Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Sumo Logic
Score 9.4 out of 10
N/A
Sumo Logic is a log management offering from the San Francisco based company of the same name.
We decided to go with Microsoft Sentinel because it works really well with Microsoft tools we are already using. Microsoft Sentinel's intelligent features detect and resolve problems more quickly than Sumo Logic. It also allows us to pay for what we use and grow as we need. …
Well, primarily we use different stuff like CrowdStrike. We use different sign-on features. We primarily use those different products because we support a wider ecosystem.
Splunk, Google, SecOps. I look at how it stacks up based on the fact that it's the primary solution that we sell. So I think it stacks up really well. Why do we select it? Well, we selected it primarily because we're a very large Microsoft partner. The technology is very good …
Well before there was Microsoft Sentinel, you had other competing products like ArcSight or Splunk, et cetera. I think they have their own qualities, but the Microsoft integration story is really why we're using it.
We use intune to protect endpoints and we pull logs from all the endpoints through the intune connector into the Microsoft Sentinel SIEM and that way we can run rules on those logs to find anomalies.
Elastic seems to have a much better interface for log search and is able to filter out noise. Microsoft Sentinel also appears to generate a lot of false positives.
Elastic is some carbon for various use cases. So because Elastic is a very, very wrong history in the market. So Sentinel is very recent for products from my understanding.
Prior to using Sentinel, we were using Splunk specifically Splunk Enterprise Security and Splunk Cloud, so their on-prem and their cloud-based products. We switched originally for cost reasons, specifically cost control, but I have found that the ability to create reports, the …
Based on the overall infrastructure configuration that we have and also after analysing various solutions provided by Microsoft Sentinel, we came to a conclusion that the Microsoft Sentinel is the best option for us to help us in overall threat detection on our custom servers, …
I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate …
As mentioned, the product was part of the purchase of several Microsoft Suites that we did earlier last year and with 200 licenses included, we can exclude those from the other SIEM and SOAR product, it just work well with the Microsoft's environment that we partially have Is …
The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. …
ArcSight is an on-prem solution that has a different approach than Sentinel.
In a basis this product is more complex to maintain and deploy. The query functionality in Sentinel is more powerful and easier to maintain. ArcSight has a much slower performance and an interface that …
We don't need to maintain a third-party SaaS solution or spend any time integrating it since Microsoft Sentinel is the ideal option to give a single point of attack detection and alert monitoring.
Microsoft Sentinel really goes the extra mile when it comes to an SIEM that slowly improves toward a proper SOAR, this may be the best selling point of the entire solution. Highly scalable, cloud-based, and nearly perfect when dealing with Microsoft-based infrastructures, …
Most of those have been out in the industry for a longer time, so they have a lot more user friendliness to them. So I'd say it's in the mix. It's just not as high as it should be or I would expect it to be.
Previous to Azure Sentinel, we were using the McAfee SIM and it just wasn't keeping up with the times and that was the choice of moving to Azure Sentinel.
Sumo Logic works very well out of the gate. For a small business it has given us what we need. I worked at a larger company previously, and we produced so many logs we had to create a custom logging service to handle them all. Cost and availability are big issues when …
It's cheaper, by an ungodly number of dollars. Splunk is insanely expensive. But Splunk is also incredibly fast and efficient. Splunk also holds information indefinitely (forever) so if I wanted to see if a specific end-user clicked a very specific button in 2012, I can search …
We felt the features were comparable and Sumo Logic offered a better price. This was our first log aggregation tool so we don't have a lot of insight for competing products. I speak with many others specifically regarding splunk and it seems to be comparable in many ways except …
Provides the same basic solution as Splunk as it is a central log aggregator. The main difference for us is hosted or cloud vs. on-premise. The other large difference for us was the central management of the collectors. Sumo provides a single view of all the collectors, …
For use this was a better overall solution for our needs. Between reporting, access and the ability to support an external two-factor solution for controlled access.
Comparing them to Logstash and other open source tools, Sumo Logic is a clean, already well built tool that is ready to ingest and analyze data instantly. Other open source tools take a lot of time to build and manage; and their graphs/dashboards are almost always lacking. Sumo …
We had used Splunk previously. Sumo Logic defeats them when it comes to cost, including the costs that would normally come with supporting/managing/patching/upgrading your own infrastructure and storage. Those were wins, but especially the real-time CDN integrations due to Sumo …
We use it because when a user sees the suspicious activity on his account, Microsoft Sentinel gives alerts to the user's system and the admin system as well. When a user of one of our systems clicked a spam email, that email was trying to install a virus on our server, but Microsoft Sentinel gave an alert to the user and admin both, so that is why our team was able to fix that issue with Microsoft Sentinel very fast. However, it will not be the best option for you if your team is utilizing every feature but you are on a tight budget.
SumoLogic is a fantastic log aggregator and analysis tool, a fine alternative to Splunk. Searching is powerful and mostly intuitive and results come fast. If you have application logs in clusters or Kubernetes pods that lose their logs every time they're restarted, Sumo is the solution for you
It is a good tool for threat detection and analysis of the threats. We are using this tool for real time threat detection on our employee machines as well as some servers.
It provides various options for collecting data sources by leveraging multiple sources using data connectors. This helps us in gathering data from multiple sources such as our servers as well as our employee machines.
One good thing about this tool is automated incident response thereby increasing the security of servers.
Log Aggregation and uploading. The architecture for Sumo Logic makes a great deal of sense and works very well.
Automated analysis. It still impresses me how well a newly uploaded log can be broken into intelligent parts, then searched and sorted using their tools.
Dashboards. It might not be what YOU will need as an IT admin, but you can give access to these dashboards easily to business users who love that kind of stuff. Most other types of (monitoring / alerting) tools, for no apparent reason, lack this feature.
Reporting, monitoring, and graphing. Given, you need to have useful log generation for an application or service as a prerequisite for sumo logic to be able to gain use, once it has it is an amazingly powerful tool.
It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on.
Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced.
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Sumo Logic is very powerful but definitely requires some configuration work to get the most out of it. You can get a certification related to this, but it is definitely not something you can just throw together.
I would give this rating because I attended a free Sumo Logic training at a WeWork in Chicago. I found the training very useful, and I learned a lot of features that I was not aware of before I went to the training. I like the idea that SumoLogic provides free training seminars. I am certified in level1, and I plan on certifying to level2.
I was satisfied with the implementation, as at the time, it was the best way to implement the product with the available feature sets in Sumo Logic. User creation and management became more of an issue during continued use, instead of it being an issue related to deploying the product in our environment.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
We had used Splunk previously. Sumo Logic defeats them when it comes to cost, including the costs that would normally come with supporting/managing/patching/upgrading your own infrastructure and storage. Those were wins, but especially the real-time CDN integrations due to Sumo Logic's collaborations with other vendors. We had spoken to Logentries and discovered that many of the cons we found with Sumo Logic seemed to have been resolved in their product. Their pitfall was that, at the time, Logentries did not have the ability to get real-time log ingestion from our CDN. They said they had a solution, which was scripted, but we had not evaluated/tested. Logentries also did not have a User / RBAC REST API, and are nowhere near the level of compliance that Sumo Logic had (https://www.sumologic.com/press/2015-02-19/sumo-logic-successfully-completes-pci-data-security-stand...). In the end, I believe Logentries and Sumo Logic would be two good vendors to get involved in a bake-off
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.