Sumo Logic Security Reviews

My main use case for Sumo Logic Security is relying on it for security insights when it comes to security alerts. This is heavily used by people who are on a weekly on-call rotation to ensure that security incidents from Sumo insights are actioned on and remediated.

A specific example of a security incident where Sumo Logic Security played a key role is when, about a couple of weeks ago, we had an incident where a user was a victim of a click-fix attack. Sumo Logic Security was able to determine that this user had performed some risky activity and also correlated the fact that the URL was associated with that incident. We were able to determine the involved entities, which included the user's device, and we were able to quickly action on it and perform a reset of the user's account in order to begin the remediation process.

In addition to the previous points, I use Sumo Logic Security for a lot of the enrichments when it comes to insights as well. An example of this is when we receive insights regarding a user entity, we are able to use Sumo enrichment automation to get user details including their manager. This is definitely beneficial in an example such as the one I provided earlier where a user was compromised, where we can at least know who the proper chain of command is if that needed to be used in that specific incident.

The best features Sumo Logic Security offers, in my opinion, are the ones that allow you to use dashboards as enrichments. For example, we had a situation where there was a suspected compromise on a specific server, a database server to be exact, and so we linked an enrichment action in the CSE component to then point us to a Qualys dashboard. In this specific case, the suspected server was suspected as being compromised, and we were able to check any available vulnerabilities from the Qualys dashboard itself by using it as an action in Sumo Logic Security.

We are actually using both out-of-the-box and custom rules from Cloud SIEM Enterprise, and it has been really great because we have a variety of ways to create rules based on our needs, such as match rules. What I really do appreciate are the first-seen rules that we can use in a fashion to determine a baseline of normal versus unexpected behavior depending on the entity, and I really do enjoy these.

In terms of threat intelligence, I was able to integrate, as an example, AlienVault, and using their actions, automated integrated actions into playbooks to enrich certain entities such as IPs, domains, URLs, and hashes. It has been very paramount to how we operate due to the fact we can all stay in the same single platform of Sumo Logic Security without having to reach out to different third-party sources, opening up different browsers, essentially saving time on trying to respond to an incident or review an incident. It has been really good in terms of integrating and using the threat intelligence features.

I find Sumo Logic Security's AI-driven analytics effective in reducing analyst workload and response times, and I have seen a difference since using those features. For example, we are using the anomaly-based AI detections in Sumo monitors, and I would say that it has been good, but the reason I say it could be better is the fact that we are seeing a bit of some false positives when it comes to understanding what is typical normal behavior and relying on AI to understand what normal behavior is versus what is unexpected. I found that when using this type of monitor, I do have to do quite a bit of tuning, which I would hope the AI would be a little bit more robust and essentially leave me hands-off when it comes to this.

We also use the dashboard enrichment feature in Sumo Logic Security when alerts pertain to specific entities, and we use it a lot. For example, we will get insights for server entities, and it is easy for us to pivot over to a dashboard when it comes to an enrichment perspective to determine if there are any actual vulnerabilities related to it. Another example is if we have an AWS related entity, we can pivot over using an enrichment action to navigate to one of the AWS dashboards to get some quick information pertaining to the specific entity involved in the insight.

Sumo Logic Security has positively impacted my organization by increasing engagement with different teams. For example, we have the database team being onboarded to Sumo Logic Security regarding their database logs, where they use it to monitor their database when it comes to informational all the way up to critical types of events, and they use it for alerting as well. This is due to the fact that they were not able to find any solution that can provide this type of functionality for them, and they have pivoted to Sumo Logic Security for their needs.

From this increased engagement, we are able to respond faster to incidents. For example, if they are seeing a type of activity that involves a user or an admin that is not supposed to be logging in at a specific time, they do get alerts on that. In addition to that, we are able to save time on fewer alerts because we are able to perform tuning on the logs to be able to only get relevant security-related incidents.

