Results at a glance

Equipped with cloud-scaling SIEM to support 150% YoY data growth projections

Experienced rapid time-to-value by going from contract to correlation in 35 days

Gained 25% more data ingest and visibility than competitive solutions through economic data tier licensing

Gained efficiency in easily managing the intake of structured and unstructured data sources


The Fortune 100 company needed to carve out healthcare data from their shared model, with a specific environment and SOC within 60 days.

A Fortune 100 company was running commingled data centers across its worldwide footprint with the various business divisions sharing data center and security operations center (SOC) resources.The company needed an important re-architecture and was evaluating other providers to potentially replace their hybrid Splunk Enterprise Security (ES) solution. The team wanted to carve out the heathcare data from the shared model to create a specific environment and SOC for managing this data.


To build a new SOC for their healthcare data, the company engaged Zyston as their trusted managed security service provider (MSSP) to lead the migration effort and manage the new SOC. For the security information and event management (SIEM) design, the company wanted to adopt a 100% cloud-based strategy with a solution that could ingest and analyze data at cloud scale. Following a multi-vendor evaluation, the company selected Sumo Logic Cloud SIEM as their go-to technology to provide the SOC’s meaningful security alerts and insights.

Headshot Quote Fortune100 Co

Sumo Logic’s pricing made it possible to bring 25% more data into the scope of the SOC design compared to competitive solutions.”

Mark Coltharp

Chief Revenue Officer


Modern cloud-native architecture that supports the customer’s rapid data growth

The company’s infrastructure is dynamic with data growing rapidly at a rate of 150% each year. That makes scalability an important part of the success blueprint, and Sumo Logic’s cloud-native analytics platform provides the perfect fit. Sumo Logic empowers the company to leverage a modern architecture that provides multi-tenancy and elasticity, delivered efficiently at any scale.

“Sumo Logic was developed in the cloud with a microservices architecture that enables the global 100 company to experience highly-scalable SOC performance,” said Mark Coltharp, Chief Revenue Officer at Zyston, adding that “this enables the platform to ingest anonymized data from the customer and bring that threat intelligence feed back into the company’s environment for real-time security analytics, across-the-board.”

Extended visibility and onboarding of unstructured data

The customer’s healthcare data environment has a range of structured and unstructured data sources, and it was essential to have visibility into this full suite of data types in the scope of designing and running the new SOC. With Cloud SIEM, this was an easy requirement to fulfill.

“A big value of Cloud SIEM is its extended support for log source visibility and the ability to onboard traditional and non-institutionalized logs sources. Cloud SIEM parses, maps, and normalizes records from structured and unstructured data, which makes it quick and easy to get log sources up to rank in the correlation rules and bring them into the dashboarding and alerting,” said Coltharp.

Cost efficiency with thoughtful use of Sumo Logic’s data tiering

With a big data footprint and projections to grow by 150% each year, pricing and budget planning were important considerations in choosing a SIEM vendor. Sumo Logic’s economical pricing model gave the global 100 company a compelling value.

With Sumo Logic’s Data Tiers pricing, the company can choose the right level of data access and search capabilities they want for each data source. They can use the Continuous Tier to drive real-time SOC dashboards and leverage the more cost-effective Infrequent Tier to manage compliance requirements for storing vast amounts of data in an always-available, easily searchable manner.

“Through the flexibility of Sumo Logic’s tiered data pricing, the customer gained an economical approach to meet all their security and compliance needs. And a significant advantage, it made it possible to bring 25% more data into the scope of the SOC design compared to competitive solutions,” said Coltharp.

Experienced a rapid time-to-value

The customer’s blueprint for success was to build out their separate SOC, deploy a SIEM, and adopt 24/7 monitoring through expert-managed security services—all within 60 days. Through the thoughtful collaboration between Zyston, Sumo Logic, and the customer, all the goals were met at an accelerated pace.

“The customer selected Sumo Logic for a lot of great reasons, and one is that it brings a rapid time to value. Sumo Logic’s cloud-native architecture and API integrations make it fast and easy to implement, which made it possible to go from contract to correlation in 35 days,” said Coltharp.

Zyston - Beyond The Alert