Results at a glance
Challenge
Patrianna needed a SIEM and a partner they can grow with, as previous SIEM solutions failed to deliver dependable log ingestion and monitoring tailored to Google’s unique architecture.
As a fully Google-hosted organization, Patrianna struggled to find a reliable security solution that could integrate with and monitor their complex Google environment. Previous SIEM vendors, including both open-source and paid SIEM providers, fell short in providing log ingestion and monitoring for their Google environments.
Beyond integration challenges, Patrianna needed to offload the operational burden of infrastructure hosting and storage to a partner that could guarantee reliability, scalability, and security. Despite evaluating several vendors, none met their exact requirements for Google integration, ease of use, and flexible deployment until partnering with Sumo Logic.
Solution
When assessing different vendors, Brandon Hewgill, Head of Information Security at Patrianna, was clear about what he needed: “a reliable tool that my team could scale with and a partner that we can trust.”
Just as important, the team wanted a SIEM with built-in user and entity behavior analytics (UEBA) to help identify risky behavior and insider threats that are difficult to catch with static rules alone.
They evaluated a “top-tier SIEM in the top right quadrant of Gartner,” and other security solutions, but none of them aligned with Patrianna due to a lack of Google integration capabilities and challenges with log ingestion. Patrianna ultimately chose Sumo Logic Cloud SIEM based on three main requirements.
Reliable Google Workspace integration
Sumo Logic’s log ingestion works across hybrid and multi-cloud environments for seamless data pipeline management. With Sumo Logic’s intuitive and robust log ingestion capabilities, Patrianna could finally have reliable, real-time monitoring without the complexity and delays experienced with previous solutions.
Flexible partnership and pricing model
Hewgill wanted to build a true partnership with the right security solution, not a vendor that constantly felt like an aggressive sales push. Sumo Logic allowed Patrianna to start small, validate value, and scale usage as their security program matured.
The previous SIEMs they tested were tied to expensive data storage solutions, such as BigQuery. Sumo Logic offers adaptable ingestion models that scale with their growth without budget surprises.
“The relationship we have with Sumo Logic has been amazing,” he said. “It allowed us to build from a smaller remit and expand as we go. The pricing model works well for a small business like ours, where we don’t want to overcommit before we know exactly what we’ll use.”
This open, collaborative relationship Sumo Logic offered gave Patrianna the ability to grow their security program at their own pace.
“If you’re looking for a tool that can dynamically ingest virtually any log or data source you need at a reliable and reasonable rate and then turn that data into measurable business value, Sumo Logic has proven that for us. Its webhook connections and ingest mechanisms make it easy to bring data in without needing months of training before you can get started.”
Offload infrastructure management
By moving log ingestion, storage, and processing to Sumo Logic, Patrianna was able to offload infrastructure management, a significant need for them. Hewgill said, “Instead of hosting the infrastructure and storage ourselves, we wanted to offload that responsibility to a partner we could trust to be reliable, secure, and always available.”
“If you’re looking for a tool that can dynamically ingest virtually any log or data source you need at a reliable and reasonable rate and then turn that data into measurable business value, Sumo Logic has proven that for us. Its webhook connections and ingest mechanisms make it easy to bring data in without needing months of training before you can get started.”
—Brandon Hewgill, Head of Information Security
Results
Easy implementation and onboarding
Patrianna was able to start using the platform in no time. Clear documentation and free online training made it easy for both new hires and experienced analysts to start using the platform without the need for time-consuming ramp-up periods.
On top of that, Hewgill was able to trust the Sumo Logic customer support team, which was crucial for him. “Being able to build a relationship with Sumo Logic was really important to us. I feel like Sumo Logic truly listens to our needs and concerns. Combined with the straightforward onboarding process, it’s made using the platform incredibly easy.”
Preconfigured dashboards accelerated time-to-value
With just a few clicks, Patrianna was able to deploy pre-made dashboards for various data sources like Google Workspace, Microsoft, and identity providers such as Okta, which helped them gain visibility into login activity, user behavior, and geographic access patterns. They were then able to create their own tailored dashboards within a week, without having to start from scratch, which included timelines, tables, and geolocation maps that provide actionable insights at a glance.
Hewgill notes, “The speed of insights and the quick return of results is amazing. Even when running what we consider expensive queries, such as searching large datasets, the results still come back very quickly. Since we started using it, we’ve gained more valuable insights. When you’re writing queries or code, it even suggests snippets and brief examples of what you could be writing, which is really helpful.”
Smarter incident detection and response with monitoring rules and Dojo AI
With centralized log management, Patrianna is able to uncover potential security incidents more quickly. Using Sumo Logic’s Heads-up Display (HUD) and custom monitoring rules, they’re able to flag behaviors such as impossible travel.
For example, in cases where HR suspects misuse of subcontractor credentials, they can quickly query multiple login events and map locations to detect if something risky is happening before it escalates into an actual incident.
Hewgill values how the platform is “constantly innovating,” which he’s seen with Sumo Logic Dojo AI. “With powerful query functions coupled with intuitive AI integration and Mobot, nothing is impossible — plus the ability to automate the reduction of noise within the platform to allow for more streamlined insights where and when you need it.”
Security and governance over their own SOC
More than just log management, Patrianna uses Sumo Logic to “watch the watcher.” They can monitor their own security operations team, receiving transparency into how analysts respond to alerts, the timeliness of their actions, and ensuring that no unauthorized changes to data or configurations occur.
“One of the big questions our senior leadership team asked was: How do we know the watchers are being watched? How do we see what analysts are doing, how they’re doing it, and how long they take to respond to alerts or indicators? That visibility comes out of the box with Sumo Logic. You don’t have to do much to get started, and while you can customize it, there’s already a lot there through flexible deployment and built-in monitoring.
With Sumo Logic, the data is protected. Regular users can’t change it, and even admins can’t alter the audit trail. That’s the level of security we want. Plenty of tools can help you build dashboards, but due diligence matters too. You can’t overlook that,” said Hewgill.
Improved analyst productivity and satisfaction
Patrianna’s security team has found Sumo Logic extremely simple to use and highly effective in their day-to-day operations. The intuitive interface allows them to pose queries and get instant, meaningful results. Plus, the ability to customize dashboards and fine-tune indicators to better meet their specific needs has helped them be more effective in their security operations.
“Our team genuinely enjoys working with Sumo Logic. We don’t have to wrestle with complicated documentation, as the Sumo Logic documentation guides us directly to the right place. All the logs we have flow into the platform. From admin to security to login data, everything is ingested and easily accessible. Since most of our log data is in JSON format, our team, who is familiar with that structure, can quickly interpret and act on the information, making the workflow seamless and our day-to-day easier.”