---
title: "Boosting customer experience and profits - Kobalt.io case study"
page_name: "Kobalt.io"
type: "resource"
slug: "kobalt-io"
published_at: "2025-02-02"
modified_at: "2026-06-12"
url: "https://www.sumologic.com/case-studies/kobalt-io"
canonical: "https://www.sumologic.com/case-studies/kobalt-io"
markdown_url: "https://www.sumologic.com/case-studies/kobalt-io.md"
lang: "en"
excerpt: "Kobalt.io needed to modernize its SIEM and consolidate security tools. With Sumo Logic, they doubled customer growth without needing to increase security analyst headcount and became profitable in six months."
taxonomy_resource_type:
  - "Case Studies"
taxonomy_resource_solution:
  - "Case Study"
  - "Cloud SIEM"
---

[ Customer stories ](https://www.sumologic.com/customers "All Resources")# Boosting customer experience and profits with Cloud SIEM

Founded in 2019 on the premise that everybody deserves good security, Kobalt.io develops and manages cybersecurity programs for small and mid-sized businesses worldwide. Headquartered in Vancouver, British Columbia, the company provides virtual CISOs, data privacy officers, security monitoring, and compliance services.

[Get a demo](/request-demo "Get a demo")[Download study](https://www.sumologic.com/wp-content/uploads/CS_Kobalt_VF.pdf)

Products

- [Cloud SIEM  ](https://www.sumologic.com/solutions/cloud-siem "Cloud SIEM")
- [Sumo Logic Platform  ](https://www.sumologic.com/platform "Sumo Logic Platform")

Use Case

- [Threat detection, investigation and response ](https://www.sumologic.com/solutions/threat-detection-investigation "Threat detection, investigation and response")
- [SecOps ](https://www.sumologic.com/customers?_customer_solution=secops-security "SecOps")

Industry

- [Managed security service provider  ](/customers?_customer_industry=managed-security-service-provider "Managed security service provider")

- 6000
    
    600 alerts
- 4 months
    
    payback period
 
 

 

 

##### Table of contents

 

 

 

### Results at a glance

Improved alert triaging by consolidating from two SIEMs to one

Four-month payback with profitability within six months

Able to onboard customers in minutes instead of days

Doubled customer growth without having to increase security analyst headcount

### Challenge

##### Kobalt.io needed to modernize its SIEM and consolidate security tools.

Beset with two SIEMs, Kobalt.io suffered from common SOC challenges—tool sprawl, alert fatigue, poor scalability, and high maintenance costs. With the renewal of their contracts with Splunk and Sentinel fast approaching, it was time to reevaluate how to improve their operations.

Kobalt.io SOC manager Chris Spindler noted, “We had to look after the care and feeding of two last-generation SIEMs, with our expenses higher than they should have been for what we were delivering.”

Spindler’s 14-member team had become so overwhelmed by alert volumes and maintaining two SIEMs that he was considering hiring two additional analysts. “Our systems were draining resources, and we weren’t able to scale well,” adds Spindler.

### Solution

Seeking higher alert fidelity, cloud-native functionality and transparent pricing, Kobalt.io evaluated half a dozen SIEM solutions, including IBM® QRadar®, LogRhythm, AlienVault, and Sumo Logic.

After a two-week trialing, Kobalt.io unequivocally chose Sumo Logic for the following reasons:

**Ease of use**
Sumo Logic’s intuitive design meant that within just a couple of hours of tinkering in the trial version of the Sumo Logic platform, Kobalt.io could onboard sources and process alerts.

**International data residency**
Sumo Logic also allows Kobalt.io to serve its international clients subject to data residency requirements, hosting data in their respective regions.

**Extensive integrations**
Sumo Logic integrates with hundreds of data sources, including Azure, Google Cloud Platform, AWS, Kubernetes, and Docker, for optimal workflows and ease of customer adoption.

**Multi-tenant SIEM instances**
Sumo Logic’s multi-tenant SIEM software enables Kobalt.io customers to configure and customize their accounts. Customer data is tagged per organization, keeping it separate and secure, which persists throughout the data lifecycle and is enforced at every system layer.

**Actionable insights**
Sumo Logic’s Cloud SIEM combines event management with automated enrichment and contextual awareness, available via an interactive heads-up display, to help reduce false positives and filter out noise from actual indicators of compromise.

