2022 Gartner® Magic Quadrant™ SIEM
Get the reportMore
At Sumo Logic Illuminate 2020, The Energy Authority’s IT Director for Service Delivery and Support Scott Follick spoke about the TEA, how they do things, what they have learned in the process of searching for a SIEM solution, and why they chose Sumo.
The Energy Authority provides public power utilities with access to advanced resources and various technology systems across the US. Energy is much more than the electric grid—there's power plants, hydro optimization, wind and solar farms. All of these things make up the energy markets across the US, and TEA participates in seven of those energy markets across the US.
TEA runs a 24/7 shop that operates with a very small IT staff heavily invested in various technologies. They have 225 employees across the country and business partners all across the US that are also running 24/7/365. TEA’s partners of course want to keep the power on 24/7/365.
To support their partners, TEA heavily invests in technologies like OpenDNS, Cisco, Mimecast, and Microsoft products across their various platforms. They take complex systems and they try to take a very simple approach. In all this, they take a cloud-first strategy. But they go beyond virtualization—everything has to be built from the bottom up. For TEA, it’s ideal that any tool they’re considering delivers in 7 to 10 clicks, and has automation, which is key for them.
As they began the journey into SIEM, they looked at Gartner, talked to fellow IT professionals, looked at trusted vendors, and did many proof of concepts (POCs). Looking at each one, Follick talked about how they evaluated each solution based on critical factors like licensing model, how upgrades are managed, where threat intelligence is sourced, and automation features.
TEA evaluated hybrid, on-premises, and cloud security operations center as a service (SOCaaS) providers, and found that most had one or all of the following downsides:
In evaluating on-premises solutions, Follick’s team found that they had the following pitfalls:
Diving into cloud solutions, Follick found that not all cloud SIEMs are created the same.
After many POCs with different vendors, Follick and TEA chose to go with Sumo Logic.
Simplification is crucial for Follick’s team, and Sumo Logic delivered. Starting with the clicks, Single sign-on (SSO), one click. Into the insights, one click. Onto the signals dashboard, single click. From there, they can get right into the raw logs—just four clicks to see where the threat actor is and deciding what action to take.
With CrowdStrike Threat Intelligence, which Sumo Logic has partnered with, threat intelligence sources come from all over. TEA’s team can quickly drill down into one of the many graphs with a single click and find out what's going on, on the raw logs. It doesn't take long, it's seconds instead of minutes for them to get to where they need to be, and make a decision.
Another point for TEA going with Sumo is automated response. TEA wanted to run scripts to automate threat detection and response actions. Sumo is able to take scripts from TEA and run it without human interaction—all automated. This is especially important as TEA wants to be able to take action first before alerting IT.
The team at TEA preferred Sumo’s simple and flexible tiered licensing model based on storage. It's not based on events-per-second, user count, or devices. TEA just had to identify how much storage they’re going to need, and they’re all set.
Follick’s team at The Energy Authority saw great value in Sumo Logic as a SIEM--but the benefits go beyond that. Follick also liked that Sumo’s platform can take in dashboards from Varonis, PowerShell, SharePoint Online, their email, their Mimecast, their Azure, and most widely-used systems. They knew going into their search for a SIEM solution that developers would be right behind them. Now, leveraging Sumo Logic for DevOps is the next step for TEA. Their DBA teams are also showing interest in using Sumo to monitor Mongo and SQL. They are also now looking at using Sumo to monitor Kubernetes, which is built-in within the platform.
Scott Follick is the IT Director for Service Delivery and Support for The Energy Authority (TEA). Prior to TEA, he worked with CSX Railroad, local hospitals, and other Fortune 500 companies across the US.
Reduce downtime and move from reactive to proactive monitoring.
Build, run, and secure modern applications and cloud infrastructures.Start free trial