We performed a comparison between Elastic Security and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Log aggregation and data connectors are the most valuable features."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"We've found the initial setup to be quite straightforward."
"The feature that we have found the most valuable is scalability."
"The scalability is good. It can be scaled easily in the production environment."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"It's not very complicated to install Elastic."
"It's simple and easy to use."
"Enables monitoring of application performance and the ability to predict behaviors."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"The solution is quite stable."
"The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs."
"Technical support is always great."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"Sumo Logic Security is a good solution for searching the logs and identifying the issues."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The reporting could be more structured."
"The only thing is sometimes you can have a false positive."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"The biggest challenge has been related to the implementation."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"Technical support could respond faster."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"Sumo Logic needs to make sure integrating solutions are seamless."
"The integration with multiple sources could be better."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
Elastic Security is ranked 5th in Log Management with 59 reviews while Sumo Logic Security is ranked 20th in Log Management with 18 reviews. Elastic Security is rated 7.6, while Sumo Logic Security is rated 8.6. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security and VMware Aria Operations for Logs. See our Elastic Security vs. Sumo Logic Security report.
See our list of best Log Management vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.