Accelerating security analytics using Amazon Nova with Sumo Logic

Enterprise security operations centers, sophisticated small and midsize businesses, and managed-service providers depend on Sumo Logic’s security information and event management solution to protect their operations. The company wanted to make sophisticated security analysis accessible even to junior analysts. As a result, it decided to create an assistant that could answer natural language questions and remove the need for users to learn proprietary query languages.

Sumo Logic needed AI technology that could contextualize large quantities of data and draw precise conclusions. After experimenting with several AI platforms, the company found that AWS delivered high performance infrastructure with robust security and privacy measures at relatively low cost. “AWS keeps giving us great tools and services that we can use to not only get our vision off the ground but also push it to new heights, past where we thought it was likely going to land,” says Eric Avery, global head of infrastructure and data at Sumo Logic.

Sumo Logic developed Mobot, an assistant that serves as the primary interface for the company’s Dojo AI software. Without writing complex queries, users interact with Mobot through natural language conversations. They can ask questions such as “What happened in the last 15 minutes?” or “Did any potential security threats arise overnight?” The assistant is accessible through multiple entry points: directly within the Sumo Logic interface, through alerts that are sent to messaging services, or by analyzing existing dashboards.

Sumo Logic implemented Amazon Bedrock, a service for building generative AI applications and agents, and Amazon Nova, which delivers frontier intelligence and industry-leading price performance. This way, the company can power Mobot’s capabilities by accessing multiple foundation models and selecting the right one for each task. To process and contextualize large volumes of log and security data, Sumo Logic uses Amazon Nova 2 Lite, a fast and cost-effective reasoning model.

“We have seen a tremendous impact by using Amazon Nova models to provide proper contextualization,” says Avery. “We might guide them and say, ‘This is what you’re looking for,’ but they do the work to draw those associations and present the findings with high accuracy.”

Behind Mobot, Sumo Logic built AI agents that handle various tasks. The Summary Agent, for example, analyzes multiple security signals, synthesizes them into coherent narratives, and suggests next steps. Instead of presenting 15 separate alerts for a potential security threat, it might explain in a single notification: “This entity clicked an email message, then 15 minutes later logged in from an unexpected location. We suspect a phishing threat. You must restrict access to at-risk services.”

Offering advanced reasoning, multiagent capabilities, and fast speed, Amazon Nova 2 Lite perfectly fits Sumo Logic’s needs. The company can now build AI agents that rapidly and cost effectively identify and resolve security threats for customers. What’s more, the security solutions provider has reduced costs by 24 percent and improved latency by 20 percent, all while maintaining high accuracy.

By democratizing security expertise, Sumo Logic helps managed-service providers respond rapidly when their customers call with urgent security requests. And junior security analysts who previously needed to escalate issues can now investigate independently, reducing the burden on senior staff.

Sumo Logic is developing capabilities to help users optimize their configurations, follow best practices, and access relevant documentation through conversational interactions with Mobot. “The challenge is seeing how quickly we can deliver, because the opportunities are there, the investment from AWS is there, and the toolset is growing,” says Avery. “As engineers, we want to capitalize on all of it and get it to our customers as soon as possible, delivering real value.”