My clients use Sumo Logic Security depending on their needs. Some of my clients are looking for network visibility and observability, while others focus on the security aspects, utilizing the Sumo Logic SIEMs.
Logs for Security (AWS Built-In)
Sumo Logic Inc.External reviews
214 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Offers a single dashboard with customizable features and a cost-effective pricing structure
What is our primary use case?
What is most valuable?
Sumo Logic Security offers a single dashboard and customization, which are the most valuable features. Additionally, it has a cost-effective structure because it is based on data storage and the number of scans, rather than uploading data. This cost model impacts the customers positively by offering a more straightforward pricing structure.
What needs improvement?
In terms of improvement, feedback indicates there is a need for a local data center in my country. This is crucial to sell to the government and financial sectors as they require data retention within each country.
For how long have I used the solution?
I have approximately three months of experience working with Sumo Logic Security.
What do I think about the stability of the solution?
The stability is quite high because it is maintained by the vendor.
What do I think about the scalability of the solution?
The tool has high scalability because everything is based in the cloud.
How was the initial setup?
The security solution is complex because it involves a lot of management. However, compared with other similar solutions, it is quite straightforward.
What's my experience with pricing, setup cost, and licensing?
The pricing structure for Sumo Logic Security is based on two elements: data storage and the number of scans. This makes it more cost-effective because other solutions often include a third element in their pricing.
What other advice do I have?
During this evaluation, I considered multiple criteria for the Sumo Logic Security solution. Based on these criteria, I rate the solution as an eight out of ten due to its effective features and pricing.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Effective with good log analytics but needs better rule correlation
What is our primary use case?
We primarily use Sumo Logic as a SIEM, Security information and event management tool. It serves as a Cloud SIEM and is utilized for alert monitoring, insight monitoring, and as a continuous intelligence platform.
What is most valuable?
The Log Analytics platform is the most effective. If we cannot find the data in other tools, like email security or NDR, we can fetch those logs in the Log Analytics platform of Sumo Logic. That is the one best feature that I can suggest.
What needs improvement?
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk. Sometimes logs will not fetch, and there are issues if the log volume exceeds a threshold. Not every tool is integrated with Sumo Logic. The response time for their support could be better, and it is not very user-friendly.
For how long have I used the solution?
I've been using hte solution for two years.
What do I think about the stability of the solution?
There are stability issues. Sometimes logs will not fetch, and if there are many records, the system may stop or the UI may become unresponsive.
How are customer service and support?
The support team is not very good. They don't provide support on call and have a response time of forty-eight hours, which is not instant support.
How would you rate customer service and support?
Neutral
What's my experience with pricing, setup cost, and licensing?
I'm not sure about the pricing.
What other advice do I have?
I don't recommend this product.
I'd rate the solution six out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Used to store and monitor application logs and VPC flow logs
What is our primary use case?
We use Sumo Logic Security for logging purposes. We store and monitor application logs and VPC flow logs in the solution.
What is most valuable?
Sumo Logic Security is a good solution for searching the logs and identifying the issues. Sumo Logic Security searches the logs to identify issues easily. Suppose we got an issue related to the application 500 error. We store the application logs in Sumo Logic Security. We can easily search those logs to identify where exactly we are facing the application 500 error.
What needs improvement?
Sumo Logic Security is expensive, and its pricing could be improved.
What do I think about the stability of the solution?
I rate Sumo Logic Security a nine out of ten for stability.
What do I think about the scalability of the solution?
Around ten users are using the solution in our organization.
I rate the solution an eight to nine out of ten for scalability.
How are customer service and support?
We have two options for technical support. If we take the enterprise support, we get a reply within one or two hours. If you don't have enterprise support, you will get a reply in around one day or 12 hours, based on their availability.
How was the initial setup?
The implementation process of the solution was good and not very difficult. You can easily integrate Sumo Logic Security with AWS or Kubernetes. Even new users who are aware of AWS can follow the documentation and easily deploy the solution.
What about the implementation team?
