We performed a comparison between ArcSight Intelligence and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The UI-based analytics are excellent."
"Free ingestion for Azure logs (with E5 licence)"
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The platform helps us improve threat detection capabilities."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The product has a valuable interface."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"It helps a lot because we can troubleshoot issues pretty easily."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"Technical support is always great."
"We can integrate threat intelligence solutions into the product."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"The solution is quite stable."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"ArcSight Intelligence's pricing needs improvement."
"The dashboard is not user-friendly and is in black and white."
"We haven't found the product fully scalable."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"Sumo Logic needs to make sure integrating solutions are seamless."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
"There are some API gaps that are missing."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
ArcSight Intelligence is ranked 31st in Security Information and Event Management (SIEM) with 5 reviews while Sumo Logic Security is ranked 20th in Security Information and Event Management (SIEM) with 18 reviews. ArcSight Intelligence is rated 8.0, while Sumo Logic Security is rated 8.6. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM), Exabeam Fusion SIEM and Splunk User Behavior Analytics, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and IBM Security QRadar. See our ArcSight Intelligence vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
