My main use cases with Sumo Logic Security are the same as Splunk; it is not log management, but rather security events and information, a security information system like SIEM.
Logs for Security (AWS Built-In)
Sumo Logic Inc.External reviews
363 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Unified Dashboard and Predictive Analytics Streamline Workflow
What do you like best about the product?
I appreciated the native integration of logs, metrics, and tracking within a single dashboard, as it means I no longer need to switch between multiple tools. I also found the predictive analytics feature helpful, since it saves me time.
What do you dislike about the product?
While the API itself is robust, I found the configuration of the control panel and alerts to be less intuitive and not as smooth as I would have liked. Additionally, I was not a fan of its syntax, which I found to be quite cumbersome.
What problems is the product solving and how is that benefiting you?
Sumo Logic addresses a variety of challenges for us and has been extremely helpful, particularly due to its strong core capabilities in analyzing logs and metrics. This has significantly reduced our mean time to resolution, and the level of confidence it offers is truly impressive. Additionally, its scalable data ingestion has proven to be a valuable advantage.
Flexible Pricing and Powerful Insights
What do you like best about the product?
Sumo Logic's Flex pricing model and insight generation.
What do you dislike about the product?
User experience (UX) design does not match a friendly interface.
What problems is the product solving and how is that benefiting you?
This tool is useful for both log management and security monitoring.
Powerful Real-Time Data Evaluation and Reliable Anomaly Detection
What do you like best about the product?
What I appreciate most is the powerful real-time data evaluation. I rely on the machine learning features for anomaly detection, which I find invaluable. Rather than manually searching for error patterns or unusual traffic spikes, these tools enable us to validate CI/CD deployments in production with confidence, knowing that any regression will be detected immediately.
What do you dislike about the product?
One of the downsides is that managing collectors in dynamic environments such as Kubernetes demands ongoing maintenance. Additionally, although the dashboards serve their monitoring purpose, they lack the flexibility and visual sophistication found in dedicated visualization tools.
What problems is the product solving and how is that benefiting you?
Thanks to Sumo Logic, we've been able to resolve the issue of dispersed telemetry data. It brings together logs, metrics, and traces onto one unified platform. This consolidation has helped us reduce our mean time to detect (MTTD) by automatically correlating events, which has enabled me to shift from a reactive stance to a more proactive approach in monitoring and managing reliability.
Outstanding Multi-Cloud Visibility and Insightful Event Correlation
What do you like best about the product?
I appreciate how it enables me to correlate events and organize them into Insights, which really helps me concentrate on more detailed analysis. Additionally, the multi-cloud visibility is outstanding, especially since we operate across multiple cloud environments.
What do you dislike about the product?
Up to now, I haven't been satisfied with how the rules can be customized, particularly when it comes to automatic detection.
What problems is the product solving and how is that benefiting you?
Sumo Logic enables a shift from a reactive, slow incident response approach to a more proactive threat hunting strategy. I have found it valuable due to its advanced capabilities, which are well-suited for modern environments and help speed up the entire incident response process.
Powerful Multicloud Logging, But Steep Learning Curve
What do you like best about the product?
I highly appreciate Sumo Logic's architecture, especially for multicloud environments. Its built-in integrations with AWS and Google Cloud make it possible to centralize logs and metrics very efficiently. From a strategic perspective, the average consumption billing model provides essential cost predictability.
What do you dislike about the product?
The learning curve for this platform is quite steep. Gaining proficiency takes a substantial amount of time, particularly because the machine learning analytics features require a very detailed initial setup and careful tuning before they can provide meaningful results.
What problems is the product solving and how is that benefiting you?
The platform has played a fundamental role in our operations; its anomaly detection and rules have significantly enhanced our security. The automation of incident response (IR) has greatly improved our workflow, leading to a substantial decrease in both MTTD and MTTR. Conducting efficient investigations is essential for achieving comprehensive root cause analysis.
Powerful Real-Time Insights and Analytics, But a Bit Pricey
What do you like best about the product?
It has the great ability to provide real time insights, and analytics for your metrics, cloud data and logs. Sumo Logic helps in providing flexible and scalable platform that simplifies monitoring, trouble shooting and security analytics. It has the great user interface which making it easier to navigate amount of data without overwhelmed.
What do you dislike about the product?
It is bit expensive if you are scaling and dealing with large volumes of data
What problems is the product solving and how is that benefiting you?
It is solving the problem of managing and understanding the great amount of log and performance data from different system and applications. It is supporting to bring all of that information in one place which helps in making it easier to monitor, troubleshoot and secure environment in real time.
Has improved implementation speed and coverage but lacks contextual accuracy in alerts
What is our primary use case?
What is most valuable?
The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.
