What is our primary use case?
We've got it integrated into all of our production assets and our IT assets, like Okta and all the SaaS stuff that we need to manage our IT environment. It's plugged into pretty much everything.
Primarily, we use it for security alerting. We plug it into Amazon and it lets us know when people log into different accounts, change privileges, log into production, etc. We also have it integrated on the IT side too — we have it integrated into our SSO provider. We want to know if someone logs in too many times or how frequently they try to log in, whether they get locked out or not. It generates alerts. We're starting to roll it out in terms of forensics on our audit logs.
Company-wide, if it is part of our certification process, if we buy a SaaS service, it has to integrate with a SIM — it has to provide audit logs. There are a couple of other criteria that we have: it's got to have a split SSO, it has to have a supported SIM, and it's got to support audit logs. All the read-only audit logs get dumped into Sumo Logic as well, and the security team monitors all of that.
Our DevSecOps team mainly uses this solution.
How has it helped my organization?
Sumo Logic has absolutely improved our organization — 100%. Sumo Logic is a great tool, it's absolutely necessary. I like Sumo Logic because it always works. It's so easy to use. It's got all the capabilities we need right now.
What is most valuable?
What I like most is the ability to create custom alerts.
They have a really, really rich query language. I don't know the name of the product offering. I'm sure they have a specific name in the solution, but basically being able to pull all that data in, and be able to build queries in a query language and map that to actions; whether that's alerting or triggering events. And that's really where our SecOps team spends most of their time — trying to look at the forensics, look at the information, and map it to some meaningful event. And they just build all these different queries that map to those events or alerts.
For how long have I used the solution?
I have been using Sumo Logic for a year and a half at my current company, and I've used it previously at another company as well.
What do I think about the stability of the solution?
Stability-wise, It's great. We never experienced any bugs or glitches.
What do I think about the scalability of the solution?
We have no issues scalability-wise. We've never had any issues with the capacity, even at my previous company, they were able to handle it.
How are customer service and technical support?
I personally haven't contacted tech support, but I know at my previous company, we found them very responsive — they were solid. Although, there's always room for improvement. Overall, I would give their tech support a rating of nine out of ten.
Which solution did I use previously and why did I switch?
At my current company, we started with Sumo Logic. That was just because when we started, multiple people had different experiences with different tools and this one came out on top. We also used Splunk for a while.
We started with Splunk — this is back at my previous company in like 2014, 2015 — but they priced themselves out. Plus, Sumo Logic seemed to have a better price-to-functionality ratio.
When Splunk switched their model and went after large enterprises, they left a lot of startups in the lurch. They just left us holding the bag and said, "See ya", and went off and started going after large enterprises.
How was the initial setup?
The initial setup was very straightforward. Setting up all the integrations was trivial.
What's my experience with pricing, setup cost, and licensing?
The pricing is good. It's not an issue for us. I just haven't taken a look at the pricing model in detail. I don't know how that grows, exactly. It's more of a volume thing I think. But right now, it's doing everything we need, and it is not a point of pain in terms of pricing or reliability. There are other solutions that are far worse. So it's doing great. That's all I really could say.
What other advice do I have?
Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos. It's just an all-around, easy solution to use. I would be shocked if it doesn't meet your needs.
They just need to keep the pricing model right and ensure that the integrations are seamless. Sumo Logic needs to make sure integrating solutions are seamless. As a startup, we're looking to scale our team with tools that are really easy to use, that scale as well — tools like Sumo Logic, where one person can manage a ton. We probably have 20,000 assets in the cloud, and probably 60 assets in corporate IT, and they're all pumping everything to Sumo logic. Then from one place, you can start analyzing just about anything. That's really important to us.
Overall, on a scale from one to ten, I would give Sumo Logic a rating of nine. If they added more integration, I would give them a rating of ten.
Which deployment model are you using for this solution?