We performed a comparison between Splunk Enterprise Security and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"Log aggregation and data connectors are the most valuable features."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The connectivity and analytics are great."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Splunk is a user-friendly solution."
"The flexibility of the solution is quite good."
"The scalability is good."
"Splunk Enterprise Security is able to process a huge amount of data without any issues."
"It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform."
"This is a straightforward solution, easy to configure."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"The solution is quite stable."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"We are invoiced according to the amount of data generated within each log."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The solution could be more user-friendly; some query languages are required to operate it."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"The threat management part is still lagging. There are some gaps in threat management. Other vendors have built-in threat management systems, but Splunk lacks the threat management component in its portal. The UEBA and everything else is perfect, but it lacks a unified threat intelligence and management part."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"It could be more user friendly, in terms of the end-user experience."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"The product must improve insider threat detection."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"There is a definite learning curve to starting out."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"The solution should improve its UI."
"The integration with multiple sources could be better."
"The initial setup is the most stressful, like learning how to use it."
Splunk Enterprise Security is ranked 1st in Log Management with 221 reviews while Sumo Logic Security is ranked 21st in Log Management with 17 reviews. Splunk Enterprise Security is rated 8.4, while Sumo Logic Security is rated 8.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Sumo Logic Security writes "Integrates well, useful rules, and beneficial GUI". Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, VMware Aria Operations for Logs, IBM Security QRadar and LogRhythm SIEM. See our Splunk Enterprise Security vs. Sumo Logic Security report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.