SIEM) solutions, and #21 ranked solution in Log Management Software. PeerSpot users give Sumo Logic Security an average rating of 8.2 out of 10. Sumo Logic Security is most commonly compared to CrowdStrike Falcon: Sumo Logic Security vs CrowdStrike Falcon. Sumo Logic Security is popular among the large enterprise segment, accounting for 46% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 12% of all views.

Helped 883,546 peers since 2012

Featured Sumo Logic Security reviews

Migell Roberts

Senior Security Analyst at City Electric Supply Company

To improve Sumo Logic Security, I would appreciate the tool being easier to use from a search perspective. For example, we have a few teams that want to use the tool itself, but they are not as savvy when it comes to creating searches from the core platform. I understand that Mobot has come out and is in the works, and it really does assist non-savvy users when it comes to querying the platform. As far as that is concerned, I wish that could be improved a bit more, but I do know that that is in the works. I would add that I wish for improved documentation. For example, we are using Sumo Playbooks and automation integrations along with that, but I have found that there has been a lack of documentation, very little to none at all when it comes to that. With regards to automation integrations as well, there are very few details included in them. I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS. I chose eight out of ten because to make it a nine or ten, I would lean heavily on the documentation. A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking. There are instances also where some security best practices are not being followed. So, if we are able to set up an integration that is not only secure, following security best practices, and has complete documentation, I believe it would alleviate the issue of having to go back and forth with support to check the documentation and things of that nature. My impression of the built-in threat intelligence feature in Sumo Logic Security is that it is comprehensive, but I would say that it could do a little bit better. For example, we have the TAXI feeds, which is STIX and TAXI integrated into the core platform, but the issue I am running into is that I am able to use that feed into a CSE alert; however, I am not able to see the contents of that feed. If I integrate CISA, which we do have integrated, I cannot see what IOCs are in that feed in the core platform, and I hope that is the case because, in order for us to better tune our alerts, we need to be able to see what is in the contents of that threat intelligence feed.

Read full review

Pavan Pavan

Security Engineer at a tech vendor with 11-50 employees

If I want to mention anything related to Sumo Logic Security, I would say that with the current AI situation, AI enrichments should be very well integrated. I saw something in insights that it is doing something around 14 days of correlation, but I would prefer something around seven days would be better. Sometimes we see alerts coming from a different time frame. In some places, correlation could be much better in Sumo Logic. There is a scenario where we see five to six employees from the company log in from the same IP address, which is a shared IP address. Maybe one employee has login failures, perhaps because they forgot their password. In this situation, Sumo Logic gives us an alert saying that a brute-force alert was detected or a credential compromise was detected, stating that five people have successful logins and one user has a bad password. This is not practically correct detection. They should be doing some kind of better analysis, such as a historical analysis of this IP, to make it clear that this IP is a shared IP, so the logins that happened for all other users are normal. Sumo Logic has the capability as a modern SOC to include behavior correlation or attack chain visibility, which would be a great addition to reduce false positives. Good dashboards with AI capabilities would also be more helpful. Since our product is also AI-based, something where they can focus more on AI with the possibility of detection engineering, writing custom correlation rules, and tuning detections to make more valid true positives would be beneficial. I have experienced some situations where false positives occurred. There can be more improvement in MITRE ATT&CK mapping, especially, as it helps us measure coverage gaps and where we are positioned. Beyond that, SOAR capabilities with automation focus should include more enrichments into the detection part and provide higher levels of true positives overall. When I compare Sumo Logic Security with other solutions like Splunk, Azure Sentinel, or Sentinel One, these are improvements I would expect to see. Automation should be improved further. As we move to AI SOC, there is talk of automated multi-step response workflows where playbooks should be enriched for logs of different activities based on IP, user, user agent, or other fields. More advanced playbook-based correlation should be coming up with a set of rules that can help detect real true positives. Rich incident response playbooks and better integrations with ticketing tools would be beneficial so that we can take quick actions if a breach has been identified. Advanced attack path visualizations would be helpful. Creating a good attack graph showing when something has been detected, how quickly it has been investigated, what the timeline of all these activities was, and including entities such as user, host, network, cloud, or indicators of compromise would be valuable. Built-in threat group playbooks would be very helpful, whether for ransomware, account compromise, or data exfiltration. AI-driven threat insights at the automated flow of investigation would be more helpful. Sumo Logic Security is very good at role-based access controls, and we were able to manage that very well without any issues. Advanced attack path visualizations and built-in threat group playbooks for ransomware, account compromise, or data exfiltration scenarios would enhance the platform significantly.

