No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender XDR vs Sumo Logic Security comparison

Microsoft and Sumo Logic are both solutions in the Security Information and Event Management (SIEM) category. Additionally, 98% of Microsoft users are willing to recommend the solution, compared to 92% of Sumo Logic users who would recommend it.
Microsoft Defender XDR
Read 109 Microsoft Defender XDR reviews
  • 13,321 Views
  • 7,193 Comparison Views
98% willing to recommend
Sumo Logic Security
Read 25 Sumo Logic Security reviews
  • 4,919 Views
  • 3,443 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Microsoft Defender XDR and Sumo Logic Security based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender XDR vs. Sumo Logic Security Report (Updated: May 2023).
Buyer's Guide
Microsoft Defender XDR vs. Sumo Logic Security
May 2023
Download the complete report
Helped 893,311 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.4
Microsoft Defender XDR delivers significant ROI by reducing costs, response times, and increasing efficiency, justifying its investment.
Sentiment score
5.8
Sumo Logic Security enhances efficiency by reducing downtime and workload, leading to overall satisfaction among users despite varied investment evaluations.
We can quarantine and isolate a device within minutes.
Agustin-Torres
Information Security Analyst at a educational organization with 10,001+ employees
Microsoft Defender XDR has saved me at least 50% of my time.
Kunle Oluwadiya
House security operator at Cypress Creek Renewables
It helped stop multiple intrusion points where we would have had millions in lost revenue if the attackers got in.
Joshua Hart
Network Technician at T. Baker Smith, LLC
For more quotes and insights, download the Microsoft Defender XDR report
We have saved 64 hours of our time overall.
Pavan Kashetty
Security Engineer at a tech vendor with 11-50 employees
The return on investment I have seen with Sumo Logic Security in the past year and a half is tough to quantify, but I would estimate it has hit the milestones we set internally for return on investment.
Frank Krieger
CISO / Founder / GRC at VINCTA BV
For more quotes and insights, download the Sumo Logic Security report
AT
KO
JH
PK
Frank Krieger - PeerSpot reviewer
 

Customer Service

Sentiment score
6.3
Microsoft Defender XDR support is praised for responsiveness, though response times and first-level support knowledge can vary significantly.
Sentiment score
7.0
Sumo Logic Security is praised for efficient customer service and effective technical support, though regional response times may vary.
You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain.
Darrell Carr
Enterprise Application Engineer at a legal firm with 1,001-5,000 employees
It's critical to escalate SEV B issues immediately to a domestic engineer.
Ty Ryan
Infrastructure engineer at Cetera Financial Group
Once issues are escalated to the second or third layer, the support is much better.
Ankit-Joshi
Cyber Security Engineer at a financial services firm with 1-10 employees
For more quotes and insights, download the Microsoft Defender XDR report
They have a response time of forty-eight hours, which is not instant support.
Vinay Patel D N
Soc Analyst at a outsourcing company with 5,001-10,000 employees
In general, they usually provide continuous support post-implementation, being in touch and trying to help, which makes their after-sale process better than Splunk.
Shay Chouker
CSO at Altera
Sumo Logic Security has really good customer support.
Frank Krieger
CISO / Founder / GRC at VINCTA BV
For more quotes and insights, download the Sumo Logic Security report
Darrell Carr - PeerSpot reviewerTy Ryan - PeerSpot reviewerAnkit-Joshi - PeerSpot reviewerVinay Patel D N - PeerSpot reviewer
SC
Frank Krieger - PeerSpot reviewer
 

