We performed a comparison between Elastic Security and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Free ingestion for Azure logs (with E5 licence)"
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The feature that we have found the most valuable is scalability."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"It's very customizable, which is quite helpful."
"The most valuable feature is the speed, as it responds in a very short time."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"The most valuable feature is the machine learning capability."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"The solution is quite stable."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs."
"It helps a lot because we can troubleshoot issues pretty easily."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"We'd like to see more connectors."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The solution could improve the playbooks."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The tool should improve its scalability."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"The initial setup is the most stressful, like learning how to use it."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"There are some API gaps that are missing."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"The integration with multiple sources could be better."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
Elastic Security is ranked 5th in Log Management with 58 reviews while Sumo Logic Security is ranked 22nd in Log Management with 18 reviews. Elastic Security is rated 7.6, while Sumo Logic Security is rated 8.6. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and Amazon CloudWatch. See our Elastic Security vs. Sumo Logic Security report.
See our list of best Log Management vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.