Sumo Logic Security Solutions
Sumo Logic's security solutions support the entire spectrum of security use cases, from security analytics to SIEM and SOAR:
| Cloud monitoring | Threat detection and investigation | Threat response |
|---|---|---|
| Cloud Infrastructure Security | Cloud SIEM | Cloud SOAR |
| Provides enhanced insight for security analysts into threat activity via a unified security and compliance audit view of your cloud infrastructure. Leveraging cloud-native tools and telemetry, it accelerates development, operations, security, and reliability management teams in maintaining security visibility into their environment, managing their risk and attack surface. | Gives SOC (security operations center) analysts prioritized and contextualized actionable threats with automated security workflows. Out-of-the-box automated detection reduces manual work, saving valuable resource time and enabling your team to be more effective by allowing them to focus on higher-value security functions. | Fully automates triage, investigation, and remediation of threats for any security professional. The open integrations framework allows you to connect to a multitude of third-party applications. The platform provides full incident response lifecycle management with machine learning and threat hunting, accelerating mean time to respond (MTTR). |
Security feature comparison
Following are features available with our security solutions. If you have any questions on availability or a free trial, you can reach out to your Sumo Logic account team.
| Feature | Cloud Infrastructure Security | Cloud SIEM | Cloud SOAR |
|---|---|---|---|
| Log collection |  | | |
| App catalog (out-of-the-box analytics) | | | |
| Dashboard | | | |
| Deep search (Sumo Logic Search Query Language) | | | |
| Advanced analytics with machine learning (GIS for GuardDuty and CloudTrail) | | | |
| Monitoring | | | |
| Alerts | | | |
| Threat Intelligence (CrowdStrike threat intel feed and threat analysis app) | | | |
| Normalization with parsing of unstructured data and Field Extraction Rules | | | |
| Normalization with parsing, mapping, and enrichment | | ||
| Streaming processing | | ||
| Out-of-the-box detection contents | | ||
| Advanced analytics for user behavior | | ||
| Rules Engine (built-in, types, custom, criticality, Rule Expression tuning) | | ||
| Correlation of Signals to an Entity | | ||
| Insight Engine (including case management) | | ||
| Entity Types (Entity Normalization, Related Entities, Entity Criticality) | | ||
| Entity Relationship Graph | | ||
| Entity Timeline | | ||
| Machine learning capabilities (Global Confidence Score for Insights, Insight Trainer) | | ||
| Tags (MITRE ATT&CK, custom tag schema, network blocks) | | ||
| Automation Service | | | |
| Open Integration Framework (OIF) | | | |
| App Central | | | |
| Playbook | | | |
| SecOps dashboard | | ||
| Case Manager | | ||
| War Room | | ||
| Supervised active intelligence with alert triage and playbooks suggestions | | ||
| Progressive automation | | ||
| Highly customizable dashboards and KPIs | | ||
| Automatic incident reports | |