To improve Sumo Logic Security, I would appreciate the tool being easier to use from a search perspective. For example, we have a few teams that want to use the tool itself, but they are not as savvy when it comes to creating searches from the core platform. I understand that Mobot has come out and is in the works, and it really does assist non-savvy users when it comes to querying the platform. As far as that is concerned, I wish that could be improved a bit more, but I do know that that is in the works.

I would add that I wish for improved documentation. For example, we are using Sumo Playbooks and automation integrations along with that, but I have found that there has been a lack of documentation, very little to none at all when it comes to that. With regards to automation integrations as well, there are very few details included in them. I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS.

I chose eight out of ten because to make it a nine or ten, I would lean heavily on the documentation. A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking. There are instances also where some security best practices are not being followed. So, if we are able to set up an integration that is not only secure, following security best practices, and has complete documentation, I believe it would alleviate the issue of having to go back and forth with support to check the documentation and things of that nature.

My impression of the built-in threat intelligence feature in Sumo Logic Security is that it is comprehensive, but I would say that it could do a little bit better. For example, we have the TAXI feeds, which is STIX and TAXI integrated into the core platform, but the issue I am running into is that I am able to use that feed into a CSE alert; however, I am not able to see the contents of that feed. If I integrate CISA, which we do have integrated, I cannot see what IOCs are in that feed in the core platform, and I hope that is the case because, in order for us to better tune our alerts, we need to be able to see what is in the contents of that threat intelligence feed.

I have been using Sumo Logic Security for three years.

My advice to others looking into using Sumo Logic Security is to look at the customer service side of things. The product can be great, but if the customer service side of things fails, I think pretty much the rest follows. I would also advise them to look at the automation features, for which Sumo Logic Security has been pretty great in expanding that realm. I think those are going to be the two main things as we are moving a lot more towards being hands-off with automation and also being able to utilize support and getting timely answers. Those would be the two key factors of looking at or giving advice when it comes to Sumo Logic Security.

I have additional thoughts about Sumo Logic Security in that I do appreciate the product. It can be as vague as you want to or as detailed as you want to when it comes to getting telemetry information from the product itself. That is what I appreciate about Sumo Logic Security. Overall, I am happy with the product, just a few hiccups here and there. I provided a rating of eight out of ten for this review.

The main use case for Sumo Logic Security is as a SIEM platform where our customers prefer it to gather logs from multiple places and have good detections, especially Sumo Logic insights, which is helping us a great deal to detect and correlate logs from different platforms and consolidate them into one insight. It helps for investigation and analysis. The major part is threat detection and threat analysis.

The best features of Sumo Logic Security are automated log and event correlation, which may come from a firewall event, and User Entity Behavior Analytics (UEBA) for detecting impossible travel and unusual access times. Threat intelligence enrichments are good, and the MITRE ATT&CK framework is beneficial. The centralized log search for investigation is better compared to multiple SIEM solutions, where I can query everything in one place. The SEC records feature, something that returns index=sec_records, provides all the logs from different places. Pre-built dashboards and analytics, especially threat trends and the anomalies that return compliance patterns, are valuable. The workflow, including playbooks and workflows, can be triggered when we need to quarantine an endpoint, revoke credentials, or block IPs. Most importantly, it is cloud-native and has elastic scale. As a cloud-native SIEM, it scales up very well automatically, and real-time threat detection is available.

One of the most important things is MTTD, which is faster threat detection that reduced our MTTD, and we were able to detect alerts with multiple detections that used to take hours. Now the correlated alerts surface the real threat very quickly. Detection time has dropped significantly. We used to have MTTD of three to four hours, but now it is under 30 minutes. Automatically, our mean time to response has also increased substantially. Analysts are able to quickly pivot items and make faster decisions, especially without switching between tools. We have all our EDR tools and firewalls integrated to the same platform and viewing everything there. As a SOC, which faces major problems, it reduced the alert fatigue by over 100 days of low volume alerts, which have been made into insights, and this has greatly improved our alert efficiency and decision quality, the way we are able to enrich information. Operation stability has also improved very much. It has significantly impacted our organization, and our KPIs have improved substantially with respect to this.

