Sumo Logic is a company that has slowly and quietly been building credibility for its machine data platform. Essentially Sumo Logic ingests all the information that technology systems spit out and delivers insights into what it all means. Solutions like this are used by large IT shops to make sense of the massive amount of data their systems produce, and to increase the efficiency of IT operations.
Don't Miss: MWC 2017 Highlights
That’s a useful product (as evidenced by customers like Netflix and Easton-Bell) but it doesn’t really gain attention at the pointy end of IT operations. I’ve long felt that Sumo Logic needed to deliver more front end solutions that leveraged the core data, but presented and delivered it in some new ways.
Well, Sumo Logic seems to have listened to my opinion and is introducing a new enterprise security analytics tool that sees it move away from being all about pure play machine data analytics and more about real solutions. They’re introducing a SIEM (Security Information and Event Management) tool – the idea of the new tool is that it will help inform operations teams about irregular activity – cyber-attacks, breaches and other less malicious problems. Sumo Logic believes it has an edge on more traditional SIEM products due to its cloud-first approach which gives it better scalability, lower TCO and the ability to capture data from physical, virtual, cloud and SaaS data sources.
At the moment the product covers a number of data sources:
- Cloud-based data sources include: Amazon Web Services (AWS) CloudTrail, Akamai Cloud Monitor
- On-premise data sources include: Palo Alto Networks, Sourcefire, Snort, Cisco ASA, OSSEC, Hyperguard
Sumo Logic sees a number of different use cases for the new product offering:
- Identifying data exfiltration by uncovering and correlating security events across multiple data sources
- Reducing compliance costs by accelerating and simplifying compliance reporting and auditing as well as providing continuous compliance management
- Auditing access to sensitive and mission-critical applications that are both on-premise and in the cloud
- Enabling high-speed forensic investigations into security incidents spanning terabytes of security and operational machine data
I like the idea that Sumo Logic is focusing on real products rather than services that are more “plumbing” in nature. Whether its SIEM product manages to gain attention is to be seen. But I can see a number of other angles they might take with this – including some discovery and analysis of cloud application usage within an enterprise – a move that would bring them into direct competition with NetSkope and Skyhigh Networks.