

Sumo Logic Security and Anomali are competitors in cybersecurity, each with distinct features. Sumo Logic Security stands out due to its advanced analytics and comprehensive feature set, giving it the upper hand, whereas Anomali offers superior threat intelligence value.
Features: Sumo Logic Security provides real-time analytics, scalability, and a robust platform for extensive analytics capabilities. Anomali is known for its effective threat detection and seamless integration with third-party systems alongside outstanding threat intelligence delivery.
Room for Improvement: Sumo Logic Security could enhance its threat intelligence offerings, simplify log management, and improve third-party integration breadth. Anomali may benefit from streamlining its setup process, expanding log aggregation features, and enhancing user interface complexity.
Ease of Deployment and Customer Service: Sumo Logic Security benefits from a cloud-native deployment model, allowing smooth setup and management, and it receives positive customer service feedback. Anomali, while also cloud-based, may require longer integration times due to complex configurations and has more intensive setup processes.
Pricing and ROI: Sumo Logic Security offers a competitive pricing structure, balancing cost with its broad features. Anomali’s pricing might be higher initially but presents strong ROI with specialized threat intelligence features, offering a different cost-value balance.
Analyst productivity has improved significantly, with hours saved because of automation and AI-driven work that Anomali performs.
Anomali provides us with a very cost-effective value compared to the market, and I would rate it ten out of ten for return on investment metrics.
There is a return on investment concerning time and effort saved by 40% after implementing Anomali.
We have saved 64 hours of our time overall.
The return on investment I have seen with Sumo Logic Security in the past year and a half is tough to quantify, but I would estimate it has hit the milestones we set internally for return on investment.
They have strong onboarding and deployment assistance, provide a dedicated technical account manager for large customers, and engage in regular product updates and customer interaction.
The technical support at Anomali is excellent.
It doesn't seem very professional how they're handling support anymore.
They have a response time of forty-eight hours, which is not instant support.
In general, they usually provide continuous support post-implementation, being in touch and trying to help, which makes their after-sale process better than Splunk.
Sumo Logic Security has really good customer support.
The scalability is massive, allowing us to store millions of indicators.
I believe Anomali's scalability is good; whether it is an organization for ten people or one hundred thousand people, the job a threat intel platform has to do will be the same.
Anomali's scalability is impressive as a mature platform capable of processing large amounts of threat intelligence and indicators of compromise data.
Sumo Logic Security scales up automatically because it is a cloud-native SIEM, and I do not need to worry about hardware clusters or capacity planning.
The tool has high scalability because everything is based in the cloud.
I did not face any significant issues with Sumo Logic Security, but the pricing may be a concern as they try to upsell and raise the prices very quickly.
From a reliability perspective, Anomali consistently injects threat feeds, works on automation, performs reliable API integrations, and supports enterprise scale globally.
For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.
The good thing is that they have a health check page, and if any issues arise, they notify us.
If there are many records, the system may stop or the UI may become unresponsive.
The query language is pretty straightforward and easy, and it is very powerful for building different searches and dashboards that will serve for later exploration of the same interests I have.
It operates very well as a cloud-native SaaS platform with high availability, and there is no downtime that I have experienced.
Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves.
Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials.
Anomali's ability to correlate and integrate different Threat Intel platforms, such as Mandiant and PolySwarm, is another valuable feature, removing duplicacy and enabling the application of specific IOCs across various security controls.
This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations.
I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS.
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk.
Pricing and licensing are good, but the costs for purchasing threat feeds are somewhat complicated and a bit on the higher side.
My experience with Anomali's pricing is that it is higher compared to other open-source alternatives.
My experience with pricing, setup cost, and licensing is that there are not many follow-ups, but once we interacted with the product team or the leadership of Anomali, they managed a lot with us, and it all paid off to reach a conclusion that we would continue with this product.
This makes it more cost-effective because other solutions often include a third element in their pricing.
From one to ten, where one is cheap and ten is expensive, I would put Sumo Logic Security at a seven.
If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to find them costly since they are well-known and they have much more integration compared to Sumo Logic Security.
Regarding integration, Anomali has capabilities to integrate with different downstream applications such as Palo Alto, allowing us to create playbooks to block domains, URLs, or IPs directly within the firewall.
Correlating IOCs with the telemetry data we are ingesting from our data sources allows us to pull monthly reports identifying how many assets and users interacted with malicious content, giving insight into whether communications failed or users accessed restricted content, providing complete visibility of the IOCs traveling throughout our environment.
It aggregates intelligence from hundreds of sources, automatically de-duplicates, applies risk scoring, applies context, and reduces much manual effort.
The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.
They are able to save time on fewer alerts because we are able to perform tuning on the logs to be able to only get relevant or security relevant incidents.
My SOC analysts were crushed under Splunk, but Sumo has actually eased the workload and made it tolerable for three people.
| Product | Mindshare (%) |
|---|---|
| Anomali | 1.4% |
| Sumo Logic Security | 1.6% |
| Other | 97.0% |

| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 1 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 4 |
| Large Enterprise | 16 |
Anomali delivers user-friendly cyber threat intelligence, offering concise insights with robust capabilities for evolving scenarios.
Anomali offers a powerful platform for cyber threat intelligence, allowing organizations to efficiently stream and analyze threat feeds. It excels in threat modeling, prioritizing intelligence, and supporting large-scale automation through its API, fostering a proactive security approach.
What are Anomali's Key Features?Anomali serves as a crucial tool for threat intelligence in industries ranging from finance to healthcare. Organizations stream threat feeds into Anomali to correlate and aggregate data, enhancing security measures and facilitating thorough threat investigations. Its adaptability makes it suitable across different sectors.
Sumo Logic Security offers efficient event monitoring with customizable alerts, centralized log search, and real-time threat detection. It supports multi-cloud environments and integrates with threat intelligence, reducing workload with AI-driven analytics.
Sumo Logic Security empowers organizations with advanced logging and monitoring solutions, facilitating comprehensive security event management. Its robust log search and comparison features, combined with user-friendly dashboards, enable quick event analysis. The platform's multi-cloud support and real-time threat detection are notable features, seamlessly integrating automated log correlation and AI analytics to optimize user experience. Despite needing enhancements in querying and dashboard functionalities, Sumo Logic Security remains a reliable choice for application log management, IT asset visibility, and incident alerting. Organizations utilize it for threat detection, posture monitoring, and compliance audits, in platforms like AWS, focusing on security insights and performance monitoring.
What are the key features of Sumo Logic Security?Organizations in industries like finance and technology implement Sumo Logic Security to maintain security and compliance, leveraging its advanced monitoring and alerting capabilities. Teams focus on application troubleshooting and forensic analysis, ensuring robust security posture and effective incident response across cloud-based environments.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.