Sumo Logic Security Reviews

Name: Sumo Logic Security
Brand: Sumo Logic
Rating: 4.1 (25 reviews)

Vendor: Sumo Logic

4.1 out of 5

25 reviews
92% willing to recommend

Leave a review

What is Sumo Logic Security?

Sumo Logic Security offers efficient event monitoring with customizable alerts, centralized log search, and real-time threat detection. It supports multi-cloud environments and integrates with threat intelligence, reducing workload with AI-driven analytics.

Get the Sumo Logic Security Buyer's Guide and find out what your peers are saying about Sumo Logic Security, CrowdStrike Falcon, Wazuh and more!

Sumo Logic Security is the #13 ranked solution in SOAR tools, #19 ranked solution in top Security Information and Event Management (SIEM) solutions, and #21 ranked solution in Log Management Software. PeerSpot users give Sumo Logic Security an average rating of 8.2 out of 10. Sumo Logic Security is most commonly compared to CrowdStrike Falcon: Sumo Logic Security vs CrowdStrike Falcon. Sumo Logic Security is popular among the large enterprise segment, accounting for 44% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a manufacturing company, accounting for 12% of all views.

Helped 890,088 peers since 2012

Featured Sumo Logic Security reviews

Migell Roberts

Senior Security Analyst at City Electric Supply Company

To improve Sumo Logic Security, I would appreciate the tool being easier to use from a search perspective. For example, we have a few teams that want to use the tool itself, but they are not as savvy when it comes to creating searches from the core platform. I understand that Mobot has come out and is in the works, and it really does assist non-savvy users when it comes to querying the platform. As far as that is concerned, I wish that could be improved a bit more, but I do know that that is in the works. I would add that I wish for improved documentation. For example, we are using Sumo Playbooks and automation integrations along with that, but I have found that there has been a lack of documentation, very little to none at all when it comes to that. With regards to automation integrations as well, there are very few details included in them. I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS. I chose eight out of ten because to make it a nine or ten, I would lean heavily on the documentation. A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking. There are instances also where some security best practices are not being followed. So, if we are able to set up an integration that is not only secure, following security best practices, and has complete documentation, I believe it would alleviate the issue of having to go back and forth with support to check the documentation and things of that nature. My impression of the built-in threat intelligence feature in Sumo Logic Security is that it is comprehensive, but I would say that it could do a little bit better. For example, we have the TAXI feeds, which is STIX and TAXI integrated into the core platform, but the issue I am running into is that I am able to use that feed into a CSE alert; however, I am not able to see the contents of that feed. If I integrate CISA, which we do have integrated, I cannot see what IOCs are in that feed in the core platform, and I hope that is the case because, in order for us to better tune our alerts, we need to be able to see what is in the contents of that threat intelligence feed.

Read full review

Pavan Kashetty

Security Engineer at a tech vendor with 11-50 employees

If I want to mention anything related to Sumo Logic Security, I would say that with the current AI situation, AI enrichments should be very well integrated. I saw something in insights that it is doing something around 14 days of correlation, but I would prefer something around seven days would be better. Sometimes we see alerts coming from a different time frame. In some places, correlation could be much better in Sumo Logic. There is a scenario where we see five to six employees from the company log in from the same IP address, which is a shared IP address. Maybe one employee has login failures, perhaps because they forgot their password. In this situation, Sumo Logic gives us an alert saying that a brute-force alert was detected or a credential compromise was detected, stating that five people have successful logins and one user has a bad password. This is not practically correct detection. They should be doing some kind of better analysis, such as a historical analysis of this IP, to make it clear that this IP is a shared IP, so the logins that happened for all other users are normal. Sumo Logic has the capability as a modern SOC to include behavior correlation or attack chain visibility, which would be a great addition to reduce false positives. Good dashboards with AI capabilities would also be more helpful. Since our product is also AI-based, something where they can focus more on AI with the possibility of detection engineering, writing custom correlation rules, and tuning detections to make more valid true positives would be beneficial. I have experienced some situations where false positives occurred. There can be more improvement in MITRE ATT&CK mapping, especially, as it helps us measure coverage gaps and where we are positioned. Beyond that, SOAR capabilities with automation focus should include more enrichments into the detection part and provide higher levels of true positives overall. When I compare Sumo Logic Security with other solutions like Splunk, Azure Sentinel, or Sentinel One, these are improvements I would expect to see. Automation should be improved further. As we move to AI SOC, there is talk of automated multi-step response workflows where playbooks should be enriched for logs of different activities based on IP, user, user agent, or other fields. More advanced playbook-based correlation should be coming up with a set of rules that can help detect real true positives. Rich incident response playbooks and better integrations with ticketing tools would be beneficial so that we can take quick actions if a breach has been identified. Advanced attack path visualizations would be helpful. Creating a good attack graph showing when something has been detected, how quickly it has been investigated, what the timeline of all these activities was, and including entities such as user, host, network, cloud, or indicators of compromise would be valuable. Built-in threat group playbooks would be very helpful, whether for ransomware, account compromise, or data exfiltration. AI-driven threat insights at the automated flow of investigation would be more helpful. Sumo Logic Security is very good at role-based access controls, and we were able to manage that very well without any issues. Advanced attack path visualizations and built-in threat group playbooks for ransomware, account compromise, or data exfiltration scenarios would enhance the platform significantly.

