Sumo Logic Security Reviews

The product is a log aggregator of all the logs from all our environments, including AWS. Our infrastructure is deployed on AWS. We ship all logs to Sumo Logic. Based on the logs, we create alerts. These alerts are sent to an email ID, which creates tickets.

The solution is automated. It has a good number of extensions like CrowdStrike and AWS extensions. It is very useful. We can integrate threat intelligence solutions into the product.

The query of Sumo Logic is complex. It should be improved. The solution should improve its UI. FireEye, Splunk, and LogRhythm provide proper UIs. The solution should improve its scalability and stability.

Connecting the collector with Sumo is difficult if a collector or device is down. We have faced multiple challenges like this, and we are still facing these challenges. We recently raised a ticket to Sumo Logic to investigate the issue.

I have been using the solution for one and a half years. I am using the latest version of the solution.

I rate the tool’s stability a seven out of ten.

I rate the tool’s scalability a seven out of ten. In my current organization, there are around 18 people who have access to the product, including the security team. Apart from these, 30 people from different teams have access to the tool but do not have full admin access.

The support team is very cooperative. As soon as the team receives our tickets, a support person is assigned to us. They reach out to us and try to solve the problem.

The installation of the devices was good. The product is deployed on the cloud.

The product is costly. At the same cost, we can get other tools with better features and capabilities.

First-time users must decide how they want to use the tool. The product is very good as a log aggregator. If we want to use the solution as a SIEM console, it will not be that useful because it does not have the features a SIEM tool would have. It does not have analyzing or threat intel features. The product does provide the option of using extensions, but it does not have its own threat intel feature. Overall, I rate the solution a seven out of ten.

We are using Sumo Logic Security for security monitoring.

The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI.

The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial.

In a feature release, more insights on threat intelligence would be helpful.

I have been using Sumo Logic Security for approximately one year.

The solution is stable.

I rate the stability of Sumo Logic Security a seven out of ten.

We have approximately 20 to 35 users using this solution. We use it on a daily basis.

I rate the support of Sumo Logic Security an eight out of ten.

I was previously using IBM Security QRadar. We switched to Sumo Logic Security because it was on the cloud and IBM Security QRadar was on-premise.

The setup of Sumo Logic Security is easy.

The time it takes for the deployment depends on how many logs and the sources there are.

I rate the initial setup of Sumo Logic Security a seven out of ten.

The license pricing model is based on the events that are processed through the solution.

The price of Sumo Logic Security is high.

I rate the price of Sumo Logic Security a seven out of ten.

It is important to tune the rules so that are minimal false positives.

I rate Sumo Logic Security an eight out of ten.

We primarily use the solution for security as well as application monitoring. We use it for security as well. 

The solution has been very critical for monitoring.

It offers real-time observability. We're able to catch real issues right away. 

We can manage multiple screens with multiple panels. 

It's an easy solution to learn. It's also very easy to use.

The solution has been very stable.

Technical support is always great. They are very helpful.

It can scale well.

Pricing is reasonable. 

The integration with multiple sources could be better. 

You cannot monitor insights on SumeLogic SIM. 

I've been using the solution for more than four years. I've used it for a while now. 

I'd rate the stability nine out of ten. It doesn't crash or freeze, and there are no bugs or glitches. It is reliable. 

The solution's scalability is okay. I'd rate it nine out of ten. 

We have about 50 or more users on the solution in my company. We do plan to increase usage. 

They have friendly support. They are helpful and responsive. 

Positive

I'm also aware of QRadar, Splunk, and Grafana, which are more expensive. 

The initial setup was done by the vendor, not us. The integration of the applications and logs was done by us, and that part was easy. 

We had a vendor assist with the setup process. 

I'm not sure if we have seen an ROI. 

The pricing is very reasonable compared to QRadar or Splunk. It's not that costly. 

I'm using the latest version of the solution right now. 

It's great for application monitoring and security. It is user-friendly. 

If anyone needs to handle log management, they should consider a trial with SumoLogic. 

I'd rate the solution nine out of ten. 

Our primary use case for this solution is logging and monitoring. We have dashboards for monitoring the performance and health of our applications and logins.

Sumo Logic Security has helped our organization because we are able to troubleshoot problems faster. It also improved the quality of our applications because of the visibility.

The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs.

In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently.

I have been using the Sumo Logic Security solution for about three years.

My impression is that the stability of this solution is pretty good. We are able to get the desired result with it.

I would rate the scalability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

The deployment was done by an IT department.

I would advise other people looking into this solution to get used to the monitoring and log analysis tool. This solution has a learning curve at the beginning and requires practice, so it's good to familiarize yourself with that.

