Sumo Logic Security Solutions
Sumo Logic's security solutions support the entire spectrum of security use cases, from security analytics to SIEM and SOAR:
- Logs for Security
Provides enhanced insight for security analysts into threat activity via logs. Collect security log and event data from your infrastructure and applications, on-premises and in-cloud. Analyze your security data with pre-built and custom dashboards, out-of-the-box security apps, and robust queries. - Threat detection, investigation, and response
After you have collected logs for security, you can use them with the following solutions for threat detection, investigation, and response:- Cloud SIEM
Gives SOC (security operations center) analysts prioritized and contextualized actionable threats with automated security workflows. Out-of-the-box automated detection reduces manual work, saving valuable resource time and enabling your team to be more effective by allowing them to focus on higher-value security functions. - Cloud SOAR
Fully automates triage, investigation, and remediation of threats for any security professional. The open integrations framework allows you to connect to a multitude of third-party applications. The platform provides full incident response lifecycle management with machine learning and threat hunting, accelerating mean time to respond (MTTR). |
- Cloud SIEM
Security feature comparison
Following are features available with our security solutions. If you have any questions on availability or a free trial, you can reach out to your Sumo Logic account team.
| Feature | Logs for Security | Cloud SIEM | Cloud SOAR |
|---|---|---|---|
| Log collection | ✓ | ✓ | ✓ |
| App catalog (out-of-the-box analytics) | ✓ | ✓ | ✓ |
| Dashboard | ✓ | ✓ | ✓ |
| Deep search (Sumo Logic Search Query Language) | ✓ | ✓ | ✓ |
| Advanced analytics with machine learning (GIS for GuardDuty and CloudTrail) | ✓ | ✓ | ✓ |
| Monitoring | ✓ | ✓ | ✓ |
| Alerts | ✓ | ✓ | ✓ |
| Threat Intelligence (threat intel feed and threat analysis app) | ✓ | ✓ | ✓ |
| Normalization with parsing of unstructured data and Field Extraction Rules | ✓ | ✓ | ✓ |
| Normalization with parsing, mapping, and enrichment | ✓ | ||
| Streaming processing | ✓ | ||
| Out-of-the-box detection contents | ✓ | ||
| Advanced analytics for user behavior | ✓ | ||
| Rules Engine (built-in, types, custom, criticality, Rule Expression tuning) | ✓ | ||
| Correlation of Signals to an Entity | ✓ | ||
| Insight Engine (including case management) | ✓ | ||
| Entity Types (Entity Normalization, Related Entities, Entity Criticality) | ✓ | ||
| Entity Relationship Graph | ✓ | ||
| Entity Timeline | ✓ | ||
| Machine learning capabilities (Global Confidence Score for Insights, Insight Trainer) | ✓ | ||
| Tags (MITRE ATT&CK, custom tag schema, network blocks) | ✓ | ||
| Automation Service | ✓ | ✓ | |
| Open Integration Framework (OIF) | ✓ | ✓ | ✓ |
| App Central | ✓ | ✓ | ✓ |
| Playbook | ✓ | ✓ | ✓ |
| SecOps dashboard | ✓ | ||
| Case Manager | ✓ | ||
| War Room | ✓ | ||
| Progressive automation | ✓ | ||
| Highly customizable dashboards and KPIs | ✓ | ||
| Automatic incident reports | ✓ |