Read full review

Frank Krieger

CISO at Mambu

Sumo Logic Security offers excellent features including ease of use. I came from a competing product, Splunk, and I was able to recycle a lot of the knowledge from that tool into Sumo because the logic was very similar. Beyond the ease of use, the consumption model of Sumo Logic Security is also easy to understand, which was helpful. The build-out with Sumo was very good, as they spent a lot of time ensuring that we were sized correctly for the product, and the follow-ups were good. Sumo Logic Security has really good customer support. The capabilities of Sumo Logic Security in providing security visibility across multi-cloud and hybrid environments are very good, particularly because Mambu is still a multi-cloud vendor, and the product worked extremely well in that scenario. Regarding the automated TDRI workflows in Sumo Logic Security, they are excellent. I would put them at the top because they are truly useful and actually work as advertised. My experience with Sumo Logic Security has been good. My SOC analysts were crushed under Splunk, but Sumo has actually eased the workload and made it tolerable for three people. The improvements or benefits I have seen from Sumo Logic Security relate to alerts. We were buried under alerts and Sumo actually helped us clean that up. The number one value is being able to action things in a proper time frame.

Read full review

Sumo Logic Security mindshare

Product category:

As of April 2026, the mindshare of Sumo Logic Security in the Security Information and Event Management (SIEM) category stands at 1.7%, up from 0.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Mindshare Distribution
Product	Mindshare (%)
Sumo Logic Security	1.7%
Splunk Enterprise Security	7.0%
IBM Security QRadar	5.2%
Other	86.1%

Security Information and Event Management (SIEM)

PeerResearch reports based on Sumo Logic Security reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Apr 26, 2026	Download
Product	Reviews, tips, and advice from real users	Apr 26, 2026	Download
Comparison	Sumo Logic Security vs Splunk Enterprise Security	Apr 26, 2026	Download
Comparison	Sumo Logic Security vs Wazuh	Apr 26, 2026	Download
Comparison	Sumo Logic Security vs IBM Security QRadar	Apr 26, 2026	Download

Valuable Features

Sumo Logic Security's key attributes include intuitive UI, seamless log aggregation, and cross-service log correlation. Its customization options, threat intelligence integration, and AI-driven analytics significantly enhance security monitoring. Real-time observability and automated workflows streamline alerts, improving incident response times. Its multi-cloud support and competitive pricing structure offer additional value. The ease of implementation and diverse connectors allow quick integration with various systems. Users appreciate the enrichment capabilities in dashboards and the efficiency of its alerting mechanisms.

"Sumo Logic has absolutely improved our organization — 100% Sumo Logic is a great tool, it's absolutely necessary."
"There are a lot of things we like about this product."
"We are able to diagnose problems before our customers."

Room for Improvement

Sumo Logic Security faces challenges with its dashboard complexity, API integration, and automation capabilities. Users find its UI and query systems difficult. Integration with third-party applications and a lack of advanced alerting systems hinder efficiency. Pricing concerns and steep learning curves add further complications. Enhanced user experience, better cloud support, and improved documentation are critical areas for enhancement. Improved false positive management and advanced MITRE ATT&CK mapping are needed for competitive advantage.

"Sumo Logic needs to make sure integrating solutions are seamless."
"The pricing could be more competitive. Sumo Logic bills based on the amount of data that you ingest into their platform."
"There are some API gaps that are missing."