I would rate this solution as a whole an eight, on a scale from one to 10, with one being the worst and 10 being the best.

I use it for the log monitoring of our legacy site. We typically monitor the event timestamps.

The tool has key features like operability. It will alert the admins whenever a device is onboarded.

From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc. 

I have been working with the product for three years. 

I would rate the tool's stability a nine point five out of ten. 

I would rate the product's scalability a nine out of ten. 

The support replies to us back within 24 hours of opening a ticket. 

Positive

The tool's setup is simple and straightforward.  A three-member team manages the solution. 

I would rate the solution a nine out of ten. 

We've got it integrated into all of our production assets and our IT assets, like Okta and all the SaaS stuff that we need to manage our IT environment. It's plugged into pretty much everything.

Primarily, we use it for security alerting. We plug it into Amazon and it lets us know when people log into different accounts, change privileges, log into production, etc. We also have it integrated on the IT side too — we have it integrated into our SSO provider. We want to know if someone logs in too many times or how frequently they try to log in, whether they get locked out or not. It generates alerts. We're starting to roll it out in terms of forensics on our audit logs.

Company-wide, if it is part of our certification process, if we buy a SaaS service, it has to integrate with a SIM — it has to provide audit logs. There are a couple of other criteria that we have: it's got to have a split SSO, it has to have a supported SIM, and it's got to support audit logs. All the read-only audit logs get dumped into Sumo Logic as well, and the security team monitors all of that.

Our DevSecOps team mainly uses this solution.

Sumo Logic has absolutely improved our organization — 100%.  Sumo Logic is a great tool, it's absolutely necessary. I like Sumo Logic because it always works. It's so easy to use. It's got all the capabilities we need right now.

What I like most is the ability to create custom alerts.

They have a really, really rich query language. I don't know the name of the product offering. I'm sure they have a specific name in the solution, but basically being able to pull all that data in, and be able to build queries in a query language and map that to actions; whether that's alerting or triggering events. And that's really where our SecOps team spends most of their time — trying to look at the forensics, look at the information, and map it to some meaningful event. And they just build all these different queries that map to those events or alerts.

I have been using Sumo Logic for a year and a half at my current company, and I've used it previously at another company as well.

Stability-wise, It's great. We never experienced any bugs or glitches.

We have no issues scalability-wise. We've never had any issues with the capacity, even at my previous company, they were able to handle it. 

I personally haven't contacted tech support, but I know at my previous company, we found them very responsive — they were solid. Although, there's always room for improvement. Overall, I would give their tech support a rating of nine out of ten.

At my current company, we started with Sumo Logic. That was just because when we started, multiple people had different experiences with different tools and this one came out on top. We also used Splunk for a while.

We started with Splunk — this is back at my previous company in like 2014, 2015 — but they priced themselves out. Plus, Sumo Logic seemed to have a better price-to-functionality ratio.

When Splunk switched their model and went after large enterprises, they left a lot of startups in the lurch. They just left us holding the bag and said, "See ya", and went off and started going after large enterprises.

The initial setup was very straightforward. Setting up all the integrations was trivial.

The pricing is good. It's not an issue for us. I just haven't taken a look at the pricing model in detail. I don't know how that grows, exactly. It's more of a volume thing I think. But right now, it's doing everything we need, and it is not a point of pain in terms of pricing or reliability. There are other solutions that are far worse. So it's doing great. That's all I really could say.

Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos. It's just an all-around, easy solution to use. I would be shocked if it doesn't meet your needs.

They just need to keep the pricing model right and ensure that the integrations are seamless. Sumo Logic needs to make sure integrating solutions are seamless. As a startup, we're looking to scale our team with tools that are really easy to use, that scale as well — tools like Sumo Logic, where one person can manage a ton. We probably have 20,000 assets in the cloud, and probably 60 assets in corporate IT, and they're all pumping everything to Sumo logic. Then from one place, you can start analyzing just about anything. That's really important to us.

Overall, on a scale from one to ten, I would give Sumo Logic a rating of nine. If they added more integration, I would give them a rating of ten.

We mainly use the solution to take advantage of the debugging logs and application logs, which are the production systems that we have. All of these are running these Sumo Logic agents. They keep communicating with the logs and are pushing to the Sumo Logic servers. Basically, we use it for our application debugging. 

We also push the balance of our logs to Sumo Logic. That is for our workarounds. It helps us to get to know the health of our application from the load balancer point of view. We pull for certain error messages within the logs, let's say, for example, exceptions, or errors, etc. We use certain patterns that we want to be highlighted for notification purposes. These are running continuously and whenever certain text patterns are found and are beyond a certain threshold, we get notified so that we can take some corrective actions.

