Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs Sumo Logic Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.3
Users find Microsoft Sentinel offers positive ROI through improved visibility, automation, and efficiency, despite initial costs and quantification challenges.
Sentiment score
7.6
Sumo Logic Security enhances efficiency and ROI by streamlining troubleshooting and log access without needing widespread credential distribution.
 

Customer Service

Sentiment score
6.7
Microsoft Sentinel support is mixed; premium plans and better Microsoft relationships yield favorable experiences despite some challenges.
Sentiment score
7.4
Sumo Logic Security's customer support is praised for responsiveness and effectiveness, although some report slower responses and no phone support.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
They have a response time of forty-eight hours, which is not instant support.
 

Scalability Issues

Sentiment score
8.1
Microsoft Sentinel's cloud architecture ensures scalable, flexible data handling with minimal management, supporting large user bases and easy integration.
Sentiment score
8.0
Sumo Logic Security is highly scalable, efficiently accommodating diverse environments and data volumes, with users rating its scalability highly.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
 

Stability Issues

Sentiment score
7.8
Microsoft Sentinel is highly stable and reliable, with users praising its performance and noting rare, minor configuration issues.
Sentiment score
8.1
Sumo Logic Security is stable and efficient, experiencing minimal issues, with stability ratings from seven to nine out of ten.
So far, we have not experienced any issues, and it has been stable from the beginning.
Sentinel's stability is great.
If there are many records, the system may stop or the UI may become unresponsive.
 

Room For Improvement

Microsoft Sentinel users seek improved third-party integration, user-friendly features, enhanced threat intelligence, and streamlined data management to reduce costs.
Sumo Logic Security needs better dashboards, pricing, automation, scalability, log handling, correlation, mapping, and faster support response.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk.
 

Setup Cost

Microsoft Sentinel offers cost-effective, consumption-based pricing, benefiting from Azure integration with careful data management to control expenses.
Sumo Logic offers competitive pricing on AWS Marketplace, valued for simplicity and functionality but costly for smaller organizations.
We already had the necessary licensing for Sentinel, so we didn't need to spend extra money.
 

Valuable Features

Microsoft Sentinel offers seamless integration, AI-driven threat detection, and automation, providing comprehensive security and ease of setup for organizations.
Sumo Logic Security provides customizable alerts, real-time observability, and seamless integrations for comprehensive, scalable security monitoring and forensics.
Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower.
If we cannot find the data in other tools, like email security or NDR, we can fetch those logs in the Log Analytics platform of Sumo Logic.
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (6th)
Sumo Logic Security
Ranking in Security Information and Event Management (SIEM)
22nd
Ranking in Security Orchestration Automation and Response (SOAR)
14th
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
19
Ranking in other categories
Log Management (22nd)
 

Mindshare comparison

As of January 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 8.6%, down from 10.2% compared to the previous year. The mindshare of Sumo Logic Security is 1.0%, down from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Nitin Arora - PeerSpot reviewer
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.
Moole Muralidhara Reddy - PeerSpot reviewer
Used to store and monitor application logs and VPC flow logs
We are mainly concentrating on networking. We use VPC products and application logs to monitor the genuineness of users who have logged in. We also store and monitor GuardDuty logs to see if someone is trying to access the same server multiple times. We are storing and monitoring WAF logs and GuardDuty logs. If someone faces any issues, we'll receive an email and take action based on it. If someone tries to access one of the applications from a different country, we can search in Google and identify the location of that particular IP address. Sumo Logic Security identifies whether a particular IP address is low, medium, or high risk without the help of Google. We can store logs in CloudWatch, but it is very difficult to search them in CloudWatch. We should know the query in order to do that. Searching for logs with Sumo Logic Security is very easy compared to CloudWatch. We have been using the solution for more than two years and haven't faced any issues with the solution's availability. I would recommend the solution to other users. I would recommend Sumo Logic Security instead of AWS, CloudWatch, or CloudTrail. With Sumo Logic Security, you can capture and see all the logs in a single place. If some issues occur, you can log into the solution and verify all the logs. At an organizational level, we have multiple AWS accounts for different environments. Instead of logging in to all the AWS accounts, you can log in to Sumo Logic Security and verify everything. Overall, I rate the solution a nine out of ten.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
825,661 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
Computer Software Company
16%
Financial Services Firm
11%
Government
10%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about Sumo Logic Security?
Sumo Logic Security is a good solution for searching the logs and identifying the issues.
What needs improvement with Sumo Logic Security?
The correlation rules and log mapping are not as mature compared to other SIM tools like Splunk. Sometimes logs will not fetch, and there are issues if the log volume exceeds a threshold. Not every...
 

Also Known As

Azure Sentinel
No data available
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Information Not Available
Find out what your peers are saying about Microsoft Sentinel vs. Sumo Logic Security and other solutions. Updated: November 2024.
825,661 professionals have used our research since 2012.