Sumo Logic Security Reviews

We've got it integrated into all of our production assets and our IT assets, like Okta and all the SaaS stuff that we need to manage our IT environment. It's plugged into pretty much everything.

Primarily, we use it for security alerting. We plug it into Amazon and it lets us know when people log into different accounts, change privileges, log into production, etc. We also have it integrated on the IT side too — we have it integrated into our SSO provider. We want to know if someone logs in too many times or how frequently they try to log in, whether they get locked out or not. It generates alerts. We're starting to roll it out in terms of forensics on our audit logs.

Company-wide, if it is part of our certification process, if we buy a SaaS service, it has to integrate with a SIM — it has to provide audit logs. There are a couple of other criteria that we have: it's got to have a split SSO, it has to have a supported SIM, and it's got to support audit logs. All the read-only audit logs get dumped into Sumo Logic as well, and the security team monitors all of that.

Our DevSecOps team mainly uses this solution.

Sumo Logic has absolutely improved our organization — 100%.  Sumo Logic is a great tool, it's absolutely necessary. I like Sumo Logic because it always works. It's so easy to use. It's got all the capabilities we need right now.

What I like most is the ability to create custom alerts.

They have a really, really rich query language. I don't know the name of the product offering. I'm sure they have a specific name in the solution, but basically being able to pull all that data in, and be able to build queries in a query language and map that to actions; whether that's alerting or triggering events. And that's really where our SecOps team spends most of their time — trying to look at the forensics, look at the information, and map it to some meaningful event. And they just build all these different queries that map to those events or alerts.

I have been using Sumo Logic for a year and a half at my current company, and I've used it previously at another company as well.

Stability-wise, It's great. We never experienced any bugs or glitches.

We have no issues scalability-wise. We've never had any issues with the capacity, even at my previous company, they were able to handle it. 

I personally haven't contacted tech support, but I know at my previous company, we found them very responsive — they were solid. Although, there's always room for improvement. Overall, I would give their tech support a rating of nine out of ten.

At my current company, we started with Sumo Logic. That was just because when we started, multiple people had different experiences with different tools and this one came out on top. We also used Splunk for a while.

We started with Splunk — this is back at my previous company in like 2014, 2015 — but they priced themselves out. Plus, Sumo Logic seemed to have a better price-to-functionality ratio.

When Splunk switched their model and went after large enterprises, they left a lot of startups in the lurch. They just left us holding the bag and said, "See ya", and went off and started going after large enterprises.

The initial setup was very straightforward. Setting up all the integrations was trivial.

The pricing is good. It's not an issue for us. I just haven't taken a look at the pricing model in detail. I don't know how that grows, exactly. It's more of a volume thing I think. But right now, it's doing everything we need, and it is not a point of pain in terms of pricing or reliability. There are other solutions that are far worse. So it's doing great. That's all I really could say.

Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos. It's just an all-around, easy solution to use. I would be shocked if it doesn't meet your needs.

They just need to keep the pricing model right and ensure that the integrations are seamless. Sumo Logic needs to make sure integrating solutions are seamless. As a startup, we're looking to scale our team with tools that are really easy to use, that scale as well — tools like Sumo Logic, where one person can manage a ton. We probably have 20,000 assets in the cloud, and probably 60 assets in corporate IT, and they're all pumping everything to Sumo logic. Then from one place, you can start analyzing just about anything. That's really important to us.

Overall, on a scale from one to ten, I would give Sumo Logic a rating of nine. If they added more integration, I would give them a rating of ten.

Sumo Logic is for logging. You can use it as a centralized logging management system. You can send all your application logs to Sumo Logic, then you will receive a clear dashboard where you can see if there are any issues in you operations. It is pretty easy to troubleshoot any issues on your application using Sumo Logic.

It helps a lot because we can troubleshoot issues pretty easily. 

We can easily search for what is wrong in our application through the logs. We don't need to go through all of the logs. We just make a search on the basis on some keyword, then we will see the actual problem in Sumo Logic.

With the alerting dashboards, you can set up some patterns. Then, on these patterns, you will automatically get alerts.

Currently, it has predefined patterns that we need to set up manually. We would like to have some type of predefined setup for the logs, making the setup easier by default, such as:

• What are the total number of error logs? 
• What are the total number of hits? 
• What are the total number of misses? 
  