If I want to mention anything related to Sumo Logic Security, I would say that with the current AI situation, AI enrichments should be very well integrated. I saw something in insights that it is doing something around 14 days of correlation, but I would prefer something around seven days would be better. Sometimes we see alerts coming from a different time frame. In some places, correlation could be much better in Sumo Logic. There is a scenario where we see five to six employees from the company log in from the same IP address, which is a shared IP address. Maybe one employee has login failures, perhaps because they forgot their password. In this situation, Sumo Logic gives us an alert saying that a brute-force alert was detected or a credential compromise was detected, stating that five people have successful logins and one user has a bad password. This is not practically correct detection. They should be doing some kind of better analysis, such as a historical analysis of this IP, to make it clear that this IP is a shared IP, so the logins that happened for all other users are normal. Sumo Logic has the capability as a modern SOC to include behavior correlation or attack chain visibility, which would be a great addition to reduce false positives. Good dashboards with AI capabilities would also be more helpful.

Since our product is also AI-based, something where they can focus more on AI with the possibility of detection engineering, writing custom correlation rules, and tuning detections to make more valid true positives would be beneficial. I have experienced some situations where false positives occurred. There can be more improvement in MITRE ATT&CK mapping, especially, as it helps us measure coverage gaps and where we are positioned. Beyond that, SOAR capabilities with automation focus should include more enrichments into the detection part and provide higher levels of true positives overall. When I compare Sumo Logic Security with other solutions like Splunk, Azure Sentinel, or Sentinel One, these are improvements I would expect to see.

Automation should be improved further. As we move to AI SOC, there is talk of automated multi-step response workflows where playbooks should be enriched for logs of different activities based on IP, user, user agent, or other fields. More advanced playbook-based correlation should be coming up with a set of rules that can help detect real true positives. Rich incident response playbooks and better integrations with ticketing tools would be beneficial so that we can take quick actions if a breach has been identified. Advanced attack path visualizations would be helpful. Creating a good attack graph showing when something has been detected, how quickly it has been investigated, what the timeline of all these activities was, and including entities such as user, host, network, cloud, or indicators of compromise would be valuable. Built-in threat group playbooks would be very helpful, whether for ransomware, account compromise, or data exfiltration. AI-driven threat insights at the automated flow of investigation would be more helpful. Sumo Logic Security is very good at role-based access controls, and we were able to manage that very well without any issues. Advanced attack path visualizations and built-in threat group playbooks for ransomware, account compromise, or data exfiltration scenarios would enhance the platform significantly.

I have been using Sumo Logic Security for the past four years in my previous two organizations.

Sumo Logic Security is stable. It operates very well as a cloud-native SaaS platform with high availability, and there is no downtime that I have experienced. Sometimes we had API integration issues, but the platform scales up automatically without any performance degradation, especially with large volumes of logs without any failures in ingestion. This is something that I have seen be difficult in other places. It does not require any hardware and patch management, which is another good thing for being stable. These are some of the reasons why I would say it is stable.

Sumo Logic Security scales up automatically because it is a cloud-native SIEM, and I do not need to worry about hardware clusters or capacity planning. The platform grows as security data grows. Real-world ingestion limits, cold versus hot data performance, and retention implications on the cost and query performance under high load are all handled very well. It supports business growth, as when the company grows, security analytics also grows with more servers, more users, and more applications, but without infrastructure headaches. Onboarding is something that I need to mention as well. I can ingest identity logs, endpoint detections, or any type of logs without worrying about underlying capacity. I was able to ingest all types of logs with Sumo Logic Security. In other platforms, we faced some challenges with complexities, especially in terms of handling the hardware part as well.

