Log evaluation and safety incident and occasion administration (SIEM) instruments have grow to be staples of enterprise cyber resilience applications. For vigilant organizations, having infrastructure visibility into the transactions occurring behind the scenes is instrumental to sustaining a robust safety posture. Splunk and SumoLogic are two main platforms that serve this important function—let’s revisit them once more to see how their present choices stack up.
Cybersecurity as of late is a multi-faceted beast, with most companies using a layered safety framework to constantly shield their environments towards cyberattacks. And whereas no prescriptive set of measures exist for successfully stopping all cyber threats, the right set of steady safety options mixed with conventional measures can definitely assist eradicate widespread assault vectors—or the bottom hanging fruit for cyber attackers. For instance, options like firewalls and IDPS platforms detect and block malicious actors on the perimeter and endpoint stage however are minimally efficient towards insider threats and superior persistent threats (APTs). SIEMs analyze the info across the assault—saved in log information and different knowledge shops—to determine threats different safety mechanisms will probably miss.
Splunk
The extra senior and enterprise-focused of the 2, Splunk has effectively over a decade of expertise gathering and analyzing excessive volumes of machine-generated knowledge for enterprise intelligence and safety/compliance use instances.
The Splunk interface. Supply: Splunk.com.
Splunk Enterprise is accessible as an on-premise or SaaS-based resolution (Splunk Cloud), with a lot of the occasion knowledge and analyses introduced visually within the type of graphs, charts, experiences, and different visualizations.
Sumo Logic
Sumo Logic is a cloud-based log administration and analytics platform that permits enterprises to make sense of their log knowledge for safety, IT operations, compliance, and a myriad of different use instances.
The Sumo Logic UI. Supply: Sumologic.com.
Like Splunk, Sumo Logic takes a company’s machine-generated knowledge feeds and transforms them into actionable insights within the type of easy-to-understand charts, tables, and different visible parts.
Aspect-by-Aspect Scoring: Splunk vs. Sumo Logic1. Functionality Set
Each platforms are feature-rich with a give attention to the enterprise; that stated, Splunk—with a decade on Sumo Logic—possesses a extra complete, expansive function set. Each platforms supply an abundance of content material within the type of purposes, nevertheless.
Splunk
Sumo Logic
5/5
4/5
2. Ease of Use
Each supply intuitive net interfaces that make getting on top of things with the respective platform a trivial affair. Splunk particularly was developed with non-technical customers in thoughts—as such, these design aims are manifest within the platform ease-of-use. That stated, extra superior options and customization are much less intuitive than a few of the extra generally used options
The 2 platforms current info visually within the type of customizable panels and dashboards, however Splunk gives each an XML and drag-and-drop primarily based customization choice for its visualization platform. When it comes to set up, Sumo Logic’s SaaS-based platform might be simpler to get up-and-running when in comparison with Splunk’s on-premise resolution. Nonetheless, Splunk does supply a SaaS model of its platform known as Splunk Cloud, geared largely in direction of Amazon AWS customers.
Splunk
Sumo Logic
3/5
4/5
3. Group Help
Splunk enjoys some clear first-mover benefits when put next with Sumo Logic, together with a bigger neighborhood base and corpus of public assist sources. Its vendor-provided neighborhood discussion board is introduced in a energetic query/reply format and platform documentation for all variations of its platform can be found on its web site. As a comparatively younger providing, Sumo Logic has much less to supply would-be customers on this class.
Splunk
Sumo Logic
5/5
4/5
4. Launch Fee
Splunk is at the moment at model 6.4, providing in its newest launch a library of interactive visualizations, diminished on-premise storage TCO, new administration options, and extra. As a SaaS-based resolution, Sumo Logic is regularly up to date, however its launch historical past is considerably opaque when put next with Splunk.
Splunk
Sumo Logic
5/5
3/5
5. Pricing and Help
Distinctions between the 2 choices are a bit clearer on this class, as Splunk is clearly the extra enterprise-oriented of the 2. That is definitely mirrored in its pricing: at $4,500 for a 1 gigabyte-per-day perpetual license, plus annual assist charges, Splunk Enterprise will not be precisely a drop within the bucket, to say the least. In distinction, Sumo Logic might be had for $115/month, with 1GB/day of information quantity in addition for 3-20 customers. This makes the platform a extra viable choice for smaller organizations on a finances.
Splunk dominates Sumo Logic within the documentation and assist division, nevertheless. The latter’s on-line assist choices go away a lot to be desired; in distinction, the veteran platform’s net assist sources are well-thought-out and simple to traverse/search towards.
Splunk
Sumo Logic
5/5
4/5
6. API and Extensibility
Each platforms function wealthy, RESTful APIs for customizing knowledge shows and constructing specialised purposes. Nonetheless, Splunk’s API is extra complete and supplies a technique for each function of the platform.
Splunk
Sumo Logic
5/5
4/5
7. third Occasion Integrations
Splunk wins hands-down on this class, as that is the place the platform arguably shines the brightest. The platform has over 600 plugins for supporting a plethora of IT operations, safety, and compliance use instances, amongst others. Sumo Logic additionally options plugins for common third occasion software program platforms like Jenkins and New Relic, however once more—its choice pales compared to Splunk’s plugin library.
Splunk
Sumo Logic
5/5
3/5
8. Firms that Use It
Each platforms are broadly utilized by most of the world’s largest enterprises. Splunk purportedly has over 11,000 prospects starting from the likes of Adobe and Autodesk to Tesco to Vodafone. Sumo Logic’s buyer record is not any much less spectacular and contains The BBC, Scholastic, Akamai, and Kaiser Permanente, amongst others.
Splunk
Sumo Logic
5/5
5/5
9. Studying Curve
As talked about beforehand, each platforms supply intuitive web-based UIs that streamline getting up-to-speed with the merchandise. That stated, Splunk might be tough to construct deep experience in for extra strong evaluation functions. For instance, the platform’s Search Processing Language (SPL) is each highly effective and sophisticated and takes a while to grasp.
Splunk
Sumo Logic
3/5
5/5
Scoreboard and Abstract
Splunk
Sumo Logic
Functionality set
5/5
4/5
Ease of use
3/5
4/5
Group assist
5/5
4/5
Launch charge
5/5
3/5
Pricing and assist
5/5
4/5
API and extensibility
5/5
5/5
third occasion integrations
5/5
3/5
Firms that use it
5/5
5/5
Studying curve
3/5
5/5
Whole
4.6/5
3.7/5
Briefly, each platforms are competent log evaluation and SIEM options for rounding out your layered, steady safety efforts. Splunk is geared in direction of giant enterprises with a want for an enormous integration/plugin library. These choices, nevertheless, come at a premium. In distinction, Sumo Logic is a cost-effective resolution for organizations in want of a SaaS-based platform that is extensible and simple to get acquainted with.
