Know Your SIEM Solutions: Sumo Logic Cloud SIEM

Discover whether Sumo Logic's SIEM offering could become a valuable tool for your organization.

Know Your SIEM Solutions: Sumo Logic Cloud SIEM

Founded in 2020 and headquartered in Redwood City, California, Sumo Logic is a specialist enterprise offering cloud-first data analytics and integrated security solutions. Its SIEM solution is cloud-native and specializes in automatically triaging cloud security alerts through in-depth correlations of log analytics.

In the following post, we'll walk you through the essentials of Sumo Logic's SIEM offering, detailing its features, and helping you understand whether this is the right tool for your organization's cybersecurity expansion.

Availability

Sumo Logic's Cloud SIEM comes with a focus on Software as a Service (SaaS). The platform includes native User and Entity Behavior Analytics (UEBA) capabilities and provides 365 days of storage as part of its standard package. Despite a predominantly North America-focused global presence, Sumo Logic leverages AWS data centers to ensure reliable service delivery worldwide.

Features and Integrations

Sumo Logic's Cloud SIEM offers a fairly robust solution for modern security operations. The main feature is its standout cloud-native architecture which is deployed through AWS data centers. Additionally, the platform supports collaboration integration with any solution compatible with webhooks or HTTPv2 posts. 

Unlike many SIEMs, Sumo Logic's solution offers plenty of opportunity for expansions and integrations beyond the usual array of apps that might make up your security ecosystem. Notably, supplementary Security Orchestration, Automation, and Response (SOAR) functionalities are available as an add-on to the SIEM. These additions can be tailored to the specific needs of users and priced based on the number of users actually utilizing these features within your security team.

Sumo Logic has also developed apps to facilitate the ingestion of cloud log data from major cloud service providers such as AWS, Azure, and GCP, enabling centralized cloud SIEM capabilities. While a UEBA app is available for prebuilt detections, users have the flexibility to modify existing rules code to create new rules.

State of Development

Despite being a relatively recent provider in the sector, Sumo Logic has been making significant strides in enhancing its Cloud SIEM offering for organizations. Some of the notable improvements have included the acquisition of DF Labs, which enabled the app to augment security operations capabilities with SOAR functionality, and the enhanced search functionality that works across all Sumo Logic data tiers.

There has also been ongoing development of numerous third-party integration apps since the DF Labs acquisition. These have included enriching the Cloud SIEM with cloud monitoring, Machine Learning (ML)-based detectors, vulnerability information, and data ingestion capabilities from various security vendor solutions.

Considerations

Sumo Logic is a robust and modern SIEM solution. Its strengths lie in its cloud-native environment monitoring and expansive SOAR add-on. Its connectivity to other apps through integrations also further enhances its capabilities at being an organization-wide security command center.

However, some of the weaker points of the platform include its reliance on third-party integrations for essential Endpoint Detection and Response (EDR). This can be remediated by connecting existing EDR solutions, but for organizations looking to get up and running right out of the box it may lag their time-to-deployment.

Considering building an integration with Sumo Logic or any other SIEM solution? Metron has experience building scalable integration with numerous security products.

If you are considering any custom cybersecurity solution that focuses on the resources and needs of your organisation, please send a note to connect@metronlabs.com.