ROI

Companies improved operational processes with Sumo Logic Security, observing satisfactory return on investment. They reduced analyst numbers from eight to five, saving 64 hours by cutting investigation time, and improved log retention. Downtime decreased through better issue troubleshooting. Even though some have not measured returns, others consistently track amortized costs, feeling the investment is justified. Access to centralized logs enhanced efficiency by reducing the need for individual credentials.

Pricing

Sumo Logic Security's pricing is considered moderate, offering a balance between cost and functionality. Many users purchase through AWS Marketplace for convenience. While some find the Marketplace pricing high, others appreciate the simplicity of having a consolidated bill. Compared to competitors like Splunk and QRadar, the pricing is viewed as reasonable. However, its license model based on data storage and event processing can be costly for high data volumes.

"Storing logs in Sumo Logic Security is charged GB-wise, which is a little higher than other products."
"The product is costly."
"The license pricing model is based on the events that are processed through the solution."

Popular Use Cases

Sumo Logic Security is primarily utilized for log aggregation, monitoring, and alerting across AWS environments. It supports security event management via SIEM, storing application and VPC flow logs for detailed analysis. Users leverage it for security insights, threat detection, and application debugging. The platform integrates with various IT assets, providing network visibility, troubleshooting capabilities, and ensuring compliance through audit log management. Notifications for specific patterns help in maintaining application health.

Service and Support

Sumo Logic Security customer support is generally praised for its helpfulness and responsiveness, with many users highlighting prompt responses and knowledgeable staff. Support options include technical account managers and customer success managers. Meetings are included in some packages. While response times are typically fast, region-specific variations exist. Access to documentation and tutorials aids in resolving issues independently. Some users rate support highly, though differences in service quality are noted.

Deployment

Users find Sumo Logic Security's initial setup mostly straightforward and simple. The integration in AWS environments is automated or easily manageable with documentation. A support team often assists, making the setup less stressful. While a few find complexity due to management tasks, the process benefits from assistance. Time to deploy varies with the number of logs and sources. A vendor sometimes handles initial setup, making the experience manageable for multiple users managing the tool.

Scalability

Sumo Logic Security scales efficiently, handling various workload sizes. Users report no significant issues with capacity or performance. As environments grow, Sumo Logic adapts without infrastructure burdens. The cloud-native design ensures seamless scalability, supporting terabytes of data and numerous servers. Pricing considerations exist, but scalability is widely praised with positive ratings. Many organizations utilize it daily, and its ability to handle diverse log types is noted as an advantage over other platforms.

Stability

Sumo Logic Security is generally perceived as highly stable, handling up to 4000 servers without issues. Users rate its stability between seven and ten, noting minimal downtime and efficient log handling. While some experience occasional lag or UI unresponsiveness, it is seen as reliable compared to other platforms. The cloud-native architecture ensures high availability, scaling efficiently with no performance degradation despite large log volumes. Stability concerns are rare with limited support interactions.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Sumo Logic Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	5
Large Enterprise	11

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	152
Midsize Enterprise	68
Large Enterprise	173

By visitors reading reviews

Top industries

By visitors reading reviews

Manufacturing Company

12%

Financial Services Firm

10%

Outsourcing Company

Computer Software Company

Comms Service Provider

Retailer

Construction Company

Educational Organization

Energy/Utilities Company

Performing Arts

Insurance Company

Government

University

Transportation Company

Real Estate/Law Firm

Wholesaler/Distributor

Healthcare Company

Marketing Services Firm

Media Company

Consumer Goods Company

Pharma/Biotech Company

Logistics Company

Legal Firm

Leisure / Travel Company

Recreational Facilities/Services Company

Recruiting/Hr Firm

Renewables & Environment Company

Non Profit

Museum Or Institution

Hospitality Company

Compare Sumo Logic Security with alternative products

Learn more about Sumo Logic Security

Sumo Logic Security empowers organizations with advanced logging and monitoring solutions, facilitating comprehensive security event management. Its robust log search and comparison features, combined with user-friendly dashboards, enable quick event analysis. The platform's multi-cloud support and real-time threat detection are notable features, seamlessly integrating automated log correlation and AI analytics to optimize user experience. Despite needing enhancements in querying and dashboard functionalities, Sumo Logic Security remains a reliable choice for application log management, IT asset visibility, and incident alerting. Organizations utilize it for threat detection, posture monitoring, and compliance audits, in platforms like AWS, focusing on security insights and performance monitoring.

What are the key features of Sumo Logic Security?