Support for Sumo Logic Security is good. We have had a couple of issues, especially with the technical support team troubleshooting problems, particularly around API integration issues, but they had a faster response time. I would score them around 9 out of 10. Direct support includes documentations, tutorials, and training access along with community forums, which helps us resolve many questions independently without reaching out to them. Where we have faced some challenges, I would say it may be because of region-specific support in India or Europe, as some support times were slower. Some tickets even took two weeks when we were finding issues with email-related matters. Everything else is good because their documentation is very helpful and querying is also very good. They have a limited direct call option for support, but the response is good, and technically they will explain everything we need to do. Premium support is also available. The customer support is very good with them, and the documentation is helping us to fix issues today.

Positive

We used Devo and Splunk before Sumo Logic Security. Due to our organization's budget platforms and other factors, we switched to Sumo Logic to have our SIEM. We used to face challenges before, such as storage clusters and scaling issues, and the detection part was very much worse in other SIEMs. I may not give specific details, but Sumo Logic insights are playing a major role today in our investigation and reporting parts. I have used Splunk, Devo, and even ArcSight.

As I mentioned, we have 100% return on investment very well. I have experienced that we used to have over 100 alerts where we needed eight analysts, but now we are able to operate with five analysts because the time drop in investigation has been from 20 to 40 minutes. We have saved 64 hours of our time overall. Before we used to have eight analysts, now we have at least five analysts and we are able to do the work completely. We have a good return on investment in terms of even the log retention part as well.

We have not typically evaluated other solutions as alternatives. As I mentioned, we used Splunk, Azure Sentinel, and Devo. We directly switched to Sumo Logic Security as per our organization's needs. We had used different SIEM platforms as well.

I would say to define especially what problems they have, particularly the threat detection part, incident response part, reporting part, cloud security monitoring, or insider threat analytics. They need to plan their log strategy about how much quality versus quantity they require and send only meaningful logs while filtering out debug and low-level information that makes noise. Categorizing the logs by priority is one of the most important things. Using something with very much tiered retention periods is helpful because Sumo Logic Security provides pre-built dashboards, correlation rules, analytics, and threat intelligence feeds. That is going to be helping. I would recommend investing in training, as good training helps the team write more effective queries, build custom correlation rules, alert tuning, and perform threat hunting. These are things to focus on, which especially help the organization. Measure metrics as well, such as MTTD, MTTR, false positive rate, analyst hours worked, and threat signals escalated, as these are outstanding for Sumo Logic Security.

Regarding additional thoughts about Sumo Logic Security before wrapping up, I would mention improvement in the detection part with AI integration regarding log summarization and advanced analytics, which should be part of the roadmap. Also, how Sumo Logic Security is going to handle scalability, such as onboarding different data sources or tuning alerts. The major direction I am interested in seeing is how Sumo Logic Security will move forward with AI-based SOC capabilities, as that is the next era of SIEM tools. I would give Sumo Logic Security an overall rating of 8 out of 10.

Sumo Logic Security encompasses all three areas: SIEM, SOAR, and log management.

Sumo Logic Security offers excellent features including ease of use. I came from a competing product, Splunk, and I was able to recycle a lot of the knowledge from that tool into Sumo because the logic was very similar.

Beyond the ease of use, the consumption model of Sumo Logic Security is also easy to understand, which was helpful. The build-out with Sumo was very good, as they spent a lot of time ensuring that we were sized correctly for the product, and the follow-ups were good. Sumo Logic Security has really good customer support.

The capabilities of Sumo Logic Security in providing security visibility across multi-cloud and hybrid environments are very good, particularly because Mambu is still a multi-cloud vendor, and the product worked extremely well in that scenario.

Regarding the automated TDRI workflows in Sumo Logic Security, they are excellent. I would put them at the top because they are truly useful and actually work as advertised.

My experience with Sumo Logic Security has been good. My SOC analysts were crushed under Splunk, but Sumo has actually eased the workload and made it tolerable for three people.

The improvements or benefits I have seen from Sumo Logic Security relate to alerts. We were buried under alerts and Sumo actually helped us clean that up. The number one value is being able to action things in a proper time frame.