Scalability Issues

Sentiment score
7.0
Microsoft Defender XDR offers scalable, efficient performance across systems, though large datasets can impact query speeds, especially on-premises.
Sentiment score
7.6
Sumo Logic Security is adaptable, scales with business growth, excels in cloud environments, and consistently receives high flexibility ratings.
My concern is about the scale of events and alerts being generated, and the product is doing a very good job of only surfacing the important items for us.
reviewer2315544
Vice President, Information Technology at a construction company with 201-500 employees
It has a very good integration system that integrates with all Azure services, all threat intelligence data models, and integrates very well with other systems such as Palo Alto.
reviewer2812758
Infosec at a government with 10,001+ employees
The biggest measurable gain is not just faster response but handling more incidents in parallel with the same team size, which is critical for enterprise scalability.
Archana-Singh
Manager at Softcell Technologies Limited
For more quotes and insights, download the Microsoft Defender XDR report
Sumo Logic Security scales up automatically because it is a cloud-native SIEM, and I do not need to worry about hardware clusters or capacity planning.
Pavan Kashetty
Security Engineer at a tech vendor with 11-50 employees
The tool has high scalability because everything is based in the cloud.
WilsonAitan
Deputy Country Manager at PT Securite Asia Indonesia (ABP Securite)
I did not face any significant issues with Sumo Logic Security, but the pricing may be a concern as they try to upsell and raise the prices very quickly.
Shay Chouker
CSO at Altera
For more quotes and insights, download the Sumo Logic Security report
reviewer2315544 - PeerSpot reviewerreviewer2812758 - PeerSpot reviewer
AS
PK
WilsonAitan - PeerSpot reviewer
SC
 

Stability Issues

Sentiment score
8.2
Microsoft Defender XDR is stable and reliable, maintaining high availability with prompt issue resolution and frequent updates.
Sentiment score
8.0
Sumo Logic Security is highly reliable, efficiently handling large data with minimal performance issues and rare support needs.
The stability is strong enough that we confidently rely on it for continuous threat detection, automated investigation, and enterprise-wide incident response.
Archana-Singh
Manager at Softcell Technologies Limited
The service has remained consistently online, with any issues isolated to specific components, suggesting a well-designed and modular architecture.
reviewer2595618
Senior System Engineer at a sports company with 5,001-10,000 employees
The services within our ecosystem have been reliable, meeting their SLAs.
Ty Ryan
Infrastructure engineer at Cetera Financial Group
For more quotes and insights, download the Microsoft Defender XDR report
If there are many records, the system may stop or the UI may become unresponsive.
Vinay Patel D N
Soc Analyst at a outsourcing company with 5,001-10,000 employees
The query language is pretty straightforward and easy, and it is very powerful for building different searches and dashboards that will serve for later exploration of the same interests I have.
Shay Chouker
CSO at Altera
It operates very well as a cloud-native SaaS platform with high availability, and there is no downtime that I have experienced.
Pavan Kashetty
Security Engineer at a tech vendor with 11-50 employees
For more quotes and insights, download the Sumo Logic Security report
AS
reviewer2595618 - PeerSpot reviewerTy Ryan - PeerSpot reviewerVinay Patel D N - PeerSpot reviewer
SC
PK
 

Room For Improvement

Microsoft Defender XDR needs improvements in alert noise reduction, tool integration, AI automation, and user interface to enhance usability.
Users urge improvements in interface usability, automation, integration, support, AI capabilities, pricing, and visualization for Sumo Logic Security.
The licensing process needs improvement and clarification.
reviewer2595324
Owner at a consultancy with 11-50 employees
Improvements are needed in automated response capabilities.
Soumitra_Chakraborty
Security manager at a consultancy with 10,001+ employees
If you have a central location where you perform one isolation method, all other potentially affected systems that have been touched may also be isolated simultaneously.
Wilson Ye
CISO at Loeb & Loeb LLP
For more quotes and insights, download the Microsoft Defender XDR report
This can lead to alerts that are collections of disjointed signals that sometimes make no sense and lack real context; this simplistic approach makes it hard to find coherent stories during investigations.
Shay Chouker
CSO at Altera
I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS.
Migell Roberts
Senior Security Analyst at City Electric Supply Company
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk.
Vinay Patel D N
Soc Analyst at a outsourcing company with 5,001-10,000 employees
For more quotes and insights, download the Sumo Logic Security report
reviewer2595324 - PeerSpot reviewer
SC
WY
SC
MR
Vinay Patel D N - PeerSpot reviewer
 