Read full review

Frank Krieger

CISO at Mambu

Sumo Logic Security offers excellent features including ease of use. I came from a competing product, Splunk, and I was able to recycle a lot of the knowledge from that tool into Sumo because the logic was very similar. Beyond the ease of use, the consumption model of Sumo Logic Security is also easy to understand, which was helpful. The build-out with Sumo was very good, as they spent a lot of time ensuring that we were sized correctly for the product, and the follow-ups were good. Sumo Logic Security has really good customer support. The capabilities of Sumo Logic Security in providing security visibility across multi-cloud and hybrid environments are very good, particularly because Mambu is still a multi-cloud vendor, and the product worked extremely well in that scenario. Regarding the automated TDRI workflows in Sumo Logic Security, they are excellent. I would put them at the top because they are truly useful and actually work as advertised. My experience with Sumo Logic Security has been good. My SOC analysts were crushed under Splunk, but Sumo has actually eased the workload and made it tolerable for three people. The improvements or benefits I have seen from Sumo Logic Security relate to alerts. We were buried under alerts and Sumo actually helped us clean that up. The number one value is being able to action things in a proper time frame.

Read full review

Sumo Logic Security mindshare

Product category:

As of March 2026, the mindshare of Sumo Logic Security in the Security Information and Event Management (SIEM) category stands at 1.7%, up from 0.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Mindshare Distribution
Product	Mindshare (%)
Sumo Logic Security	1.7%
Splunk Enterprise Security	7.2%
Wazuh	5.8%
Other	85.3%

Security Information and Event Management (SIEM)

PeerResearch reports based on Sumo Logic Security reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Mar 6, 2026	Download
Product	Reviews, tips, and advice from real users	Mar 6, 2026	Download
Comparison	Sumo Logic Security vs Splunk Enterprise Security	Mar 6, 2026	Download
Comparison	Sumo Logic Security vs Wazuh	Mar 6, 2026	Download
Comparison	Sumo Logic Security vs IBM Security QRadar	Mar 6, 2026	Download

Valuable Features

Valuable features of Sumo Logic Security include out-of-the-box applications, Threat Intelligence integration for security monitoring, real-time observability, ease of use, stable and scalable architecture, cost-effective pricing model, diverse log source support, and automated log event correlation. It offers an intuitive interface, advanced search capabilities, customizable dashboards, and strong integration with third-party tools, enhancing overall security visibility.

"As a cloud-native SIEM, it scales up very well automatically, and real-time threat detection is available, so detection time has dropped significantly from three to four hours to under 30 minutes, reducing alert fatigue by over 100 days of low-volume alerts and significantly improving our KPIs, alert efficiency, decision quality, and operational stability."
"My SOC analysts were crushed under Splunk, but Sumo has actually eased the workload and made it tolerable for three people."
"Sumo Logic Security has positively impacted my organization by increasing engagement with different teams."

Room for Improvement

Sumo Logic Security requires enhancements in its dashboard and user interface. The system's complexity and integration with other platforms need refinement. There's a demand for better alerting mechanisms, seamless API integration, and improved scalability. Documentation and support should be more robust. Pricing concerns and data retention issues are notable. Users also seek enhanced automation features, advanced attack path visualizations, and better threat intelligence capabilities for improved user experience and operational efficiency.

"I have experienced some situations where false positives occurred."
"A more transparent roadmap as to what Sumo Logic Security is trying to achieve would be beneficial. Sumo often gives information in three-month cycles, which makes it hard for planning purposes."
"A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking."

ROI

Organizations have experienced improvements in operational processes with Sumo Logic Security. One company has reduced analyst needs and investigation time significantly, saving 64 hours. They consistently monitor ROI, deeming it adequate. Some find the ROI difficult to quantify but feel it meets internal milestones. Others have reduced website downtime through effective troubleshooting. While some companies haven't calculated exact figures, many see time savings and efficiency improvements without needing extensive system access.

Pricing

Many enterprise users find Sumo Logic Security's pricing reasonable, especially compared to competitors like Splunk and QRadar, though some note it can be costly. The pricing model, based on data storage and number of scans, offers flexibility and convenience through AWS Marketplace integration. While the price is higher than open-source alternatives like ELK Stack, users appreciate the balance between cost and functionality, aligning with their needs for comprehensive security features.