A more transparent roadmap as to what Sumo Logic Security is trying to achieve would be beneficial. Sumo often gives information in three-month cycles, which makes it hard for planning purposes.

I have been using Sumo Logic Security for about a year and a half.

In terms of stability, Sumo Logic Security rates a ten; it has been up.

Regarding scalability, I give Sumo Logic Security a nine. I have yet to run into an issue with scalability, but we really have not tested it.

The build-out with Sumo was very good, as they spent a lot of time ensuring that we were sized correctly for the product, and the follow-ups were good. Sumo Logic Security has really good customer support.

The interactions have been extremely good, and the account team is great, so I never feel as though they just forgot us.

I rate the technical support for Sumo Logic Security a nine.

Positive

I came from a competing product, Splunk, and I was able to recycle a lot of the knowledge from that tool into Sumo because the logic was very similar.

When comparing Sumo Logic Security to Splunk or other vendors, the models are vastly different. Sumo's consumption model is easier to understand, while Splunk's is much more complex. Additionally, the Splunk service was not really fit for the size of our organization, which was about 1,000 people as it was a much more robust solution for something larger.

The initial deployment of Sumo Logic Security was complex, but working with Sumo made it very easy.

It took three months to deploy Sumo Logic Security.

I do use the SOC analyst agent for alert triage. I have three SOC analysts.

The return on investment I have seen with Sumo Logic Security in the past year and a half is tough to quantify, but I would estimate it has hit the milestones we set internally for return on investment, as we have not looked at the product and said it is not paying for itself.

When it comes to pricing, I would say Sumo Logic Security is in the upper middle-class tier. It is not expensive, but it is not inexpensive, sitting between those two.

From one to ten, where one is cheap and ten is expensive, I would put Sumo Logic Security at a seven.

Regarding the effectiveness of AI-driven analytics in reducing the workload and response times, it is too early to tell, as it is something that recently came out and we have not consumed it yet.

My impressions on the built-in threat intelligence feature are not bad. I would give them four out of five stars. They tend to be very good, but very specific to certain situations.

The impact of Sumo Logic Security in prioritizing alerts has been hard to quantify at this stage, as we are still trying to determine the value of that.

I could not tell you if the knowledge agent has helped improve onboarding efficiency because we do not utilize that function.

When it comes to how much time Sumo Logic Security saves, I would not say it is a time saver. It is an FTE saver. It did not really make my analysts work less in a day. They still have to work, but it avoided the need to procure more analysts to do the work.

Sumo Logic Security has probably saved us three FTEs.

Approximately 15 users utilize Sumo Logic Security.

Sumo Logic Security does not require any maintenance as it is a SaaS-based solution. We do not have to patch it, maintain it, or host it.

Sumo Logic Security was purchased through an engagement that was done pre-Marketplace, but it was purchased through Marketplace.

My advice for others looking to implement Sumo Logic Security would be three things: first, do a proof of concept because these solutions are very expensive. Second, definitely keep involved with Sumo through the entire process, making them a partner throughout the process. Third, and this is the most critical one, definitely take time to size your environments correctly because once you sign those contracts, that is the size.

I rate this review an overall eight.

My main use cases with Sumo Logic Security are the same as Splunk; it is not log management, but rather security events and information, a security information system like SIEM.

The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.

Sumo Logic's diverse log sources support very much for my digital transformation, and this is a strong side of the system. They have wide support for connectors, enabling me to implement almost any system with webhooks and connect whatever I want, so this aspect is definitely a strong side of this product.

One major improvement I would suggest for Sumo Logic Security is in its risk-based alerting system; while it initially sounds clever and modern, it works as a point-based system where an IP address or entity gets points for bad actions, raising alerts when enough points are collected. This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations.

To improve in the support area, I recommend enhancing the technical part because, while the process is good, the actual quality may depend on the personnel involved.

I have been working with Sumo Logic Security for fourteen months.

