We performed a comparison between Splunk Enterprise Security and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Sentinel pricing is good"
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The logs on the solution are excellent."
"Alerts when a server is malfunctioning, monitors external attacks, and takes action to stop spreading viruses."
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"On the cloud, we are pushing through less than half a petabyte of data. So far, it has been fairly stable because it runs on all the underlying AWS infrastructures."
"We can easily configure things as required in relation to our use cases."
"Splunk's visualizations make it easy for users to understand the data."
"The best part of Splunk Enterprise Security is its customizable settings."
"The initial setup isn't overly complex."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"Technical support is always great."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"Sumo Logic Security is a good solution for searching the logs and identifying the issues."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"We can integrate threat intelligence solutions into the product."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"The playbook is a bit difficult and could be improved."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"It takes time to train people."
"I would like to see an updated dashboard. The dashboard is a little out-of-date. It could be made prettier."
"Being a SIEM solution with a centralized dashboard, we would like to have more options to customize it."
"Professional support is great, but too expensive."
"We'd like to have the number of devices covered under the license to be increased."
"Licensing costs can be a barrier for those with limited budgets."
"Splunk is very expensive. The license is based on the volume of the logs ingested. I was responsible for managing the contract with our service integrator. I don't know the precise details of the competing solution, but I have heard that Splunk is more expensive than others. I don't know what the going rate is on the market, but I think there are at least two competitors that are less expensive. We have experienced a few issues with our service providers in terms of log filtering and ingestion, so we continue to pay a bit more per day for our logs."
"Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"The integration with multiple sources could be better."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"There are some API gaps that are missing."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
"The solution should improve its UI."
Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews while Sumo Logic Security is ranked 17th in Security Information and Event Management (SIEM) with 18 reviews. Splunk Enterprise Security is rated 8.4, while Sumo Logic Security is rated 8.6. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, VMware Aria Operations for Logs, Grafana Loki and Google Chronicle Suite. See our Splunk Enterprise Security vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors, best Log Management vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.