"Storing logs in Sumo Logic Security is charged GB-wise, which is a little higher than other products."
"The product is costly."
"The license pricing model is based on the events that are processed through the solution."

Popular Use Cases

Enterprises primarily utilize Sumo Logic Security for monitoring, alerting, and logging purposes. They log operational and security events, track application errors, perform security posture monitoring in AWS, and use it as a SIEM platform for threat detection and analysis. The system supports alert creation, enrichment automation, and integration with various IT assets. Firms benefit from its ability to consolidate logs, generate insights, and facilitate troubleshooting across cloud environments.

Service and Support

Sumo Logic Security provides strong customer service and support with responsive and helpful technical teams. While most feedback is positive, some users report delays in response times. Support includes documentation, tutorials, and training, enhancing user independence. Several clients appreciate having dedicated account managers and success teams ensuring ongoing assistance. Premium support options offer faster resolutions. Satisfaction levels vary, with ratings typically between seven and nine out of ten for their assistance.

Deployment

Initial setup of Sumo Logic Security is straightforward, with easy integration into AWS, often described as stress-free once familiarized. Automation facilitated seamless deployment for some, while others relied on vendor assistance. Teams mentioned simplicity in configuration, aided by accessible documentation. Deployment time varied based on logs and sources. Some compared it favorably against other security tools, despite initial complexities. Common integrations included AWS and New Relic, indicating adaptability and user-friendliness.

Scalability

Sumo Logic Security is highly scalable, efficiently handling various data volumes and growing alongside businesses. It supports cloud-native operations without infrastructure concerns, accommodating diverse user bases and environments. Users rate its scalability positively, often highlighting its capacity to scale automatically with business expansion. There are no significant issues reported, aside from cost considerations. Its flexibility is praised, with seamless log ingestion and consistent performance across numerous servers and applications.

Stability

Sumo Logic Security is highly reliable, handling high stress levels without problems. Users report that it is stable with few outages or degradations, some minor issues like logs fetching and UI responsiveness exist. Three thousand to four thousand servers send information across different environments seamlessly. It effectively manages large volumes of logs without failures, requiring no hardware or patch management. Users consistently rate stability between seven and ten out of ten.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Sumo Logic Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	5
Large Enterprise	10

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	138
Midsize Enterprise	54
Large Enterprise	166

By visitors reading reviews

Top industries

By visitors reading reviews

Manufacturing Company

12%

Computer Software Company

Financial Services Firm

Outsourcing Company

Retailer

Educational Organization

Comms Service Provider

Energy/Utilities Company

University

Performing Arts

Insurance Company

Transportation Company

Wholesaler/Distributor

Real Estate/Law Firm

Construction Company

Marketing Services Firm

Government

Media Company

Healthcare Company

Consumer Goods Company

Pharma/Biotech Company

Logistics Company

Non Profit

Leisure / Travel Company

Recruiting/Hr Firm

Legal Firm

Recreational Facilities/Services Company

Museum Or Institution

Hospitality Company

Compare Sumo Logic Security with alternative products

Learn more about Sumo Logic Security

Sumo Logic is a cloud-based machine data analytics company focusing on security, operations, and BI use cases. It provides log management and analytics services that leverage machine-generated big data to deliver real-time IT insights.

Sumo Logic is developed as a SaaS solution, it processes and analyzes large quantities of IT infrastructure data, spotting patterns and anomalies that can indicate a potential threat or significant event.

The platform is designed to help IT, security, and business operations teams develop, manage, and secure their applications and cloud infrastructures. It collects, aggregates, and analyzes data from various sources including servers, virtual machines, and network devices, providing visibility into complex systems.

What are the key features of Sumo Logic?

Real-time Analytics: Continuous queries and live dashboards that provide insights into application performance, user behavior, and security threats.
Advanced Machine Learning: Utilizes machine learning algorithms to identify trends, anomalies, and patterns.
Integrated Threat Intelligence: Tools and workflows to enhance security postures by detecting threats and anomalies.
Multi-tenant Cloud Service: Allows users to operate in a shared cloud environment securely.

The solution aims to simplify data complexity, streamline operations, and provide actionable insights to businesses across various industries.

Sumo Logic is designed to handle high data volumes from multiple sources without diminishing performance. It is primarily deployed in the cloud with seamless integrations for AWS, Google Cloud, and Microsoft Azure. This flexibility allows users to leverage Sumo Logic’s capabilities regardless of their existing cloud infrastructure.