I have used Sumo Logic Security's threat detection feature, and I think it is very easy to use. The query language is pretty straightforward and easy, and it is very powerful for building different searches and dashboards that will serve for later exploration of the same interests I have.

I have used the anomaly detection capabilities in Sumo Logic Security, and it works pretty well out of the box. We did not verify the effectiveness, but it identifies a lot of anomalies and functions as a risk-based system mainly, where each log can become a signal. Each one gets several points, and if an entity or user and IP gets enough bad points, then an alert is raised. Each person or IP in a company has a bucket, and for each bad signal, you put a point in this bucket, and when you reach a certain point, an alert is created. However, while it is very easy and automated, it is also a negative side because it provides less context for things I am interested in finding in the alerting system.

I did not face any significant issues with Sumo Logic Security, but the pricing may be a concern as they try to upsell and raise the prices very quickly.

I would rate the support from Sumo Logic Security as about a seven. It depends on the person providing support, but in general, they usually provide continuous support post-implementation, being in touch and trying to help, which makes their after-sale process better than Splunk.

Positive

The initial setup for Sumo Logic Security is pretty easy and straightforward.

For Sumo Logic Security, I believe the deployment was internal, while for Splunk, it involved some hours from a reseller and Splunk themselves, making it a hybrid approach.

My company has not calculated ROI for Sumo Logic Security.

When comparing Sumo Logic Security with other tools such as Splunk, I see advantages such as its easier implementation, especially for companies that lack cybersecurity know-how; Sumo Logic Security can be beneficial for quick setup. However, while it is good for average tasks without needing three engineers, Splunk allows for more configuration to meet specific organizational needs, although it requires more expertise and time.

The compliance reporting tool in Sumo Logic Security is pretty acceptable; nothing special, but it is okay in helping meet regulatory requirements for my organization.

Overall, I think Sumo Logic Security is acceptable; it is a pretty slick, nice product, with no significant additional features that I feel need to be added or improved.

For those considering using Sumo Logic Security, I would recommend checking it out.

I do not rate it a ten because I find some aspects of how the system works overall to be strange. My review rating for Sumo Logic Security is seven.

I use Sumo Logic Security.

The first thing that I like about Sumo Logic Security is the earlier UI and the latest one, which has a clean layout. Since I can track so many good things, the UI has improved from before when it was not as good. Compared to other tools, I prefer the UI much better as it categorizes data very well for me. If I were using other security tools or other SIEM tools, I would need to think a bit and find something, which would be hard and fast. However, I am so adapted to this tool, and the features that they have implemented, including filters and other things, are the best.

Since we are using Sumo Logic Security on the security part, we need to look through all the things and maintain them since there might be some crashes in the data that we are receiving. If we do not update the data points each and every time, some data points might have failed. If the server is offline, it might not report in Sumo Logic, so we need to check at the server level why this issue is being caused. We need to update the agent for Sumo Logic Security and ensure it is up-to-date.

I would say there are a few more things that Sumo Logic Security can improve on. It is not the tool; it is a technical part. From the app point of view, I would say when we need to include a few latest features that have currently started in the market, such as new cloud integrations, it is a bit lengthy because it is not available on Sumo Logic Security. Then we have to get some ideas and go through workarounds. We are able to do that, but that is the hard part that I find with Sumo Logic Security. Because they are new to the market, it takes time, but still, since Sumo Logic Security is that famous, it needs to have better integration.

With the market trend, we have some cloud vendors for which we need to do some integration part. It is not directly integrated since it is a third party. On Sumo Logic Security, it is not supported that well compared to other SIEMs or other applications that we might be using. The integration is quite easy, but in Sumo Logic Security, it is not easy.

I have been using Sumo Logic Security for more than one and a half years since I joined this organization, and my team has been using it for more than three years.

Sumo Logic Security is quite scalable; it depends on your team and how you implement it.

We have a weekly meeting with the technical team for all our queries since it is included in our package.

I would rate the quality and speed of Sumo Logic Security support seven out of ten since the meetings are close to other vendors only, but they can improve on that part.