The solution’s deployment doesn’t take more than 15 minutes for a knowledgeable person.
What's my experience with pricing, setup cost, and licensing?
Storing logs in Sumo Logic Security is charged GB-wise, which is a little higher than other products.
What other advice do I have?
We are mainly concentrating on networking. We use VPC products and application logs to monitor the genuineness of users who have logged in. We also store and monitor GuardDuty logs to see if someone is trying to access the same server multiple times. We are storing and monitoring WAF logs and GuardDuty logs. If someone faces any issues, we'll receive an email and take action based on it.
If someone tries to access one of the applications from a different country, we can search in Google and identify the location of that particular IP address. Sumo Logic Security identifies whether a particular IP address is low, medium, or high risk without the help of Google.
We can store logs in CloudWatch, but it is very difficult to search them in CloudWatch. We should know the query in order to do that. Searching for logs with Sumo Logic Security is very easy compared to CloudWatch. We have been using the solution for more than two years and haven't faced any issues with the solution's availability. I would recommend the solution to other users.
I would recommend Sumo Logic Security instead of AWS, CloudWatch, or CloudTrail. With Sumo Logic Security, you can capture and see all the logs in a single place. If some issues occur, you can log into the solution and verify all the logs. At an organizational level, we have multiple AWS accounts for different environments. Instead of logging in to all the AWS accounts, you can log in to Sumo Logic Security and verify everything.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
The solution is automated and has a good number of extensions, but it is costly, and it must improve its UI
What is our primary use case?
The product is a log aggregator of all the logs from all our environments, including AWS. Our infrastructure is deployed on AWS. We ship all logs to Sumo Logic. Based on the logs, we create alerts. These alerts are sent to an email ID, which creates tickets.
What is most valuable?
The solution is automated. It has a good number of extensions like CrowdStrike and AWS extensions. It is very useful. We can integrate threat intelligence solutions into the product.
What needs improvement?
The query of Sumo Logic is complex. It should be improved. The solution should improve its UI. FireEye, Splunk, and LogRhythm provide proper UIs. The solution should improve its scalability and stability.
Connecting the collector with Sumo is difficult if a collector or device is down. We have faced multiple challenges like this, and we are still facing these challenges. We recently raised a ticket to Sumo Logic to investigate the issue.
For how long have I used the solution?
I have been using the solution for one and a half years. I am using the latest version of the solution.
What do I think about the stability of the solution?
I rate the tool’s stability a seven out of ten.
What do I think about the scalability of the solution?
I rate the tool’s scalability a seven out of ten. In my current organization, there are around 18 people who have access to the product, including the security team. Apart from these, 30 people from different teams have access to the tool but do not have full admin access.
How are customer service and support?
The support team is very cooperative. As soon as the team receives our tickets, a support person is assigned to us. They reach out to us and try to solve the problem.
How would you rate customer service and support?
Positive
How was the initial setup?
The installation of the devices was good. The product is deployed on the cloud.
What's my experience with pricing, setup cost, and licensing?
The product is costly. At the same cost, we can get other tools with better features and capabilities.
What other advice do I have?
First-time users must decide how they want to use the tool. The product is very good as a log aggregator. If we want to use the solution as a SIEM console, it will not be that useful because it does not have the features a SIEM tool would have. It does not have analyzing or threat intel features. The product does provide the option of using extensions, but it does not have its own threat intel feature. Overall, I rate the solution a seven out of ten.
Which deployment model are you using for this solution?
Private Cloud
Helps to monitor logs and event timestamps
What is our primary use case?
I use it for the log monitoring of our legacy site. We typically monitor the event timestamps.
What is most valuable?
The tool has key features like operability. It will alert the admins whenever a device is onboarded.
What needs improvement?
From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc.
For how long have I used the solution?
I have been working with the product for three years.
What do I think about the stability of the solution?
I would rate the tool's stability a nine point five out of ten.
What do I think about the scalability of the solution?
I would rate the product's scalability a nine out of ten.
How are customer service and support?
The support replies to us back within 24 hours of opening a ticket.