In summary, Sumo Logic is a comprehensive, AI-driven analytics solution ideal for businesses looking to enhance their IT and security operations through data-driven insights and real-time monitoring. Its flexible deployment options and scalable pricing model make it accessible for various business sizes and sectors.

Julia Miller

Community Director at PeerSpot

Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries

What Solution for SIEM is Best To Be NIST 800-171 Compliant?

When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?

What are the main differences between Nessus and Arcsight?

What's The Best Way to Trial SIEM Solutions?

Which is the best SIEM solution for a government organization?

What is the difference between IT event correlation and aggregation?

What Is SIEM Used For?

RSA-EMC vs. other SIEM products?

What Questions Should I Ask Before Buying SIEM?

What are the pros and cons of internal SOC vs SOC-as-a-Service?

Product Categories

Security Information and Event Management (SIEM)

Log Management

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

CrowdStrike Falcon vs Sumo Logic Security

Wazuh vs Sumo Logic Security

Datadog vs Sumo Logic Security

Splunk Enterprise Security vs Sumo Logic Security

Microsoft Sentinel vs Sumo Logic Security

IBM Security QRadar vs Sumo Logic Security

Elastic Security vs Sumo Logic Security

Grafana Loki vs Sumo Logic Security

AWS Security Hub vs Sumo Logic Security

Cortex XSIAM vs Sumo Logic Security

Palo Alto Networks Cortex XSOAR vs Sumo Logic Security

LogRhythm SIEM vs Sumo Logic Security

Rapid7 InsightIDR vs Sumo Logic Security

Amazon OpenSearch Service vs Sumo Logic Security

Fortinet FortiSIEM vs Sumo Logic Security

See all alternatives

Sumo Logic Security Reviews Summary
Author info	Rating	Review Summary
Senior Security Analyst at City Electric Supply Company	4.0	I've found Sumo Logic Security useful for alert insights, enrichments, and automation, though better documentation, improved search usability, and more robust AI tuning would enhance it; overall, it's effective and has improved team collaboration and incident response.
Security Engineer at a tech vendor with 11-50 employees	4.0	I’ve used Sumo Logic Security for four years as a cloud-native SIEM with strong correlation, UEBA, dashboards, and workflows that cut MTTD from 3–4 hours to under 30 minutes and reduced alert fatigue. I want better AI, fewer false positives, and richer SOAR/visualizations.
CISO at Mambu	4.0	I’ve used Sumo Logic Security for 18 months and found it easy to adopt after Splunk, with strong support, stability, and multi-cloud visibility. It reduced alert noise and saved about three FTEs, though the roadmap needs more transparency.
CSO at Altera	3.5	I've found Sumo Logic Security easy to implement with great connector support, but its risk-based alerting lacks context. It’s a solid, average tool—good for quick deployment, though not as customizable or in-depth as alternatives like Splunk.
Deputy Country Manager at PT Securite Asia Indonesia (ABP Securite)	4.0	I find Sumo Logic Security valuable for its customizable, cost-effective dashboard focused on data storage and scan volume. However, the lack of a local data center is a barrier for government clients needing in-country data retention.
SOC Analyst at a computer software company with 1,001-5,000 employees	3.0	I primarily use Sumo Logic as a Cloud SIEM for alert and insight monitoring, valuing its Log Analytics platform for retrieving logs not available in other tools. However, its correlation rules, log mapping, and support response time need improvement.
DevOps and Solution Architect at a recruiting/HR firm with 10,001+ employees	4.5	I use Sumo Logic Security to store and monitor application and VPC flow logs, which makes it easy to search logs and identify issues like application 500 errors. However, the solution is expensive, making pricing a potential area for improvement.
Senior Information Security Analyst at Everbridge	3.5	We use Sumo Logic as a log aggregator for AWS environments, leveraging its automation and integrations with tools like CrowdStrike. However, we find its query complexity, UI, scalability, and stability lacking, and have faced challenges with collector connections.

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	3.1%	97%	137 interviews Add to research
Wazuh	3.7	5.8%	81%	50 interviews Add to research

Sumo Logic Security Reviews

What is Sumo Logic Security?

Featured Sumo Logic Security reviews

Sumo Logic Security mindshare

PeerResearch reports based on Sumo Logic Security reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Sumo Logic Security with alternative products

Learn more about Sumo Logic Security

Related articles

Related questions

Product Categories

Popular Comparisons