Setup Cost

Microsoft Defender XDR offers cost-effective protection for enterprises using Microsoft 365, but smaller organizations might find it pricey.
Sumo Logic Security offers mid-range pricing, balancing cost and functionality, with convenience through AWS Marketplace but increasing costs with usage.
There are certainly savings when using Microsoft Defender XDR, which can range from 30%, 40%, and even up to 50%.
Clay Bowlin
Director, Sales at a tech vendor with 201-500 employees
I would rate the pricing as eight out of ten, indicating it is a reasonable cost for the product.
Soumitra_Chakraborty
Security manager at a consultancy with 10,001+ employees
Microsoft purposefully obfuscates this through marketing ploys to hide costs.
reviewer2595618
Senior System Engineer at a sports company with 5,001-10,000 employees
For more quotes and insights, download the Microsoft Defender XDR report
This makes it more cost-effective because other solutions often include a third element in their pricing.
WilsonAitan
Deputy Country Manager at PT Securite Asia Indonesia (ABP Securite)
From one to ten, where one is cheap and ten is expensive, I would put Sumo Logic Security at a seven.
Frank Krieger
CISO / Founder / GRC at VINCTA BV
If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to find them costly since they are well-known and they have much more integration compared to Sumo Logic Security.
reviewer2806851
Security Analyst at a tech vendor with 10,001+ employees
For more quotes and insights, download the Sumo Logic Security report
CB
SC
reviewer2595618 - PeerSpot reviewerWilsonAitan - PeerSpot reviewerFrank Krieger - PeerSpot reviewerreviewer2806851 - PeerSpot reviewer
 

Valuable Features

Microsoft Defender XDR offers comprehensive threat detection and response with advanced features, centralized management, and seamless integration with Microsoft products.
Sumo Logic Security offers comprehensive log aggregation, AI analytics, and scalability, enhancing detection, response, and operational efficiency.
With Microsoft threat intelligence information, it detects various types of threats, including insider attacks, malicious content, and data exfiltration.
Soumitra_Chakraborty
Security manager at a consultancy with 10,001+ employees
This allows us to secure our systems in advance and proactively improve security, rather than waiting for incidents to occur.
A Roy
Works at Hometrack
Once we have it on the security dashboard, we can see a real-time storyline.
Agustin-Torres
Information Security Analyst at a educational organization with 10,001+ employees
For more quotes and insights, download the Microsoft Defender XDR report
The features I find most useful in Sumo Logic Security are the ease of implementation and connectors; they have a very easy connection and many connectors to important systems, making it very easy to implement and fast to start running in production.
Shay Chouker
CSO at Altera
They are able to save time on fewer alerts because we are able to perform tuning on the logs to be able to only get relevant or security relevant incidents.
Migell Roberts
Senior Security Analyst at City Electric Supply Company
My SOC analysts were crushed under Splunk, but Sumo has actually eased the workload and made it tolerable for three people.
Frank Krieger
CISO / Founder / GRC at VINCTA BV
For more quotes and insights, download the Sumo Logic Security report
SC
AR
AT
SC
MR
Frank Krieger - PeerSpot reviewer
 

Categories and Ranking

Microsoft Defender XDR
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
109
Ranking in other categories
Endpoint Detection and Response (EDR) (8th), Extended Detection and Response (XDR) (4th), Microsoft Security Suite (4th)
Sumo Logic Security
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
25
Ranking in other categories
Log Management (20th), Security Information and Event Management (SIEM) (22nd), Security Orchestration Automation and Response (SOAR) (13th)
 