The stability is pretty good. I haven't seen more than two or three times when the dashboard has not been working, the logs are not available on the dashboard, or there is some latency in the logs. I always get the real-time logs on the dashboard.

The scalability is good. We have scaled from two servers to 50 servers, and it works well.

If you are enterprise level and your server size is more than ten or 15, then I would recommend to use Sumo Logic.

Initially, we used technical support because when we were new to Sumo Logic. So, we had some issues setting up dashboards. However, after a couple of hands on experiences, the product was pretty easy to use. 

The technical team is good and helped us out.

The integration and configuration of Sumo Logic in our AWS environment was easy. If you can read the documentation, then you can easily set it up.

The troubleshooting part of Sumo Logic has solved a lot, e.g., if there is any downtime on the website. So, we have reduce our downtime by a lot with Sumo Logic because we can easily troubleshoot issues.

The pricing is a little high, but for the features that we receive from Sumo Logic, it suits the price. For some small organizations, the price might be a little high.

We have used other products, like Loggly and ELK Stack.

Our log sites are huge, and Sumo Logic was a good option for the large volumes. ELK and the other options were not working well with the large volumes.

If you want to do a PoC with Sumo Logic, their documentation is very good.

The product is only on AWS. We using it on our production environment.

Our primary use case for this solution is logging and monitoring. We have dashboards for monitoring the performance and health of our applications and logins.

Sumo Logic Security has helped our organization because we are able to troubleshoot problems faster. It also improved the quality of our applications because of the visibility.

The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs.

In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently.

I have been using the Sumo Logic Security solution for about three years.

My impression is that the stability of this solution is pretty good. We are able to get the desired result with it.

I would rate the scalability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

The deployment was done by an IT department.

I would advise other people looking into this solution to get used to the monitoring and log analysis tool. This solution has a learning curve at the beginning and requires practice, so it's good to familiarize yourself with that.

I would rate this solution as a whole an eight, on a scale from one to 10, with one being the worst and 10 being the best.

We use it for logging and alerting for cloud only applications.

We are only use it from the cloud.

We are able to diagnose problems before our customers.

• It's reliable.
• The Curry language is easy to use once you get used to it. 
• The user interface is pretty responsive. 

Therefore, it was a cost value proposition decision.

There are some API gaps that are missing.

It is usually reliable when we expect it to be. We haven't had too many outages. They announce outrages when they have them; more due to degradations when they have them. They have been more reliable than some other vendors that we are using.

We have had no issues with scaling.

We frequently reach out to tech support. We also have a technical account manager (TAM) and a customer success manager assigned to us. We have a fairly large account with them, so we generally get the responses that we need.

We have our own logging solution previously.

The integration and configuration in our AWS environment is automated. We automated it so every AMI comes ready with Sumo Logic and New Relic. Therefore, we have no issues.

We integrated with New Relic. Thus, we get alerts sometimes from Sumo Logic's logs as opposed to just native alerts when they are from CloudWatch or New Relic.

We look at ROI constantly. We put the amortized cost of Sumo Logic and New Relic right in the console that our service teams can look at. The ROI is good enough for us not to move away from Sumo Logic.

The AWS Marketplace pricing is borderline. Every annual renewal, we always contemplate if we are getting what we think we could out of it or could we do it cheaper with some other product.

I believe that we did look at another cloud-based solution, but I wasn't at the company during the evaluation process.

I would recommend to look at Sumo Logic, but also look at Datadog and Loggly. Look at some of the competitors who are also in this space.

We use it for ingestion of VPC flow logs, CloudTrail logs, and config logs from AWS.

We also use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people.

The dashboards are great. We use them for monitoring certain events when they happen to see if we want to act upon them. The monitoring pages and the alerting pages are also very handy.

If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved. If they could do something about this, it would be nice.

It is very stable. I've never really seen it have bad performance issues. As long as you're using optimized queries, then it always performs very well.

I don't think I have ever had a performance problem with it. The scalability is good.

We have multiple different customers who ingest different amounts based on their workloads and environments. We have ten customers with our biggest customer ingesting around 18G a day. Across all our customers, we might be ingesting around 50G a day.

The support team at Sumo Logic is great. They have great people. They give good support when and if we need it.