Positive

I have tried using Azure Sentinel in our organization.

With the length of data transfer that we are having day in and day out, I do not find Azure Sentinel to be much feasible compared to Sumo Logic Security that we are currently using. It all depends on the data transfer credits that we are using day in and day out.

It is easy to deploy Sumo Logic Security, since we are always on call with the support team, and there was a specific SME deployed for us from Sumo Logic Security who helps us whenever we get stuck in some part or cannot proceed. They help us in that part.

I would say that the pricing for Sumo Logic Security is in the medium part of the market. If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to find them costly since they are well-known and they have much more integration compared to Sumo Logic Security. They have been earlier in the market and have a vast network of backing behind them. So they charge for their integrity and their well-connectedness. Sumo Logic Security comes in the medium part; it is not very costly and not very light on the pocket. It is in the middle part, and we can say it is close to the best value that we are having right now.

My overall rating of Sumo Logic Security is seven out of ten.

We primarily use Sumo Logic as a SIEM, Security information and event management tool. It serves as a Cloud SIEM and is utilized for alert monitoring, insight monitoring, and as a continuous intelligence platform.

The Log Analytics platform is the most effective. If we cannot find the data in other tools, like email security or NDR, we can fetch those logs in the Log Analytics platform of Sumo Logic. That is the one best feature that I can suggest.

The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk. Sometimes logs will not fetch, and there are issues if the log volume exceeds a threshold. Not every tool is integrated with Sumo Logic. The response time for their support could be better, and it is not very user-friendly.

I've been using hte solution for two years.

There are stability issues. Sometimes logs will not fetch, and if there are many records, the system may stop or the UI may become unresponsive.

The support team is not very good. They don't provide support on call and have a response time of forty-eight hours, which is not instant support.

Neutral

 I'm not sure about the pricing.

I don't recommend this product.

I'd rate the solution six out of ten.

My clients use Sumo Logic Security depending on their needs. Some of my clients are looking for network visibility and observability, while others focus on the security aspects, utilizing the Sumo Logic SIEMs.

Sumo Logic Security offers a single dashboard and customization, which are the most valuable features. Additionally, it has a cost-effective structure because it is based on data storage and the number of scans, rather than uploading data. This cost model impacts the customers positively by offering a more straightforward pricing structure.

In terms of improvement, feedback indicates there is a need for a local data center in my country. This is crucial to sell to the government and financial sectors as they require data retention within each country.

I have approximately three months of experience working with Sumo Logic Security.

The stability is quite high because it is maintained by the vendor.

The tool has high scalability because everything is based in the cloud.

The security solution is complex because it involves a lot of management. However, compared with other similar solutions, it is quite straightforward.

The pricing structure for Sumo Logic Security is based on two elements: data storage and the number of scans. This makes it more cost-effective because other solutions often include a third element in their pricing.

During this evaluation, I considered multiple criteria for the Sumo Logic Security solution. Based on these criteria, I rate the solution as an eight out of ten due to its effective features and pricing.

We use Sumo Logic Security for logging purposes. We store and monitor application logs and VPC flow logs in the solution.

Sumo Logic Security is a good solution for searching the logs and identifying the issues. Sumo Logic Security searches the logs to identify issues easily. Suppose we got an issue related to the application 500 error. We store the application logs in Sumo Logic Security. We can easily search those logs to identify where exactly we are facing the application 500 error.

Sumo Logic Security is expensive, and its pricing could be improved.

I rate Sumo Logic Security a nine out of ten for stability.

Around ten users are using the solution in our organization.

I rate the solution an eight to nine out of ten for scalability.

We have two options for technical support. If we take the enterprise support, we get a reply within one or two hours. If you don't have enterprise support, you will get a reply in around one day or 12 hours, based on their availability.

The implementation process of the solution was good and not very difficult. You can easily integrate Sumo Logic Security with AWS or Kubernetes. Even new users who are aware of AWS can follow the documentation and easily deploy the solution.

