Splunk vs Sumo Logic Revisited

Posted by UpGuard

Splunk vs. Sumo Logic

Log analysis and security incident and event management (SIEM) tools have become staples of enterprise cyber resilience programs. For vigilant organizations, having infrastructure visibility into the transactions occurring behind the scenes is instrumental to maintaining a strong security posture. Splunk and SumoLogic are two leading platforms that serve this critical purpose—let’s revisit them again to see how their current offerings stack up. 

Cybersecurity these days is a multi-faceted beast, with most firms utilizing a layered security framework to continuously protect their environments against attacks. And while no prescriptive set of measures exist for effectively stopping all threats, the proper set of continuous security solutions combined with traditional measures can certainly help eliminate common attack vectors—or the lowest hanging fruit for cyber attackers. For example, solutions like firewalls and IDPS platforms detect and block malicious actors on the perimeter and endpoint level but are minimally effective against insider threats and advanced persistent threats (APTs). SIEMs anayze the data around the attack—stored in log files and other data stores—to identify threats other security mechanisms will potentially miss.

Jump start your Automation with UpGuard

Splunk

The more senior and enterprise-focused of the two, Splunk has well over a decade of experience collecting and analyzing high volumes of machine-generated data for business intelligence and security/compliance use cases. 

Splunk Interface

The Splunk interface. Source: Splunk.com.

Splunk Enterprise is available as an on-premise or SaaS-based solution (Splunk Cloud), with much of the event data and analyses presented visually in the form of graphs, charts, reports, and other visualizations.

Sumo Logic

Sumo Logic is a cloud-based log management and analytics platform that enables enterprises to make sense of their log data for security, IT operations, compliance, and a myriad of other use cases.

Sumo Logic InterfaceThe Sumo Logic UI. Source: Sumologic.com.

Like Splunk, Sumo Logic takes an organization's machine-generated data feeds and transforms them into actionable insights in the form of easy-to-understand charts, tables, and other visual elements. 

Side-by-Side Scoring: Splunk vs. Sumo Logic

1. Capability Set

Both platforms are feature-rich with a focus on the enterprise; that said, Splunk—with a decade on Sumo Logic—possesses a more comprehensive, expansive feature set. Both platforms offer an abundance of content in the form of applications, however.

Capability Set

Splunk score_4.png
Sumo Logic score_4.png

2. Ease of Use

Both offer intuitive web interfaces that make getting up to speed with the respective platform a trivial affair. Splunk in particular was developed with non-technical users in mind—as such, these design objectives are manifest in the platform ease-of-use. That said, more advanced features and customization are less intuitive than some of the more commonly used features

The two platforms present information visually in the form of customizable panels and dashboards, but Splunk offers both an XML and drag-and-drop based customization option for its visualization platform. In terms of installation, Sumo Logic's SaaS-based platform can be easier to get up-and-running when compared to Splunk's on-premise solution. However, Splunk does offer a SaaS version of its platform called Splunk Cloud, geared mostly towards Amazon AWS users.

Ease of Use

Splunk score_5.png
Sumo Logic score_4.png

3. Community Support

Splunk enjoys some clear first-mover advantages when compared with Sumo Logic, including a larger community base and corpus of public support resources. Its vendor-provided community forum is presented in a lively question/answer format and platform documentation for all versions of its platform are available on its website. As a relatively young offering, Sumo Logic has less to offer would-be users in this category.

Splunk score_4.png
Sumo Logic score_5.png

4. Release Rate

Splunk is currently at version 6.4, offering in its latest release a library of interactive visualizations, reduced on-premise storage TCO, new management features, and more. As a SaaS-based solution, Sumo Logic is continually updated, but its release history is somewhat opaque when compared with Splunk.

Release Rate

Splunk score_760.png
Sumo Logic score_570-2-1.png

5. Pricing and Support

Distinctions between the two offerings are a bit clearer in this category, as Splunk is clearly the more enterprise-oriented of the two. This is certainly reflected in its pricing: at $4,500 for a 1 gigabyte-per-day perpetual license, plus annual support fees, Splunk Enterprise is not exactly a drop in the bucket, to say the least. In contrast, Sumo Logic can be had for $115/month, with 1GB/day of data volume to boot for 3-20 users. This makes the platform a more viable option for smaller organizations on a budget.

Splunk dominates Sumo Logic in the documentation and support department, however. The latter's online support options leave much to be desired; in contrast, the veteran platform's web support resources are well-thought-out and easy to traverse/search against.

Pricing and Support

Splunk score_570-2-1.png
Sumo Logic

score_570-2-1.png

6. API and Extensibility

Both platforms feature rich, RESTful APIs for customizing data presentations and building specialized applications. However, Splunk's API is more comprehensive and provides a method for every feature of the platform. 

API and Extensibility

Splunk score_570-2-1.png
Sumo Logic score_570-2-1.png

7. 3rd Party Integrations

Splunk wins hands-down in this category, as this is where the platform arguably shines the brightest. The platform has over 600 plugins for supporting a plethora of IT operations, security, and compliance use cases, among others. Sumo Logic also features plugins for popular 3rd party software platforms like Jenkins and New Relic, but again—its selection pales in comparison to Splunk's plugin library.

3rd Party Integrations

Splunk score_570.png
Sumo Logic score_570.png

8. Companies that Use It

Both platforms are widely used by many of the world's largest enteprises. Splunk purportedly has over 11,000 customers ranging from the likes of Adobe and Autodesk to Tesco to Vodaphone. Sumo Logic's customer list is no less impressive and includes The BBC, Scholastic, Akamai, and Kaiser Permanente, among others.

Companies that Use It

Splunk score_570.png
Sumo Logic score_570.png

9. Learning Curve

As mentioned previously, both platforms offer intuitive web-based UIs that streamline getting up-to-speed with the products. That said, Splunk can be difficult to build deep expertise in for more robust analysis purposes. For example, the platform's Search Processing Language (SPL) is both powerful and complex and takes some time to master.

Learning Curve

Splunk score_570.png
Sumo Logic score_570.png

 

Scoreboard and Summary

  Splunk Sumo Logic
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
Total  4.6 out of 5  4.1 out of 5

In short, both platforms are competent log analysis and SIEM solutions for rounding out your layered, continuous security efforts. Splunk is geared towards large enterprises with a need for a vast integration/plugin library. These options, however, come at a premium. In contrast, Sumo Logic is a cost-effective solution for organizations in need of a SaaS-based platform that's extensible and easy to get acquainted with.

 

Get the Digital Resilience eBook  

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

 

 
UpGuard customers