We performed a comparison between SolarWinds Security Event Manager and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The dashboard that allows me to view all the incidents is the most valuable feature."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The Log analytics are useful."
"We have no complaints about the features or functionality."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
"It supports high availability, which is very helpful."
"SolarWinds' stability is fine. I don't think we've had any software issues."
"SolarWinds is effective for server, network, and log monitoring. It's also good for IP address management. We also have a patch manager, but we're still working on getting that operational."
"The most valuable feature is the reporting."
"This tool is simple to use."
"The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out."
"The most valuable feature is the ease of use for the end user."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"We can integrate threat intelligence solutions into the product."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"Technical support is always great."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The only thing is sometimes you can have a false positive."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"The company had to use a third party for the implementation of the solution."
"There are no multiple dashboards which would allow you to see information side-by-side."
"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."
"Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
"The initial setup is the most stressful, like learning how to use it."
"It would be nice to have an improved ability to scroll through logs within a time frame. Right now, we can search for specific errors. However, if we want to look for "before and after" within a specific time frame, it's not easy using the tool. This would be an improvement."
"There are some API gaps that are missing."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
More SolarWinds Security Event Manager Pricing and Cost Advice →
SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews while Sumo Logic Security is ranked 20th in Security Information and Event Management (SIEM) with 18 reviews. SolarWinds Security Event Manager is rated 7.8, while Sumo Logic Security is rated 8.6. The top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Wazuh and Microsoft Defender XDR, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and IBM Security QRadar. See our SolarWinds Security Event Manager vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.