Sumo Logic Cloud SIEM
A cloud-based SIEM solution for managing and analyzing security-related data across diverse environments.
| Category | Threat Detection & Response |
|---|---|
| This page updated | a month ago |
| Pricing Details | Contact for pricing details. |
| Target Audience | Security teams and IT administrators in organizations of all sizes. |
Sumo Logic's Cloud SIEM addresses the complex challenge of managing and analyzing vast amounts of security-related data across diverse environments, including on-premises, cloud, and multi-cloud architectures. This cloud-based SIEM system leverages Sumo Logic's core functionality to collect, ingest, store, and analyze security event data from multiple sources.
The technical architecture of Cloud SIEM is built around a robust data pipeline that automatically normalizes, enriches, and correlates data from various sources. Logs and event data are collected through sensors and ingested into the system, where they are parsed, mapped to normalized values, and enriched with additional data before being converted into records. These records are then analyzed by rules that generate signals, which are correlated to produce insights when entity activity scores exceed certain thresholds.
Operationally, Cloud SIEM is designed to handle large data volumes, making it essential for organizations to ingest significant amounts of data daily to generate meaningful insights. The platform integrates with the Sumo Logic core platform and offers extensive configuration options through its Configuration menu, allowing administrators to manage integrations, ingestion mappings, log mappings, and automation rules. This flexibility is crucial for tailoring the system to specific security needs and ensuring that it scales with the organization's growth.
Key technical details include the use of advanced analytics and threat intelligence to surface actionable insights. The system assigns activity scores to entities, aiding in risk assessment and prioritization, and provides features like user and entity behavior analytics (UEBA) and MITRE ATT&CK coverage explorer to enhance threat detection and response. Automated alert enrichment and notification capabilities ensure that security teams receive timely and relevant information to respond to threats effectively.
However, managing such a system comes with operational considerations, such as the need for continuous data ingestion and the potential for increased costs associated with data retention, especially in multi-account setups. Additionally, the complexity of configuring and maintaining the various components, such as integrations and automation rules, requires significant expertise and ongoing management.