The solution’s deployment doesn’t take more than 15 minutes for a knowledgeable person.

Storing logs in Sumo Logic Security is charged GB-wise, which is a little higher than other products.

We are mainly concentrating on networking. We use VPC products and application logs to monitor the genuineness of users who have logged in. We also store and monitor GuardDuty logs to see if someone is trying to access the same server multiple times. We are storing and monitoring WAF logs and GuardDuty logs. If someone faces any issues, we'll receive an email and take action based on it.

If someone tries to access one of the applications from a different country, we can search in Google and identify the location of that particular IP address. Sumo Logic Security identifies whether a particular IP address is low, medium, or high risk without the help of Google.

We can store logs in CloudWatch, but it is very difficult to search them in CloudWatch. We should know the query in order to do that. Searching for logs with Sumo Logic Security is very easy compared to CloudWatch. We have been using the solution for more than two years and haven't faced any issues with the solution's availability. I would recommend the solution to other users.

I would recommend Sumo Logic Security instead of AWS, CloudWatch, or CloudTrail. With Sumo Logic Security, you can capture and see all the logs in a single place. If some issues occur, you can log into the solution and verify all the logs. At an organizational level, we have multiple AWS accounts for different environments. Instead of logging in to all the AWS accounts, you can log in to Sumo Logic Security and verify everything.

Overall, I rate the solution a nine out of ten.

The product is a log aggregator of all the logs from all our environments, including AWS. Our infrastructure is deployed on AWS. We ship all logs to Sumo Logic. Based on the logs, we create alerts. These alerts are sent to an email ID, which creates tickets.

The solution is automated. It has a good number of extensions like CrowdStrike and AWS extensions. It is very useful. We can integrate threat intelligence solutions into the product.

The query of Sumo Logic is complex. It should be improved. The solution should improve its UI. FireEye, Splunk, and LogRhythm provide proper UIs. The solution should improve its scalability and stability.

Connecting the collector with Sumo is difficult if a collector or device is down. We have faced multiple challenges like this, and we are still facing these challenges. We recently raised a ticket to Sumo Logic to investigate the issue.

I have been using the solution for one and a half years. I am using the latest version of the solution.

I rate the tool’s stability a seven out of ten.

I rate the tool’s scalability a seven out of ten. In my current organization, there are around 18 people who have access to the product, including the security team. Apart from these, 30 people from different teams have access to the tool but do not have full admin access.

The support team is very cooperative. As soon as the team receives our tickets, a support person is assigned to us. They reach out to us and try to solve the problem.

Positive

The installation of the devices was good. The product is deployed on the cloud.

The product is costly. At the same cost, we can get other tools with better features and capabilities.

First-time users must decide how they want to use the tool. The product is very good as a log aggregator. If we want to use the solution as a SIEM console, it will not be that useful because it does not have the features a SIEM tool would have. It does not have analyzing or threat intel features. The product does provide the option of using extensions, but it does not have its own threat intel feature. Overall, I rate the solution a seven out of ten.

We are using Sumo Logic Security for security monitoring.

The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI.

The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial.

In a feature release, more insights on threat intelligence would be helpful.

I have been using Sumo Logic Security for approximately one year.

The solution is stable.

I rate the stability of Sumo Logic Security a seven out of ten.

We have approximately 20 to 35 users using this solution. We use it on a daily basis.

I rate the support of Sumo Logic Security an eight out of ten.

I was previously using IBM Security QRadar. We switched to Sumo Logic Security because it was on the cloud and IBM Security QRadar was on-premise.

The setup of Sumo Logic Security is easy.

The time it takes for the deployment depends on how many logs and the sources there are.

I rate the initial setup of Sumo Logic Security a seven out of ten.

The license pricing model is based on the events that are processed through the solution.

The price of Sumo Logic Security is high.

I rate the price of Sumo Logic Security a seven out of ten.

It is important to tune the rules so that are minimal false positives.

I rate Sumo Logic Security an eight out of ten.