The integration and configuration of Sumo Logic into our AWS environment was easy and great.

Purchasing the solution through the AWS Marketplace is very easy. We chose to go through the AWS Marketplace because it makes it a lot easier when we bill our customers. Rather than having to get multiple different sources of information then correlate a monthly bill for our customers, it is just included in the AWS usage charges. Thus, it's convenient.

The AWS Marketplace pricing is fairly reasonable for what it does. Compared to the other tools that do it as well, it's reasonable. I wouldn't call it expensive, but I wouldn't call it cheap. It is pretty good.

We love the product and haven't had any bad experiences with it.

We integrated it with Windows Active Directory. With one of our customers, we integrated it with some security software. It was some antivirus platform. We worked with their security team to ingest some logs that they used at the time and queried the data that they ingested.

It integrates easily with other products. You just have to install the Collector. Then, as long as you know what the format of your logs are like, you can write your field extraction rules, and away you go. As long as you know what you're doing, and as long as you are familiar with the logs that you're ingesting, then it is easy.

We ultimately use it because we are a managed services partner of Amazon, and we need to do it for our ordering purposes. It's just something that we have to have to be able to look at our logs in a dated manner.

I would tell people to not get Sumo Logic if you are looking for a traditional monitoring software, because that was not the purpose it was written for. They should get it if they are looking for a log ingestion and aggregation system.

We use the AWS version of the product.

I use it for the log monitoring of our legacy site. We typically monitor the event timestamps.

The tool has key features like operability. It will alert the admins whenever a device is onboarded.

From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc. 

I have been working with the product for three years. 

I would rate the tool's stability a nine point five out of ten. 

I would rate the product's scalability a nine out of ten. 

The support replies to us back within 24 hours of opening a ticket. 

Positive

The tool's setup is simple and straightforward.  A three-member team manages the solution. 

I would rate the solution a nine out of ten. 

The primary use is incident alerting.

We use it to do cash, voids, reports, and find any number of abnormal errors in our APIs.

• The search
• Email alerts

It took a bit of trial and error to get it set up correctly based on everything we had to do.  In the end, we had to send everything over HTTP, which was sort of a stop-gap. It was very hard to install the agents on AWS Elastic Beanstalk, which was disappointing. 

The product's interface is a bit slow and cumbersome to use.

I have no concerns about the stability of the product. I feel it handles the stress we put on it very well.

The only limit to the scalability of the product for us is how much we are willing to pay. It should handle any size of our environment that we want scale up to.

Technical support has been great. If I have any issues, I have somebody I can talk to.

We have seen ROI. The product saves time. Because of it, we don't have to provide credentials for everybody to look at individual systems to find their logs.

The price scaling comes in a bit expensive. 

We also evaluated Splunk. We chose Sumo Logic because we needed something to get logs off of individual sites.

The product integrates well with our websites.

We have been using only the on-premise versions of this product, so we have not used the AWS versions.

Our primary use case is application log tracing and monitoring. It does a good job of meeting our needs, in terms of alert monitoring.

For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly.

The key features that we have been using:

• The ability to troubleshoot production issues.
• Set up monitoring for errors. 

I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial.

It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement.

We are still looking for some functionality to make the alerting and monitoring set up easier and more user-friendly.

We are sending out real-time streaming of logs from multiple applications, and we haven't had any issues with the application.

Scalability has been good for our needs. 

We have applications across the company which are using Sumo Logic. We haven't run into any scaling issues in regards to size so far.

We haven't reached out to technical support yet.

The integration was set up by us. What we did was use our deployment automation tools to send logs over to Sumo Logic. Most of this was done on our side. It would have been nice to have some out-of-the-box plugins which could have been used for this purpose.

We integrate with a lot of custom applications, mostly running on a Linux environment. What we do is we send logs from the Linux file systems over to Sumo Logic.

We have seen improvement in our operational processes.

Pricing has been cheaper than some of the competing tools, like Splunk. However, if we went to ELK Stack, which is open source, it would have been less costly, but it would have required more development from our side. It is a good balance between price and functionality.

We also looked at Kibana. 

We chose Sumo Logic because it had robust functionality. We also had a licensing agreement with the parent company.

It is a good tool for operational logging and monitoring of applications.

We are using the hosted version.