How would you rate customer service and support?
Positive
How was the initial setup?
The tool's setup is simple and straightforward. A three-member team manages the solution.
What other advice do I have?
I would rate the solution a nine out of ten.
Integrates well, useful rules, and beneficial GUI
What is our primary use case?
We are using Sumo Logic Security for security monitoring.
What is most valuable?
The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI.
What needs improvement?
The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial.
In a feature release, more insights on threat intelligence would be helpful.
For how long have I used the solution?
I have been using Sumo Logic Security for approximately one year.
What do I think about the stability of the solution?
The solution is stable.
I rate the stability of Sumo Logic Security a seven out of ten.
What do I think about the scalability of the solution?
We have approximately 20 to 35 users using this solution. We use it on a daily basis.
How are customer service and support?
I rate the support of Sumo Logic Security an eight out of ten.
Which solution did I use previously and why did I switch?
I was previously using IBM Security QRadar. We switched to Sumo Logic Security because it was on the cloud and IBM Security QRadar was on-premise.
How was the initial setup?
The setup of Sumo Logic Security is easy.
The time it takes for the deployment depends on how many logs and the sources there are.
I rate the initial setup of Sumo Logic Security a seven out of ten.
What's my experience with pricing, setup cost, and licensing?
The license pricing model is based on the events that are processed through the solution.
The price of Sumo Logic Security is high.
I rate the price of Sumo Logic Security a seven out of ten.
What other advice do I have?
It is important to tune the rules so that are minimal false positives.
I rate Sumo Logic Security an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Advanced technology to monitor cloud infrastructures.
What do you like best about the product?
I like its advanced technology that makes it easier to manage cloud infrastructures. Makes maintenance operations easier, and of course, also safety monitoring. It is a good resource to strengthen cybersecurity.
What do you dislike about the product?
Sumo Logic meets the necessary requirements to improve the ability of IT operations team.
What problems is the product solving and how is that benefiting you?
The statistics provided by Sumo Logic facilitate the management of incidents and failures associated with the performance in the cloud. It is essential to make decisions on security software.
Recommendations to others considering the product:
Provides advanced technology at a reasonable price. I recommend Sumo Logic.
the best option in the market
What do you like best about the product?
I really like that the data obtained can be analyzed with great ease, the way to organize them is perfect, you have many high-level options configured, this allows even a beginner to work safely and easily. The training they provide is really good.
What do you dislike about the product?
The only thing I do not like about Sumo Logic is the delay that there is to show new records, no matter how much the page is updated many times you have to wait between 5 and 10 minutes, this tends to be a bit frustrating, but otherwise it is perfect.
What problems is the product solving and how is that benefiting you?
It is very useful to be able to see the data of several servers over time. It is definitely a great help and a great time saver. If you had to do that work without the help of Sumo Logic, it would be practically impossible. Having access to a central place to look for the resolution of a problem is perfect.
Recommendations to others considering the product:
It works whenever you need it. the problems have been minimal is very good this software is a good investment
Sumo Logic provides sophisticated analytics
What do you like best about the product?
The platform is flexible and intuitive that offers advanced real-time analytics. Sumo Logic is a great advantage to detect and resolve operational problems in our applications. In addition, reports are great for monitoring performance.
What do you dislike about the product?
I have no complaints regarding the services of Sumo Logic, as it is very effective.
What problems is the product solving and how is that benefiting you?
Real-time analysis services are key to detect operational problems and prevent major system failures.
Recommendations to others considering the product:
It is an ideal platform for IT teams since it provides sophisticated analytics that allow improving security in the cloud. I recommend it.
Powerful and Easy To Use
What do you like best about the product?
Powerful query engine, log ingest and metric analytics enable easy dashboarding of my application
What do you dislike about the product?
Price, data ingest costs are quite high and on demand billing costs when you exceed your ingest allowance are absolutely unreasonable
What problems is the product solving and how is that benefiting you?
Consume application logs and dashboard to our support teams
showing 1 - 10