Picus Security, headquartered in San Francisco, offers Continuous Security Validation and Mitigation as the most proactive approach to ensure cyber-resilience. The Picus Platform measures the effectiveness of defenses by using emerging threat samples in production environments, providing the insight required to build the right security strategy to better manage complex operations.
N/A
Sumo Logic
Score 9.4 out of 10
N/A
Sumo Logic is a log management offering from the San Francisco based company of the same name.
If you want to analyze the full path focusing on the signatures it’s the best product in the market. If you want to test phishing, data exfiltration/DLP, DNS I don’t recommend Picus. Scenario based attacks also lacking. However Picus support is awesome and I like the development team. When we open a case, they’ll always return with the right answer
SumoLogic is a fantastic log aggregator and analysis tool, a fine alternative to Splunk. Searching is powerful and mostly intuitive and results come fast. If you have application logs in clusters or Kubernetes pods that lose their logs every time they're restarted, Sumo is the solution for you
It has thousands of signatures and up-to-date attack vectors (It's the largest set in the market)
Attack vectors are mapped with existing vendors like Checkpoint and Mcafee, where you don't spend time finding out which cve mapped to which protection
Ability to focus/highlght solely new threats, it's superb for 0days and up-to-date protections. As there are always timing issue between updates and apply the updates on the products.
Blocked vs not blocked ratios on the dashboard with drill down menu specifiying the set of protections or signatures on the defensive measures
Already mapped mitre att&ck framework on the dasboard. SOC and analyst team using the Mitre framework.
Detection analytics enhance the analytics capabilities with pinpoint accuracy where to focus and how to prevent
Timeline and scheduled reports from the dashboard in flexible format
Log Aggregation and uploading. The architecture for Sumo Logic makes a great deal of sense and works very well.
Automated analysis. It still impresses me how well a newly uploaded log can be broken into intelligent parts, then searched and sorted using their tools.
Dashboards. It might not be what YOU will need as an IT admin, but you can give access to these dashboards easily to business users who love that kind of stuff. Most other types of (monitoring / alerting) tools, for no apparent reason, lack this feature.
Reporting, monitoring, and graphing. Given, you need to have useful log generation for an application or service as a prerequisite for sumo logic to be able to gain use, once it has it is an amazingly powerful tool.
Sumo Logic is very powerful but definitely requires some configuration work to get the most out of it. You can get a certification related to this, but it is definitely not something you can just throw together.
I would give this rating because I attended a free Sumo Logic training at a WeWork in Chicago. I found the training very useful, and I learned a lot of features that I was not aware of before I went to the training. I like the idea that SumoLogic provides free training seminars. I am certified in level1, and I plan on certifying to level2.
I was satisfied with the implementation, as at the time, it was the best way to implement the product with the available feature sets in Sumo Logic. User creation and management became more of an issue during continued use, instead of it being an issue related to deploying the product in our environment.
We use other vendors Verodin, AttackIQ, SafeBreach, Cymulate etc. All of them have their advantages and disadvantages. Please take a look at TrustRadius reviews of each product. I don’t want to go head to head for each product in this review. I select Picus because it's local startup company in our region. I like their support and engineering team. Support is marvelous. Product is giving what we expected from the product. Price is adequate. Reporting and dashboard is superb.
We had used Splunk previously. Sumo Logic defeats them when it comes to cost, including the costs that would normally come with supporting/managing/patching/upgrading your own infrastructure and storage. Those were wins, but especially the real-time CDN integrations due to Sumo Logic's collaborations with other vendors. We had spoken to Logentries and discovered that many of the cons we found with Sumo Logic seemed to have been resolved in their product. Their pitfall was that, at the time, Logentries did not have the ability to get real-time log ingestion from our CDN. They said they had a solution, which was scripted, but we had not evaluated/tested. Logentries also did not have a User / RBAC REST API, and are nowhere near the level of compliance that Sumo Logic had (https://www.sumologic.com/press/2015-02-19/sumo-logic-successfully-completes-pci-data-security-stand...). In the end, I believe Logentries and Sumo Logic would be two good vendors to get involved in a bake-off
With Picus we have the tangible KPIs for the security
Detetcion and Prevention rates for the latest attacks are significantly increased
We work with many security vendors. We use picus scores and share specific outputs with the company in case of decreasing score rates where the development and product team analyzes their updates or product engines to increase the rates.
It helps our strategic plans where to focus and invest for the following years and planning/prioritizing the security budgets to specific highlighted areas