Laptop Displaying the GigaOm Research Portal

Get your Free GigaOm account today.

Access complimentary GigaOm content by signing up for a FREE GigaOm account today — or upgrade to premium for full access to the GigaOm research catalog. Join now and uncover what you’ve been missing!

GigaOm Solution Profile: Sumo Logic

An Exploration Based on Key Criteria for Evaluating SOAR

Table of Contents

  1. Summary
  2. Key Criteria Analysis
  3. Evaluation Metrics Analysis
  4. Bottom Line
  5. About Andrew Green

1. Summary

Sumo Logic Cloud SOAR is a comprehensive security orchestration, automation, and response platform that leverages AI and ML technologies for intelligent event management. SumoLogic strategically expanded its security portfolio—consisting of security information and event management (SIEM), cloud security monitoring, analytics, audit, and compliance—by its 2021 acquisition of DFLabs and its SOAR platform, Incman.

As part of Sumo Logic’s broader security portfolio, Cloud SOAR is a crucial component that enables customers to improve their end-to-end security posture with solutions provided by a single vendor.

Sumo Logic’s Cloud SOAR ranks highly for most metrics described in the Key Criteria Report for Evaluating Security Orchestration, Automation, and Response. Its mature features and deep integrations help security analysts reduce time spent on cases and allows them to focus on critical activities. The platform automates security workflows using playbooks, which contain instructions that carry out tasks depending on a set of pre-defined criteria. Playbooks can be fully automated or defined as human-supervised, meaning that security analysts can intervene at crucial points in the automated workflow.

Cloud SOAR is a suitable solution for managed security service providers and multinational enterprises. This is due to the fully multi-tenant environment that offers users granular access controls and implements load balancing across different environments. It provides centralized management with aggregated reporting and high visibility of tenants. It allows the master to propagate standards to the tenant and enables tenants to track previous actions, share gathered information, and view investigative steps taken during an active incident. A distinguishing multi-tenancy feature supported by Cloud SOAR is the customer’s ability to segregate physical data, which is a key requirement for MSSPs.

It supports a wide variety of deployment models, including on-premises, in the cloud, or as a SaaS. The platform has well-developed dashboard and visualization capabilities and a built-in case management feature. A fully customizable dashboard for analysts allows users to view and prioritize tasks and manage incidents. The case management system can document numerous breaches, along with the relevant properties.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.