Sumo Logic's diverse log sources support very much for my digital transformation, and this is a strong side of the system. They have wide support for connectors, enabling me to implement almost any system with webhooks and connect whatever I want, so this aspect is definitely a strong side of this product.
What needs improvement?
One major improvement I would suggest for Sumo Logic Security is in its risk-based alerting system; while it initially sounds clever and modern, it works as a point-based system where an IP address or entity gets points for bad actions, raising alerts when enough points are collected. This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations.
To improve in the support area, I recommend enhancing the technical part because, while the process is good, the actual quality may depend on the personnel involved.
For how long have I used the solution?
I have been working with Sumo Logic Security for fourteen months.
What do I think about the stability of the solution?
I have used Sumo Logic Security's threat detection feature, and I think it is very easy to use. The query language is pretty straightforward and easy, and it is very powerful for building different searches and dashboards that will serve for later exploration of the same interests I have.
I have used the anomaly detection capabilities in Sumo Logic Security, and it works pretty well out of the box. We did not verify the effectiveness, but it identifies a lot of anomalies and functions as a risk-based system mainly, where each log can become a signal. Each one gets several points, and if an entity or user and IP gets enough bad points, then an alert is raised. Each person or IP in a company has a bucket, and for each bad signal, you put a point in this bucket, and when you reach a certain point, an alert is created. However, while it is very easy and automated, it is also a negative side because it provides less context for things I am interested in finding in the alerting system.
What do I think about the scalability of the solution?
I did not face any significant issues with Sumo Logic Security, but the pricing may be a concern as they try to upsell and raise the prices very quickly.
How are customer service and support?
I would rate the support from Sumo Logic Security as about a seven. It depends on the person providing support, but in general, they usually provide continuous support post-implementation, being in touch and trying to help, which makes their after-sale process better than Splunk.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup for Sumo Logic Security is pretty easy and straightforward.
What about the implementation team?
For Sumo Logic Security, I believe the deployment was internal, while for Splunk, it involved some hours from a reseller and Splunk themselves, making it a hybrid approach.
What was our ROI?
My company has not calculated ROI for Sumo Logic Security.
Which other solutions did I evaluate?
When comparing Sumo Logic Security with other tools such as Splunk, I see advantages such as its easier implementation, especially for companies that lack cybersecurity know-how; Sumo Logic Security can be beneficial for quick setup. However, while it is good for average tasks without needing three engineers, Splunk allows for more configuration to meet specific organizational needs, although it requires more expertise and time.
What other advice do I have?
The compliance reporting tool in Sumo Logic Security is pretty acceptable; nothing special, but it is okay in helping meet regulatory requirements for my organization.
Overall, I think Sumo Logic Security is acceptable; it is a pretty slick, nice product, with no significant additional features that I feel need to be added or improved.
For those considering using Sumo Logic Security, I would recommend checking it out.
I do not rate it a ten because I find some aspects of how the system works overall to be strange. My review rating for Sumo Logic Security is seven.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Robust Real-Time Intelligence, Minor Latency with Historical Data
What do you like best about the product?
What I appreciate most is the platform's robustness as a Continuous Intelligence solution. Its cloud-native architecture enables organizations to efficiently unify and analyze vast amounts of machine data in real time, which helps maintain continuous application reliability and enhances their security against modern threats.
What do you dislike about the product?
I've noticed that the platform sometimes experiences latency when querying large amounts of historical or archived data, particularly during comprehensive searches within these secondary repositories.
What problems is the product solving and how is that benefiting you?
Since adopting Sumo Logic, our security has improved thanks to real-time threat detection, and our operational decision-making has become more efficient, resulting in more reliable and consistent service.
Powerful Insights with Sumo Logic, But Data Retention Costs Add Up
What do you like best about the product?
What I appreciate most about Sumo Logic is its Continuous Intelligence feature. It brings together vast amounts of diverse data and, with the help of AI, quickly transforms this information into actionable insights. This capability significantly speeds up the resolution of both security and operational issues.
What do you dislike about the product?
The licensing plan imposes strict limits on data retention, so storing logs and metrics for longer periods comes with extra costs.
What problems is the product solving and how is that benefiting you?
This tool has played a vital role in helping me resolve issues swiftly, thanks to its real-time search and analysis capabilities. It delivers essential security, allowing for proactive threat detection and supporting the smooth operation of our entire infrastructure.
Easy Log Search, No Complaints
What do you like best about the product?
Ease to search for logs, properly grouped logging structure
What do you dislike about the product?
Nothinng to dislike about this amazing product
What problems is the product solving and how is that benefiting you?
I used sumo logic to log our backend server logs. It was very helpful in terms of debugging and monitoring
showing 1 - 10