Featured Reviews

AS
Archana-Singh
Manager at Softcell Technologies Limited
Centralized threat detection has improved response times but still needs better integrations
Microsoft Defender XDR simplifies cross-domain investigations for the SOC team. Instead of switching between separate endpoint, email, identity, and cloud security tools, the analysts can investigate correlated incidents from a single console with unified telemetry and timelines. The best features Microsoft Defender XDR offers are cross-domain incident correlation, automated investigation and response, and unified visibility across endpoint, identity, email, and cloud workloads. The attack timeline and correlated incident view are especially valuable because they help analysts understand the full attack chain quickly without manually stitching data from multiple security tools. The automated investigation and response capabilities in Microsoft Defender XDR save a significant amount of manual effort for the SOC team. Routine tasks like alert correlation, endpoint isolation, malware analysis, and remediation recommendations are automated, which reduces analyst workload and improves response time for common incidents. One underrated feature in Microsoft Defender XDR is the unified attack timeline and identity correlation capabilities. It gives analysts a clear end-to-end view of user, email, data, device, and identity activity during an incident, which makes root cause analysis and lateral movement tracking much easier. Microsoft Defender XDR has improved our overall security visibility and helped reduce the time required to detect and respond to threats across endpoints, identities, email, and cloud workloads. It also improved our SOC efficiency by centralizing investigations and automating repetitive response actions, which reduced operational overhead significantly.
Read full review
MR
Migell Roberts
Senior Security Analyst at City Electric Supply Company
Security insights have enabled faster incident response and streamlined cross-team collaboration
To improve Sumo Logic Security, I would appreciate the tool being easier to use from a search perspective. For example, we have a few teams that want to use the tool itself, but they are not as savvy when it comes to creating searches from the core platform. I understand that Mobot has come out and is in the works, and it really does assist non-savvy users when it comes to querying the platform. As far as that is concerned, I wish that could be improved a bit more, but I do know that that is in the works. I would add that I wish for improved documentation. For example, we are using Sumo Playbooks and automation integrations along with that, but I have found that there has been a lack of documentation, very little to none at all when it comes to that. With regards to automation integrations as well, there are very few details included in them. I would also appreciate the AWS automation integrations to be more secure because currently, they are using access keys, which involves a user rather than roles, which is the security best practice recommended by AWS. I chose eight out of ten because to make it a nine or ten, I would lean heavily on the documentation. A lot of the times when we get around to configuring things such as playbooks or trying to understand playbooks, what I found was that documentation sometimes is not up to date or documentation is lacking. There are instances also where some security best practices are not being followed. So, if we are able to set up an integration that is not only secure, following security best practices, and has complete documentation, I believe it would alleviate the issue of having to go back and forth with support to check the documentation and things of that nature. My impression of the built-in threat intelligence feature in Sumo Logic Security is that it is comprehensive, but I would say that it could do a little bit better. For example, we have the TAXI feeds, which is STIX and TAXI integrated into the core platform, but the issue I am running into is that I am able to use that feed into a CSE alert; however, I am not able to see the contents of that feed. If I integrate CISA, which we do have integrated, I cannot see what IOCs are in that feed in the core platform, and I hope that is the case because, in order for us to better tune our alerts, we need to be able to see what is in the contents of that threat intelligence feed.
Read full review
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
893,311 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
11%
Financial Services Firm
9%
Manufacturing Company
7%
Comms Service Provider
7%
Manufacturing Company
12%
Financial Services Firm
10%
Outsourcing Company
9%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise29
Large Enterprise41
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise4
Large Enterprise16
 

Questions from the Community

What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
See all answers
What is your experience regarding pricing and costs for Microsoft 365 Defender?
My experience with the pricing, setup costs, and licensing of Microsoft Defender XDR is that we are on an E5 license, so it is incorporated there. It is part of our Microsoft package.
See all answers
What needs improvement with Microsoft 365 Defender?
From my perspective, Microsoft Defender XDR can be improved with better visibility in certain areas where I can trigger host isolation on one machine. It should at least provide the option to isola...
See all answers
What is your experience regarding pricing and costs for Sumo Logic Security?
I would say that the pricing for Sumo Logic Security is in the medium part of the market. If you go to the well-known vendors such as Azure Sentinel or other tools like Splunk, you are going to fin...
See all answers
What needs improvement with Sumo Logic Security?
I would say there are a few more things that Sumo Logic Security can improve on. It is not the tool; it is a technical part. From the app point of view, I would say when we need to include a few la...
See all answers
What is your primary use case for Sumo Logic Security?
I use Sumo Logic Security.
See all answers
 

