Additional Info

CompanySumo Logic
Company size (employees)500 to 999
Type of solutionCloud/SaaS


Sumo Logic Cloud SIEM is a modern SIEM designed and built for the cloud, and its success speaks for itself. Begun in 2010 to provide real-time analytics-as-a-service, Sumo Logic is a multi-tenant platform, built natively in AWS. The modular architecture features more than 75 microservices, enabling strong platform resiliency and frequent updates without downtime.

Sumo Logic provides a wide array of data analytics based on data from a nearly unlimited range of sensors, collecting data natively via 200+ out-of-the-box integrations. It also relies heavily on APIs to take in data from Office 365, G Suite, AWS, and many other SaaS applications. To broaden the ability to collect data, Sumo Logic recently closed the purchase of open-source monitoring specialist Sensu.

With dynamic auto scaling, Sumo Logic analyzes 24.3 TB of data per second and an average of 2.10 quadrillion events per day for 2,100+ customers. Today, approximately half of Sumo Logic’s customers are leveraging its security intelligence solutions for their day-to-day security operations.

Sumo Logic Cloud SIEM provides security analysts with enhanced visibility to seamlessly monitor across all infrastructures, and thoroughly understand the impact and context of an attack. It employs a stream processing engine for real-time query search and analysis of stored data, with more than 90% reduction in the volume of information presented to the human analyst.

Sumo Logic Cloud SIEM innovations include:
– Automated SOC analyst workflows: fuses analytics and SOC automation to perform security analyst workflows and automatically triage alerts

– Actionable tools for threat response: dashboards are visually compelling and specially constructed to match the needs of each role, ranging from Tier 1 security analyst to C-level executive.

– Threat mitigation: machine learning and statistical analytics identify threats and provide useful, actionable insights; Sumo Logic integrates with popular collaboration and ticketing systems to facilitate team responses.

How we are different

Sumo Logic’s Cloud SIEM Solution provides the following advantages to its enterprise customers:
- Reduce risk, cost and complexity while improving productivity - the cloud-native and multi-tenant SaaS platform supports on-demand scale to accommodate large burst data without performance degradation, while also deploying in hours/days to achieve rapid time to value without the time and maintenance required by traditional SIEMs. Developer, IT operations, and security teams all use the same platform to store and analyze data, cutting costs associated with storing multiple sets of the same data while improving collaboration with a centralized view of risk across all infrastructures. Workflow automation improves processes and analysts efficiencies, empowering them to perform higher-value security activities.

- SOC teams are armed with a cloud-native, intuitive platform - including automated security operations such as risk aggregation over time and clustering of alerts, cloud native scalability, a single, intuitive platform accessible for all SecOps, ITOps, and DevOps users, and a modern analyst experience constituting deep search integrated with a streamlined security interface to helps analysts intuitively verify alerts and investigate incidents. The Cloud SIEM solution also collects and detects new threat surfaces from hybrid cloud adoption and digital transformation initiatives.

- Drives several business and operational ROI metrics - Sumo Logic’s innovative distributed correlation engine and cloud analytics/machine learning prioritizes potential indicators of compromise for investigation, reducing MTTD and improving analyst productivity; reduce mean time to investigate/remediate through innovative investigation acceleration technology rapidly connects dots in large data sets to drive mean to time to investigate/remediate & analyst productivity; and reduced cost for compliance through easier management and accelerated workflows (including data retention, security, and access control).