

Sumo Logic Security and Trellix Helix Connect compete in the security solutions category. Trellix Helix Connect has the upper hand with its more robust features, which justify its higher cost.
Features: Sumo Logic Security provides useful out-of-the-box applications, customizable alerts, and diverse log source integration. Trellix Helix Connect excels with its AI-powered XDR platform, over 400 connectors for integration, and advanced automation capabilities.
Room for Improvement: Sumo Logic Security can enhance dashboard usability, predefined log patterns, and the subscription process. Trellix Helix Connect could improve its pricing, third-party tool integration, and dashboard functionality.
Ease of Deployment and Customer Service: Sumo Logic supports public and hybrid cloud deployments with quick technical support. Trellix Helix Connect offers deployment flexibility but sees mixed customer service satisfaction.
Pricing and ROI: Sumo Logic Security is seen as cost-effective compared to alternatives like ELK Stack. Trellix Helix Connect, while expensive, maintains transparent pricing without hidden costs, attracting larger organizations.
We have saved 64 hours of our time overall.
The return on investment I have seen with Sumo Logic Security in the past year and a half is tough to quantify, but I would estimate it has hit the milestones we set internally for return on investment.
Before Trellix Helix Connect, we were doing everything manually, but after that, it has become automatic, allowing us to save about 40 to 45% time and reduce operational inefficiencies.
We have seen a return on investment with Trellix Helix Connect, and we can share relevant metrics as we reduce the MTTD and MTTR and have KPIs indicating our ROI.
From an analyst's perspective, it has required fewer L2 operators since we already have a broader view of what is happening with the endpoint machines.
They have a response time of forty-eight hours, which is not instant support.
In general, they usually provide continuous support post-implementation, being in touch and trying to help, which makes their after-sale process better than Splunk.
Sumo Logic Security has really good customer support.
I assess the effectiveness of Trellix Helix Connect's threat detection capabilities as robust, making it more powerful than Trend Micro and other solutions like CrowdStrike.
My experience with the support team was very good; they were cooperative and demonstrated good knowledge of how things worked.
We often wait for weeks to get a response from the engineering team due to a long relay process from customer representatives to the engineering team and then back to us.
Sumo Logic Security scales up automatically because it is a cloud-native SIEM, and I do not need to worry about hardware clusters or capacity planning.
The tool has high scalability because everything is based in the cloud.
I did not face any significant issues with Sumo Logic Security, but the pricing may be a concern as they try to upsell and raise the prices very quickly.
We support the largest companies in the world and can cater to large environments.
Trellix Helix Connect's scalability is excellent as the solution has a library to make integrations with other brands.
The platform has scaled well as our environment and log volume have grown.
If there are many records, the system may stop or the UI may become unresponsive.
The query language is pretty straightforward and easy, and it is very powerful for building different searches and dashboards that will serve for later exploration of the same interests I have.
It operates very well as a cloud-native SaaS platform with high availability, and there is no downtime that I have experienced.
The availability is high, which is critical for our customers who rely on a single panel of glass to operate.
Trellix Helix Connect is very stable, and I have experienced almost no downtime or issues.
Trellix Helix Connect has stability issues as it experienced downtimes during off-hours that affected our night shifts and late hours.
This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations.
I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS.
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk.
The GUI and dashboard feel very old-school and legacy, needing improvement, as all competitors have far superior GUIs and UI/UX interfaces.
We have just released the solutions to the market recently, making it a revolution in the cybersecurity sector.
The usability of hyperautomation is something to improve in the solution because it is expensive regarding the needed improvements.
This makes it more cost-effective because other solutions often include a third element in their pricing.
From one to ten, where one is cheap and ten is expensive, I would put Sumo Logic Security at a seven.
If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to find them costly since they are well-known and they have much more integration compared to Sumo Logic Security.
We mainly chose this solution because of the pricing factor alone; many other options were more lucrative feature-wise, but for pricing, it was quite competitive at the time.
It is not the cheapest, but also not the most expensive solution.
We do not face much performance issues; for pricing, it was close to other competitors.
The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.
They are able to save time on fewer alerts because we are able to perform tuning on the logs to be able to only get relevant or security relevant incidents.
My SOC analysts were crushed under Splunk, but Sumo has actually eased the workload and made it tolerable for three people.
Trellix Helix, as an AI XDR platform, helps our organization by offering an extensive number of connectors for integration, enabling us to consolidate all information in a single dashboard.
Trellix Helix Connect easily integrates with Office 365 and also integrates well with FortiGate, Palo Alto, and Barracuda, especially within AWS environments.
Valuable threat intelligence is crucial for us because it offers advanced threat intelligence as a valuable feature, allowing us to prioritize alerts quickly and efficiently.
| Product | Mindshare (%) |
|---|---|
| Trellix Helix Connect | 1.3% |
| Sumo Logic Security | 1.6% |
| Other | 97.1% |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 4 |
| Large Enterprise | 16 |
| Company Size | Count |
|---|---|
| Small Business | 11 |
| Midsize Enterprise | 2 |
| Large Enterprise | 14 |
Sumo Logic Security offers efficient event monitoring with customizable alerts, centralized log search, and real-time threat detection. It supports multi-cloud environments and integrates with threat intelligence, reducing workload with AI-driven analytics.
Sumo Logic Security empowers organizations with advanced logging and monitoring solutions, facilitating comprehensive security event management. Its robust log search and comparison features, combined with user-friendly dashboards, enable quick event analysis. The platform's multi-cloud support and real-time threat detection are notable features, seamlessly integrating automated log correlation and AI analytics to optimize user experience. Despite needing enhancements in querying and dashboard functionalities, Sumo Logic Security remains a reliable choice for application log management, IT asset visibility, and incident alerting. Organizations utilize it for threat detection, posture monitoring, and compliance audits, in platforms like AWS, focusing on security insights and performance monitoring.
What are the key features of Sumo Logic Security?Organizations in industries like finance and technology implement Sumo Logic Security to maintain security and compliance, leveraging its advanced monitoring and alerting capabilities. Teams focus on application troubleshooting and forensic analysis, ensuring robust security posture and effective incident response across cloud-based environments.
Trellix Helix Connect leverages automation with playbooks and AI, enhancing incident management, data correlation, and reducing response times while easing integration and improving threat visibility.
Trellix Helix Connect transforms cyber operations with automated workflows, cutting response times and decreasing analyst fatigue. Its ability to integrate seamlessly with existing infrastructures improves incident handling through advanced AI and data correlation techniques. Quick to implement, it enhances threat visibility, enabling faster incident triage, alert correlation, and threat intelligence integration. While the platform excels in these areas, users have noted areas for enhancement, such as integration with third-party tools, better dashboard functionalities, and reduced false positives. Despite concerns over licensing costs and connectivity issues, Trellix Helix Connect remains a valuable asset for centralized security event management and response automation.
What are the key features of Trellix Helix Connect?Organizations rely on Trellix Helix Connect for centralized correlation and security event management, integrating it with existing tools for streamlined alert management and enhanced cybersecurity measures. It supports tasks like phishing detection, data protection, and endpoint security, essential in industries facing persistent network threats, including managing logs, detecting malware, and automating responses, reducing investigation times and improving notification efficiency.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.