Comparisons

CrowdStrike Falcon vs Microsoft Defender XDR Logo
CrowdStrike Falcon vs Microsoft Defender XDR
Compared 10% of the time
Wazuh vs Microsoft Defender XDR Logo
Wazuh vs Microsoft Defender XDR
Compared 6% of the time
SentinelOne Singularity Endpoint vs Microsoft Defender XDR Logo
SentinelOne Singularity Endpoint vs Microsoft Defender XDR
Compared 4% of the time
Microsoft Defender for Cloud vs Microsoft Defender XDR Logo
Microsoft Defender for Cloud vs Microsoft Defender XDR
Compared 4% of the time
Microsoft Defender for Endpoint vs Microsoft Defender XDR Logo
Microsoft Defender for Endpoint vs Microsoft Defender XDR
Compared 3% of the time
More Microsoft Defender XDR Competitors
Panther vs Sumo Logic Security Logo
Panther vs Sumo Logic Security
Compared 12% of the time
Splunk Enterprise Security vs Sumo Logic Security Logo
Splunk Enterprise Security vs Sumo Logic Security
Compared 8% of the time
Microsoft Sentinel vs Sumo Logic Security Logo
Microsoft Sentinel vs Sumo Logic Security
Compared 6% of the time
IBM Security QRadar vs Sumo Logic Security Logo
IBM Security QRadar vs Sumo Logic Security
Compared 5% of the time
Elastic Security vs Sumo Logic Security Logo
Elastic Security vs Sumo Logic Security
Compared 4% of the time
More Sumo Logic Security Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender XDR
April 2026
Microsoft Defender XDR reportDownload Microsoft Defender XDR product report
Buyer's Guide
Sumo Logic Security
April 2026
Sumo Logic Security reportDownload Sumo Logic Security product report
 

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
No data available
 

Overview

Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

Microsoft

Sumo Logic Security offers efficient event monitoring with customizable alerts, centralized log search, and real-time threat detection. It supports multi-cloud environments and integrates with threat intelligence, reducing workload with AI-driven analytics.

Sumo Logic Security empowers organizations with advanced logging and monitoring solutions, facilitating comprehensive security event management. Its robust log search and comparison features, combined with user-friendly dashboards, enable quick event analysis. The platform's multi-cloud support and real-time threat detection are notable features, seamlessly integrating automated log correlation and AI analytics to optimize user experience. Despite needing enhancements in querying and dashboard functionalities, Sumo Logic Security remains a reliable choice for application log management, IT asset visibility, and incident alerting. Organizations utilize it for threat detection, posture monitoring, and compliance audits, in platforms like AWS, focusing on security insights and performance monitoring.

What are the key features of Sumo Logic Security?
  • Log Search: Facilitates centralized search and event analysis.
  • Custom Alerts: Offers flexibility in monitoring specific security events.
  • AI-driven Analytics: Reduces workload and speeds up response times.
  • Real-time Detection: Ensures swift threat identification and mitigation.
  • Multi-cloud Support: Enables integrations across cloud environments.
What benefits can users expect from Sumo Logic Security?
  • Ease of Implementation: Quick setup and deployment processes.
  • Cost-effective Pricing: Provides value-driven investment with supportive customer service.
  • Responsive UI: Enhances user experience and efficiency in operations.
  • Compliance Audits: Facilitates thorough security audits and reporting.

Organizations in industries like finance and technology implement Sumo Logic Security to maintain security and compliance, leveraging its advanced monitoring and alerting capabilities. Teams focus on application troubleshooting and forensic analysis, ensuring robust security posture and effective incident response across cloud-based environments.

Sumo Logic
 

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Information Not Available
Buyer's Guide
Microsoft Defender XDR vs. Sumo Logic Security
May 2023
Free Report: Microsoft Defender XDR vs. Sumo Logic Security
Find out what your peers are saying about Microsoft Defender XDR vs. Sumo Logic Security and other solutions. Updated: May 2023.
DOWNLOAD NOW
893,311 professionals have used our research since 2012.
See our Microsoft Defender XDR vs. Sumo Logic Security report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.