**Transparent pricing**
Sumo Logic’s pricing model means Kobalt.io doesn’t have to pick and choose which data sources are analyzed, which gives the SOC team the necessary information when they need it to perform prompt and effective security investigations and launch the appropriate response.

Chris Spindler

SOC manager

“Partnering with Sumo Logic was a no-brainer. Having a system of signals, insights and behavioral algorithms ensures our small team is focused on the right things. ”

[](https://www.sumologic.com/case-studies/kobalt-io)

### Results

**From 6,000 monthly alerts to 600**

Sumo Logic’s Cloud SIEM solution provides cloud-scale correlation based on rules for known threats and subquery-based correlation for emerging new threats. With enhanced alert fidelity from Sumo Logic, the Kobalt.io team can focus on actual potential security threats instead of being bogged down by a flurry of inconsequential user activity alerts.

Spindler explains, “With Sumo Logic, we start with investigation tools integrated into the primary SIEM console, which means instead of opening up 15 different browser tabs so that you could go to places like WHOIS and VirusTotal and all the rest of it, you could do that in one click right out of the interface.”

Going from 6,000 monthly alerts to 600, Kobalt.io has reduced alert fatigue and ensured analysts are focusing on what matters.

“Our analysts are our most valuable resource. Simple alarms don’t tell you a story, and they don’t give you a focus for the investigation. Sumo Logic ensures we spend our analysts’ time where it matters most,” Spindler explains.

Better alerting has also allowed Kobalt.io to do more with less. Before implementing Sumo Logic, Kobalt.io would have been forced to hire two more security analysts to handle its overwhelming alert volume. Since deploying Sumo Logic, Spindler has been able to keep his team to a dozen people. He adds, “Partnering with Sumo Logic was a no-brainer. Having a system of signals, insights and behavioral algorithms ensures our small team is focused on the right things.”

**Days-long customer onboarding to 15 minutes**

Kobalt.io’s main concern was migrating its customers to a new solution. With Sumo Logic, they migrated 25 customers in 20 days without direct access to the environments that they were monitoring. Migration to Sumo Logic was easy enough for Spindler to delegate tier-two analysts to help customers, spreading the workload. Since migrating, Kobalt.io can spin up new customers in just 15 minutes.

Spindler describes, “Sumo Logic is compatible with the predominant products that are out there on the market, so there’s good support for what our customers are running. Migrating customers was easy for us because instead of having one person dedicated to onboarding, we were able to spread the tasks out across the entire team.”

The ease of deployment and support for hundreds of third-party technologies has allowed Kobalt.io to grow faster than ever. “We have doubled our customer base since we first deployed Sumo Logic,” Spindler notes.

**Profitable within six months**

There were hidden costs to Kobalt.io’s original SIEM solutions that exceeded the cost of the tools and licensing. Spindler describes, “Splunk, for example, relies on heavy forwarders, a server or a virtual server instance, and those come with a monthly cost. With Microsoft Sentinel, logic apps and functions and data volume charges need to be paid and accounted for, and you need the infrastructure to manage all of that.” In contrast, Sumo Logic doesn’t come with any of those extra charges.

Sumo Logic’s flexible pricing model also means serious cost savings for Kobalt.io. “The advantage of Sumo Logic for us is that if a customer comes to us with a small data volume or a single source they want us to monitor, we can do that. We don’t have to say, “No, I’m sorry, you’ve got to give us half a terabyte a day, otherwise, we can’t offer you a data ingestion rate that you can afford.”

According to Spindler, Sumo Logic’s pricing model means Kobalt.io can offer a full monitoring service for less than the cost of hiring an entry-level security specialist.

Within four months, Sumo Logic Cloud SIEM had paid for itself. Once Kobalt.io sunset Splunk and Microsoft Sentinel, the organization was profitable within six months of rolling out Sumo Logic.

More Case Studies

Explore More!

Explore more Sumo Logic Case Studies

[  Acquia

Application Observability, Case Study, DevOps and IT Operations

 

 ](https://www.sumologic.com/case-studies/acquia)[  Automation Anywhere

Application Observability, Case Study

 

 ](https://www.sumologic.com/case-studies/automation-anywhere)[  Avalon Cyber

Case Study, Cloud SIEM

 ](https://www.sumologic.com/case-studies/avalon-cyber)

[AI Instructions](https://www.sumologic.com/ai-instructions.md)