There are a lot of things we like about this product. 

One is the log aggregation. It basically gives a list of matching patterns on most of the logs. When dealing with something like live error messages etc., you can group by similarities.  That way it is very easy to know where things are in real-time. It has helped us in terms of doing a top-down debugging. If, for example, you see a certain error message or an exception, then you double click to see where exactly it has affected the system. That way, at every stage you are able to go one level deeper until you find the root cause, through the logs or by other means. This is something which I find it really helpful. There are other ways within a window you can search as well. You can find out what happened one or two days before or one or two minutes before this message. It helps you follow a trail of events that will lead you to a particular state.

Users can also do a comparison with regard to the filing. Let's say, for example, you see a certain error come up today, and if you are interested in how was it yesterday or the day before, or maybe 17 days ago, you can take a look. This is one of the features that I found really helpful. 

The solution offers capture host metrics as well. Basically it could be the RAM utilization, CPU, or pretty much everything around the host, including the health of the host. That also comes in handy when we are debugging.

There isn't anything in particular that stands out that I would say is lacking or needs adjustments. For us, the solution offers everything we need.

If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see. If Sumo could come up with the feature and then make it as a part of the offering that would be ideal.

The pricing could be more competitive. Sumo Logic bills based on the amount of data that you ingest into their platform. There are times that some of the data is not critical. You don't want to be charged at the same level for the extra data that isn't critical, but you will be.

We recently started using the solution. We started originally sometime in October or November of 2019. It's been maybe eight to ten months since we began.

The solution is quite stable. 

We have had barely any occasions where we witnessed delays. This may have happened once or twice. That is, of course, over a period of months. We started evaluating them in October, but we signed to use them sometime in January. Since January we have been developing customers for them. In the past four or five months that we've been using the solution, only once or twice did we see some kind of a lag in the logs getting pushed. I believe that is an understandable and typical amount of time. If we have had to reach out to their support only two times in about five months, I don't think that's bad.

We've never had any issues with developing scalability. Whatever that we were pushing, in terms of logs, they're all getting pushed and we haven't seen any scalability issues.

We've had no issues whatsoever with the level of service we've been given.

Right now, their customer success team, their version of technical support, will check in to see how we're utilizing the tool. If there's anything we're stuck on they will manage it for us. Whenever we have too many logs, and if we are exceeding our quota, they will personally reach out and check-in. They are really engaged and want to know if things are working as expected or if there at any anomalies. Due to the fact they are so attentive, if they catch anything, they will reduce certain charges so they try to protect our average rates.

The initial setup is very easy. 

In terms of the initial deployment, it's just a matter of installing the solution. It's sort-of similar to onboarding a server.

We did get help from the pre-sales team from Sumo Logic, who was helping us with the initial onboarding and procedures. We also do have their support team available to us. They're called the Customer Success Team.  

They've given us a lot of insight into the tool and they call maybe once a month to check-in. 

The solution is expensive in terms of usage. New users should be aware of that. However, for some that are worried about down-time on their applications, if you can't target, then it makes sense to invest money in a tool like this, and with Sumo especially,

We're just a customer.

It's a good tool. It has helped us, and there's a whole lot of features included. 

For new businesses considering using the solution, if you are strictly or directly only looking towards the cost then it might not be justified, because stability is something which can't be measured, or rather it's not exactly tangible. You might say that, okay, one hour of downtime results in so much of a loss in the business, and if you're effectively making use of the tool for bringing up the systems really fast, potential damage will be zero.

I'd rate the solution eight out of ten.

To rate it at a perfect ten, maybe if they offered just a few more features I'd rate it higher. 

They would also get a higher rating if they offered differential pricing to focus on super-critical logs instead of all data in aggregate. On a need basis, whenever I do a query on them, I should be charged based on that. So some kind of a differential pricing model is something that I would expect out of this platform.

Logging all operational and security events in our enterprise environment. We use Sumo Logic to monitor all the applications that we run in the Amazon AWS cloud; we use Sumo Logic to monitor the security posture of our AWS IaaS with CloudTrail, VPC flow, S3 audit, GuardDuty, and EKS services. 

Sumo Logic is a single place to retrieve intelligence without worrying about architecture and performance.

The out of the box applications were very useful for us. We also use the Threat Intelligence integration for our security monitoring.

Automation is open to user's implementation, in my case, we used to use API to correlate and orchestrate events from Sumo Logic with other platforms, and now we are using an automation platform to centralize the various integrations.