Log Search: Facilitates centralized search and event analysis.
Custom Alerts: Offers flexibility in monitoring specific security events.
AI-driven Analytics: Reduces workload and speeds up response times.
Real-time Detection: Ensures swift threat identification and mitigation.
Multi-cloud Support: Enables integrations across cloud environments.

What benefits can users expect from Sumo Logic Security?

Ease of Implementation: Quick setup and deployment processes.
Cost-effective Pricing: Provides value-driven investment with supportive customer service.
Responsive UI: Enhances user experience and efficiency in operations.
Compliance Audits: Facilitates thorough security audits and reporting.

Organizations in industries like finance and technology implement Sumo Logic Security to maintain security and compliance, leveraging its advanced monitoring and alerting capabilities. Teams focus on application troubleshooting and forensic analysis, ensuring robust security posture and effective incident response across cloud-based environments.

Product Categories

Security Information and Event Management (SIEM)

Log Management

Security Orchestration Automation and Response (SOAR)

Popular Comparisons

CrowdStrike Falcon vs Sumo Logic Security

Wazuh vs Sumo Logic Security

Datadog vs Sumo Logic Security

Splunk Enterprise Security vs Sumo Logic Security

IBM Security QRadar vs Sumo Logic Security

Microsoft Sentinel vs Sumo Logic Security

Elastic Security vs Sumo Logic Security

Grafana Loki vs Sumo Logic Security

LogRhythm SIEM vs Sumo Logic Security

AWS Security Hub vs Sumo Logic Security

Cortex XSIAM vs Sumo Logic Security

Rapid7 InsightIDR vs Sumo Logic Security

Palo Alto Networks Cortex XSOAR vs Sumo Logic Security

Fortinet FortiSIEM vs Sumo Logic Security

Amazon OpenSearch Service vs Sumo Logic Security

See all alternatives

Sumo Logic Security Reviews Summary
Author info	Rating	Review Summary
Senior Security Analyst at City Electric Supply Company	4.0	I've found Sumo Logic Security useful for alert insights, enrichments, and automation, though better documentation, improved search usability, and more robust AI tuning would enhance it; overall, it's effective and has improved team collaboration and incident response.
Security Engineer at a tech vendor with 11-50 employees	4.0	I’ve used Sumo Logic Security for four years as a cloud-native SIEM with strong correlation, UEBA, dashboards, and workflows that cut MTTD from 3–4 hours to under 30 minutes and reduced alert fatigue. I want better AI, fewer false positives, and richer SOAR/visualizations.
CISO at Mambu	4.0	I’ve used Sumo Logic Security for 18 months and found it easy to adopt after Splunk, with strong support, stability, and multi-cloud visibility. It reduced alert noise and saved about three FTEs, though the roadmap needs more transparency.
CSO at Altera	3.5	I've found Sumo Logic Security easy to implement with great connector support, but its risk-based alerting lacks context. It’s a solid, average tool—good for quick deployment, though not as customizable or in-depth as alternatives like Splunk.
Security Analyst at a tech vendor with 10,001+ employees	3.5	I’ve used Sumo Logic Security for 1.5+ years and like its clean UI, filters, and scalability, plus easy deployment with helpful support. However, cloud integrations lag and often require workarounds. Pricing is mid-market; overall I rate it 7/10.
Deputy Country Manager at PT Securite Asia Indonesia (ABP Securite)	4.0	I find Sumo Logic Security valuable for its customizable, cost-effective dashboard focused on data storage and scan volume. However, the lack of a local data center is a barrier for government clients needing in-country data retention.
SOC Analyst at a computer software company with 1,001-5,000 employees	3.0	I primarily use Sumo Logic as a Cloud SIEM for alert and insight monitoring, valuing its Log Analytics platform for retrieving logs not available in other tools. However, its correlation rules, log mapping, and support response time need improvement.
DevOps and Solution Architect at a recruiting/HR firm with 10,001+ employees	4.5	I use Sumo Logic Security to store and monitor application and VPC flow logs, which makes it easy to search logs and identify issues like application 500 errors. However, the solution is expensive, making pricing a potential area for improvement.

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	3.3%	97%	141 interviews Add to research
Wazuh	3.7	5.1%	81%	50 interviews Add to research

Sumo Logic Security Reviews

What is Sumo Logic Security?

Featured Sumo Logic Security reviews

Sumo Logic Security mindshare

PeerResearch reports based on Sumo Logic Security reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Sumo Logic Security with alternative products

Learn more about Sumo Logic Security

Related questions

Product Categories

Popular Comparisons