Likelihood to Recommend SumoLogic is a fantastic log aggregator and analysis tool, a fine alternative to
Splunk . Searching is powerful and mostly intuitive and results come fast. If you have application logs in clusters or Kubernetes pods that lose their logs every time they're restarted, Sumo is the solution for you
Read full review If you have Symantec based environment including Symantec proxy and endpoints, Content and Malware Analysis is the obvious choice. You can't run the CAS-MAS as a standalone deployment, you need proxies or ICAP supported devices capable to send the files/URLS. It's not a network security device where you can flow/direct the traffic to C/MAS. It does not have UBA, NBA or NTR features, it is just working for analyzing files as expected.
Read full review Pros Sumo Logic allowed for our InfoSec team to ingest logs from our CDN directly, in real-time, instead of massive compressed archives that were sent every two-hours (the only alternative at the time). Sumo Logic had an app for these logs, that allowed us to easily get an immediate payoff from the data, with canned dashboard and saved searches. Sumo Logic has a fairly extensive REST API when it comes to log sources, source configurations, dashboard data, searches, etc. Their wiki for the API is usually kept up to date. Sumo Logic, during the period of time I had used their product, had added the ability to configure agents via configuration files. This allowed customers to configure their endpoints, and modify the endpoints, with configuration management tools like Chef / Puppet / Salt. Beforehand, the only option was to always make changes either via the web portal or REST API. The solutions engineers were extremely helpful, and easily reachable when issues would occur. Users at our company found it easy to get started, working on new dashboards, scheduled searches, and alerting. The alerting worked well with our third-party paging tool. Read full review 0 day detection and prevenion Flawless integration with Symantec Ecosystem Integration with other vendors supporting ICAP is also working Custom and golden image support High performance on busy environments Many threats are already detected and prevented through the CAS, it improves the performance drastically. Already builtin virustotal integration Reference to updates and updates information where I can see the product/service detecting which APTs Multiple Antivirus engines which you can select/subscribe Manual submission of file is supported through the gui URL manual submission is also supported Read full review Cons I like the help center, but I think if it had more GUI tools, it could help new users. Pulling out data is sometimes hard to read, (Maybe if I knew how to export data better, this would not be an issue for me). I would like better know-how on how to create reports that will help our business. Read full review API support is lacking Symantec/Broadcom security vision in general Symantec support is not perfect You can't run the product as a standalone network device No packet capture capabiliy or work in span mode You need a dedicated hardware to make it run You need to buy Read full review Usability Sumo Logic is very powerful but definitely requires some configuration work to get the most out of it. You can get a certification related to this, but it is definitely not something you can just throw together.
Read full review Support Rating I would give this rating because I attended a free Sumo Logic training at a WeWork in Chicago. I found the training very useful, and I learned a lot of features that I was not aware of before I went to the training. I like the idea that SumoLogic provides free training seminars. I am certified in level1, and I plan on certifying to level2.
Read full review Implementation Rating I was satisfied with the implementation, as at the time, it was the best way to implement the product with the available feature sets in Sumo Logic. User creation and management became more of an issue during continued use, instead of it being an issue related to deploying the product in our environment.
Read full review Alternatives Considered Sumo Logic works very well out of the gate. For a small business it has given us what we need. I worked at a larger company previously, and we produced so many logs we had to create a custom logging service to handle them all. Cost and availability are big issues when deciding between the different services, whether self maintained and hosted, or provided by another company.
Read full review We have been using many solutions even tested nearly all available 0day sandbox solutions in the market. We choose Symantec CMA as we have already Symantec endpoint protection/EDR on the client, Symantec proxy for the web access, SCMA fits our environment. We have a big bargain when we puchase lots of equipment from the Symantec. Detection and prevention is very good at SCMA but some constant issues; like the product is not designed for heterogeneous environments, we can not integrate the SCMA with WAFs, it's lacking in api and request/reply calls. There's no file scanning, discover the option. SIEM integration is not smooth. I can not run some of the SOAR playbooks through the SCMA.
Read full review Professional Services I've assisted several OneLogin customers with partner accounts to Sumo Logic. It has always been pleasant.
Read full review Return on Investment I can't think of any negative side effects other than it being SO slow sometimes, but compared to Splunk everything is slow It's SO much cheaper than Splunk that the time it takes to query information is well worth it In the times that we've had Sumo go down or stop logging information, we've found that we'd be absolutely lost without Sumo Read full review 0-day and APT risk is covered by the SCMA As the SSL is inspected and analyzed at Bluecoat proxy servers, hidden threats, malicous files are passed to SCMA to be analyzed. Getting full visibility at file trajectory level As it's a full proxy and ICAP integration, we are sure that the files are to analyzed and scanned for malicious activity. This is a big plus compared to NGFW analyze concept, as the NGFWs have special failsafe mechanisms allowing bypass of file analysis. SCMA fully catches the hidden threats. Flawless integration with Bluecoat systems is a big plus, customers are getting the same type of messages within their browsers. A negative impact is the standardization when I deploy SCAM to one of our locations. Then the auditors demand the same coverage within other areas and it comes with the cost. Especially maintaining these devices on premise environment has a significant cost. Read full review ScreenShots